Documentation
¶
Index ¶
- Constants
- func CheckOrGenerateJwtSecret(jwtSecret string, requireExplicit bool) []byte
- func EvalMatch(v any, want []string) bool
- func GetBoolClaim(m map[string]any, key string) bool
- func GetByPath(m map[string]any, path string) (any, bool)
- func GetStringClaim(m map[string]any, key string) string
- func GetStringSliceClaim(m map[string]any, key string) []string
- func ParseJWTClaims(idToken string) map[string]any
Constants ¶
View Source
const ( // KnownInsecureJWTSecret is the placeholder shipped in config.go's struct // tag; it must never sign real tokens. Keep in sync with the `default:` tag // on Config.JWTSecret. KnownInsecureJWTSecret = "default-jwt-secret-change-me" //nolint:gosec // public placeholder config default, intentionally rejected for production signing // MinJWTSecretLength matches the 32-byte floor enforced for ENCRYPTION_KEY. MinJWTSecretLength = 32 )
Variables ¶
This section is empty.
Functions ¶
func CheckOrGenerateJwtSecret ¶
CheckOrGenerateJwtSecret returns the HMAC signing key for JWTs.
When requireExplicit is true (production manager), a real secret is mandatory: an empty, default, or too-short JWT_SECRET panics at startup — mirroring the ENCRYPTION_KEY guard in libarcane/crypto. Otherwise (development / agent mode) a random per-boot key is generated when none (or only the public default) is configured, so the public default never becomes a live signing key.
func GetBoolClaim ¶
GetBoolClaim extracts a boolean claim from a map
func GetStringClaim ¶
GetStringClaim extracts a string claim from a map
func GetStringSliceClaim ¶
GetStringSliceClaim extracts a string slice claim from a map
func ParseJWTClaims ¶
ParseJWTClaims decodes and unmarshals the payload part of a JWT
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.