Versions in this module Expand all Collapse all v0 v0.2.0 Mar 8, 2026 v0.1.0 Feb 28, 2026 Changes in this version + var ErrInvalidAlgorithm = errors.New("invalid signing algorithm") + var ErrInvalidToken = errors.New("invalid token") + var ErrMissingPublicKey = errors.New("public key required when using asymmetric signing") + var ErrNoSigningKey = errors.New("no signing key configured: provide Secret or PrivateKey") + var ErrTokenExpired = errors.New("token expired") + var ErrWrongTokenType = errors.New("wrong token type") + func ComputeTokenHash(token string) string + type CNFClaim struct + JKT string + type Claims struct + Confirmation *CNFClaim + Email string + IsPlatformAdmin bool + Name string + OrganizationID *uuid.UUID + OrganizationSlug string + Permissions []string + Role string + TokenFamily string + TokenType TokenType + UserID uuid.UUID + func NewAccessClaims(cfg *Config, userID uuid.UUID, email, name string) *Claims + func NewRefreshClaims(cfg *Config, userID uuid.UUID, family string) *Claims + func (c *Claims) DPoPThumbprint() string + func (c *Claims) IsAccessToken() bool + func (c *Claims) IsDPoPBound() bool + func (c *Claims) IsExpired() bool + func (c *Claims) IsRefreshToken() bool + func (c *Claims) WithDPoPBinding(thumbprint string) *Claims + func (c *Claims) WithOrganization(orgID uuid.UUID, slug, role string, permissions []string) *Claims + func (c *Claims) WithPlatformAdmin(isPlatformAdmin bool) *Claims + type Config struct + AccessTokenExpiry time.Duration + Algorithm string + Audience []string + Issuer string + PrivateKey any + PublicKey any + RefreshTokenExpiry time.Duration + RefreshTokenRotation bool + Secret []byte + func DefaultConfig() *Config + func (c *Config) Validate() error + type DPoPBinding struct + Thumbprint string + type Service struct + func NewService(cfg *Config) (*Service, error) + func (s *Service) AccessTokenTTL() time.Duration + func (s *Service) Config() *Config + func (s *Service) GenerateAccessToken(userID uuid.UUID, email, name string) (string, error) + func (s *Service) GenerateAccessTokenWithOptions(userID uuid.UUID, email, name string, opts TokenOptions) (string, error) + func (s *Service) GenerateAccessTokenWithOrg(userID uuid.UUID, email, name string, orgID uuid.UUID, orgSlug, role string, ...) (string, error) + func (s *Service) GenerateAccessTokenWithOrgAndOptions(userID uuid.UUID, email, name string, orgID uuid.UUID, orgSlug, role string, ...) (string, error) + func (s *Service) GenerateRefreshToken(userID uuid.UUID, family string) (string, error) + func (s *Service) GenerateTokenPair(userID uuid.UUID, email, name string) (*TokenPair, error) + func (s *Service) GenerateTokenPairLegacy(userID uuid.UUID, email string, isPlatformAdmin bool) (*TokenPair, error) + func (s *Service) GenerateTokenPairWithOptions(userID uuid.UUID, email, name string, opts TokenOptions) (*TokenPair, error) + func (s *Service) GenerateTokenPairWithOrg(userID uuid.UUID, email, name string, orgID uuid.UUID, orgSlug, role string, ...) (*TokenPair, error) + func (s *Service) RefreshTokenTTL() time.Duration + func (s *Service) ValidateAccessToken(tokenString string) (*Claims, error) + func (s *Service) ValidateRefreshToken(tokenString string) (*Claims, error) + type TokenOptions struct + DPoPThumbprint string + type TokenPair struct + AccessToken string + ExpiresIn int64 + RefreshToken string + type TokenType string + const AccessToken + const RefreshToken
Go to main page