Documentation
¶
Overview ¶
Package jwks provides a production-ready JWKS (JSON Web Key Set) key function for validating JWTs.
The keyfunc wraps the MicahParks/keyfunc library with built-in periodic key refresh, rate-limiting of unknown-KID refresh attempts, and structured logging. It is safe for concurrent use and suitable for use as a jwt.Keyfunc in JWT middleware.
Basic usage:
kf, err := jwks.New(ctx, []string{"https://auth.example.com/.well-known/jwks.json"})
if err != nil {
return err
}
jwtConfig := middleware.JWTConfig{
Keyfunc: kf.Keyfunc,
}
e.Use(middleware.JWT(jwtConfig))
The keyfunc automatically refreshes keys in the background. If a JWT references an unknown key ID, it triggers an immediate refresh but rate-limits rapid refresh attempts to prevent thundering herd.
Index ¶
- Constants
- type Config
- type KeyFunc
- type Option
- func WithHTTPClient(client *http.Client) Option
- func WithRateLimitBurst(burst int) Option
- func WithRateLimitWaitMax(maxWait time.Duration) Option
- func WithRefreshInterval(interval time.Duration) Option
- func WithRefreshTimeout(timeout time.Duration) Option
- func WithValidationSkipAll(skip bool) Option
Constants ¶
View Source
const ( DefaultRateLimitBurst = 5 DefaultRefreshTimeout = 10 * time.Second DefaultRefreshInterval = 60 * time.Minute )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyFunc ¶
type KeyFunc struct {
// contains filtered or unexported fields
}
func (*KeyFunc) KeyfuncCtx ¶ added in v1.3.5
func (*KeyFunc) VerificationKeySet ¶ added in v1.3.5
type Option ¶
type Option func(*Config)
func WithHTTPClient ¶
func WithRateLimitBurst ¶
func WithRateLimitWaitMax ¶
func WithRefreshInterval ¶
func WithRefreshTimeout ¶
func WithValidationSkipAll ¶
Source Files
Click to show internal directories.
Click to hide internal directories.