dpop

package

v0.1.1 Latest Latest Go to latest Published: Feb 21, 2022 License: Apache-2.0 Imports: 12 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/effective-security/xpki

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Claims
type Result
- func VerifyClaims(cfg VerifyConfig, req *http.Request) (*Result, error)
type Signer
- func NewSigner(s crypto.Signer) (Signer, error)
type VerifyConfig

Constants ¶

View Source

const (
	// HTTPHeader header name for DPoP
	HTTPHeader = "DPoP"
	// ContentType value
	ContentType = "application/dpop+jwt"
)

View Source

const (
	// DefaultExpiration for the proof
	DefaultExpiration = time.Minute * 10
	// DefaultNotBefore offset for NotBefore
	DefaultNotBefore = -10 * time.Minute
)

View Source

const (
	// CnfThumbprint is the claim name for JKT thumbptint
	CnfThumbprint = "jkt"
)

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-04

Variables ¶

View Source

var TimeNowFn = time.Now

TimeNowFn to override in unit tests

Functions ¶

This section is empty.

Types ¶

type Claims ¶

type Claims struct {
	jwt.Claims
	Nonce      string `json:"nonce,omitempty"`
	HTTPMethod string `json:"htm,omitempty"`
	HTTPUri    string `json:"htu,omitempty"`
}

Claims are common claims in the DPoP proof JWT.

type Result ¶

type Result struct {
	Claims     *Claims
	Key        *jose.JSONWebKey
	Thumbprint string
}

Result is returned from VerifyClaims

func VerifyClaims ¶

func VerifyClaims(cfg VerifyConfig, req *http.Request) (*Result, error)

VerifyClaims returns DPoP claims, raw claims, key; or error

type Signer ¶

type Signer interface {
	// ForRequest annotates an HTTP Request with a DPoP header.
	ForRequest(r *http.Request, extraClaims interface{}) (string, error)
	// JWKThumbprint returns base64 hash of the key
	JWKThumbprint() string
}

Signer specifies an interface to sign HTTP requests with DPoP

func NewSigner ¶

func NewSigner(s crypto.Signer) (Signer, error)

NewSigner creates a DPoP signer that can generate DPoP headers for a request.

type VerifyConfig ¶

type VerifyConfig struct {
	// ExpectedIssuer validates the iss claim of a JWT matches this value
	ExpectedIssuer string
	// ExpectedSubject validates the sub claim of a JWT matches this value
	ExpectedSubject string
	// ExpectedAudience validates that the aud claim of a JWT contains this value
	ExpectedAudience string
	// ExpectedNonce validates that the nonce claim of a JWT contains this value
	ExpectedNonce string
	// EnableQuery speciies to get `dpop` header from the QueryString
	EnableQuery bool
}

VerifyConfig expreses the possible options for validating a JWT

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL