Documentation
¶
Overview ¶
Package jwtparse implements a zero-allocation JWT parser and signer.
Index ¶
- Variables
- func GenerateECDSAKey(m *signingMethodECDSA) (*ecdsa.PrivateKey, error)
- func RegisterSigningMethod(m SigningMethod)
- func ReleaseMapClaims(m MapClaims)
- func ReleaseToken(t *Token)
- func SignToken(method SigningMethod, claims Claims, key any) (string, error)
- type Audience
- type Claims
- type Header
- type Keyfunc
- type MapClaims
- type NumericDate
- type Parser
- type ParserOption
- type RegisteredClaims
- type SigningMethod
- type Token
Constants ¶
This section is empty.
Variables ¶
var ( SigningMethodES256 *signingMethodECDSA SigningMethodES384 *signingMethodECDSA SigningMethodES512 *signingMethodECDSA )
ECDSA signing method singletons.
var ( ErrTokenMalformed = errors.New("token is malformed") ErrTokenUnverifiable = errors.New("token is unverifiable") ErrTokenSignatureInvalid = errors.New("token signature is invalid") ErrTokenExpired = errors.New("token has expired") ErrTokenNotValidYet = errors.New("token is not valid yet") ErrTokenUsedBeforeIssued = errors.New("token used before issued") ErrAlgNone = errors.New("\"none\" algorithm is not allowed") ErrInvalidIssuer = errors.New("token has invalid issuer") ErrInvalidAudience = errors.New("token has invalid audience") ErrInvalidSubject = errors.New("token has invalid subject") )
Sentinel errors for JWT validation failures.
var ( SigningMethodHS256 *signingMethodHMAC SigningMethodHS384 *signingMethodHMAC SigningMethodHS512 *signingMethodHMAC )
HMAC-SHA signing method singletons.
var ( SigningMethodRS256 *signingMethodRSA SigningMethodRS384 *signingMethodRSA SigningMethodRS512 *signingMethodRSA )
RSA PKCS#1 v1.5 signing method singletons.
var ( SigningMethodPS256 *signingMethodRSAPSS SigningMethodPS384 *signingMethodRSAPSS SigningMethodPS512 *signingMethodRSAPSS )
RSA-PSS signing method singletons.
var SigningMethodEdDSA *signingMethodEdDSA
SigningMethodEdDSA is the EdDSA signing method singleton.
Functions ¶
func GenerateECDSAKey ¶
func GenerateECDSAKey(m *signingMethodECDSA) (*ecdsa.PrivateKey, error)
GenerateECDSAKey generates an ECDSA key pair for the given signing method. For testing only.
func RegisterSigningMethod ¶
func RegisterSigningMethod(m SigningMethod)
RegisterSigningMethod registers a signing method in the global registry.
func ReleaseMapClaims ¶
func ReleaseMapClaims(m MapClaims)
ReleaseMapClaims returns a MapClaims to the pool for reuse.
Types ¶
type Audience ¶
type Audience []string
Audience is a slice of strings that accepts both a single string and an array in JSON.
func (*Audience) UnmarshalJSON ¶
UnmarshalJSON decodes an audience from either a single string or a string array.
type Claims ¶
type Claims interface {
Valid() error
}
Claims is the interface for JWT claims validation.
type Header ¶
type Header struct {
Alg string `json:"alg"`
Kid string `json:"kid,omitempty"`
Typ string `json:"typ,omitempty"`
}
Header is the JOSE header of a JWT.
type MapClaims ¶
MapClaims is an unstructured claims type backed by a map.
Numeric claims (exp, nbf, iat) are stored as float64 when parsed from JSON by the internal parser. When constructing MapClaims programmatically, int64 and int values are also accepted by numericClaim and the time-validation methods. json.Number (from encoding/json with UseNumber) is also supported.
func AcquireMapClaims ¶
func AcquireMapClaims() MapClaims
AcquireMapClaims returns a cleared MapClaims from the pool.
type NumericDate ¶
NumericDate represents a JSON numeric date value (Unix timestamp).
func NewNumericDate ¶
func NewNumericDate(t time.Time) *NumericDate
NewNumericDate creates a NumericDate from a time.Time.
func (NumericDate) MarshalJSON ¶
func (d NumericDate) MarshalJSON() ([]byte, error)
MarshalJSON encodes a NumericDate as a Unix timestamp integer.
func (*NumericDate) UnmarshalJSON ¶
func (d *NumericDate) UnmarshalJSON(b []byte) error
UnmarshalJSON decodes a Unix timestamp number into a NumericDate.
type Parser ¶
type Parser struct {
// contains filtered or unexported fields
}
Parser is a JWT token parser.
func NewParser ¶
func NewParser(opts ...ParserOption) *Parser
NewParser creates a new JWT parser with the given options.
type ParserOption ¶
type ParserOption func(*Parser)
ParserOption configures a Parser.
func WithAudience ¶
func WithAudience(aud string) ParserOption
WithAudience requires the token to contain the specified audience.
func WithIssuer ¶
func WithIssuer(iss string) ParserOption
WithIssuer requires the token to have the specified issuer.
func WithLeeway ¶
func WithLeeway(d time.Duration) ParserOption
WithLeeway adds a time leeway for exp/nbf/iat validation.
func WithSubject ¶
func WithSubject(sub string) ParserOption
WithSubject requires the token to have the specified subject.
func WithValidMethods ¶
func WithValidMethods(methods []string) ParserOption
WithValidMethods restricts which signing algorithms are accepted.
type RegisteredClaims ¶
type RegisteredClaims struct {
Issuer string `json:"iss,omitempty"`
Subject string `json:"sub,omitempty"`
Audience Audience `json:"aud,omitempty"`
ExpiresAt *NumericDate `json:"exp,omitempty"`
NotBefore *NumericDate `json:"nbf,omitempty"`
IssuedAt *NumericDate `json:"iat,omitempty"`
ID string `json:"jti,omitempty"`
}
RegisteredClaims are the IANA-registered JWT claims.
func (RegisteredClaims) Valid ¶
func (c RegisteredClaims) Valid() error
Valid validates exp, nbf, and iat claims against the current time.
type SigningMethod ¶
type SigningMethod interface {
Alg() string
Verify(signingInput string, sig []byte, key any) error
Sign(signingInput string, key any) ([]byte, error)
}
SigningMethod defines the interface for JWT signing algorithms.
func GetSigningMethod ¶
func GetSigningMethod(alg string) (SigningMethod, bool)
GetSigningMethod returns a registered signing method by algorithm name.
Source Files