Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

auth

package

Go to main page

Versions in this module

v0

v0.1.0

Jan 17, 2026

Changes in this version

+ const PermissionClaim

+ var ErrExpiredToken = errors.New("token expired")

+ var ErrInvalidAudience = errors.New("token audience invalid")

+ var ErrInvalidIssuer = errors.New("token issuer invalid")

+ var ErrInvalidKey = errors.New("invalid signing key")

+ var ErrInvalidToken = errors.New("invalid token")

+ var ErrMissingPermission = errors.New("missing required permission")

+ var ErrMissingRole = errors.New("missing required role")

+ var ErrNotBefore = errors.New("token not valid yet")

+ var ErrUnsupportedAlg = errors.New("unsupported jwt alg")

+ func HasAllPermissions(principal *bebo.Principal, permissions ...string) bool

+ func HasAllRoles(principal *bebo.Principal, roles ...string) bool

+ func HasAnyPermission(principal *bebo.Principal, permissions ...string) bool

+ func HasAnyRole(principal *bebo.Principal, roles ...string) bool

+ func HasPermission(principal *bebo.Principal, permission string) bool

+ func HasRole(principal *bebo.Principal, role string) bool

+ func SignHS256(key JWTKey, claims map[string]any) (string, error)

+ type JWTAuthenticator struct

+ Audience string

+ ClockSkew time.Duration

+ Header string

+ Issuer string

+ Key []byte

+ KeySet *JWTKeySet

+ Keys [][]byte

+ Now func() time.Time

+ Scheme string

+ func (a JWTAuthenticator) Authenticate(ctx *bebo.Context) (*bebo.Principal, error)

+ type JWTKey struct

+ ID string

+ Secret []byte

+ type JWTKeySet struct

+ Fallback []JWTKey

+ Primary JWTKey

+ func (s JWTKeySet) Keys() []JWTKey

+ func (s JWTKeySet) Lookup(id string) (JWTKey, bool)

+ func (s JWTKeySet) Sign(claims map[string]any) (string, error)

+ type PermissionAuthorizer struct

+ All []string

+ Any []string

+ func RequireAnyPermission(permissions ...string) PermissionAuthorizer

+ func RequirePermissions(permissions ...string) PermissionAuthorizer

+ func (p PermissionAuthorizer) Authorize(_ *bebo.Context, principal *bebo.Principal) error

+ type RoleAuthorizer struct

+ All []string

+ Any []string

+ func RequireAnyRole(roles ...string) RoleAuthorizer

+ func RequireRoles(roles ...string) RoleAuthorizer

+ func (r RoleAuthorizer) Authorize(_ *bebo.Context, principal *bebo.Principal) error