jwt

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2025 License: AGPL-3.0, MIT Imports: 9 Imported by: 0

Documentation

Overview

Package jwt provides authentication strategy, to authenticate HTTP requests based on jwt token.

Index

Constants

View Source 
const (
	// EdDSA signature algorithm.
	EdDSA = "EdDSA"
	// HS256 signature algorithm -- HMAC using SHA-256.
	HS256 = "HS256"
	// HS384 signature algorithm -- HMAC using SHA-384.
	HS384 = "HS384"
	// HS512 signature algorithm -- HMAC using SHA-512.
	HS512 = "HS512"
	// RS256 signature algorithm -- RSASSA-PKCS-v1.5 using SHA-256.
	RS256 = "RS256"
	// RS384 signature algorithm -- RSASSA-PKCS-v1.5 using SHA-384.
	RS384 = "RS384"
	// RS512 signature algorithm -- RSASSA-PKCS-v1.5 using SHA-512.
	RS512 = "RS512"
	// ES256 signature algorithm -- ECDSA using P-256 and SHA-256.
	ES256 = "ES256"
	// ES384 signature algorithm -- ECDSA using P-384 and SHA-384.
	ES384 = "ES384"
	// ES512 signature algorithm -- ECDSA using P-521 and SHA-512.
	ES512 = "ES512"
	// PS256 signature algorithm -- RSASSA-PSS using SHA256 and MGF1-SHA256.
	PS256 = "PS256"
	// PS384 signature algorithm -- RSASSA-PSS using SHA384 and MGF1-SHA384.
	PS384 = "PS384"
	// PS512 signature algorithm -- RSASSA-PSS using SHA512 and MGF1-SHA512.
	PS512 = "PS512"
)

Variables

View Source 
var (
	// ErrMissingKID is returned by Authenticate Strategy method,
	// when failed to retrieve kid from token header.
	ErrMissingKID = jwt.ErrMissingKID

	// ErrInvalidAlg is returned by Authenticate Strategy method,
	// when jwt token alg header does not match key algorithm.
	ErrInvalidAlg = jwt.ErrInvalidAlg
)

Functions

func GetAuthenticateFunc 

func GetAuthenticateFunc(s SecretsKeeper, opts ...auth.Option) token.AuthenticateFunc

GetAuthenticateFunc return function to authenticate request using jwt token. The returned function typically used with the token strategy.

func IssueAccessToken 

func IssueAccessToken(info auth.Info, s SecretsKeeper, opts ...auth.Option) (string, error)

IssueAccessToken issue jwt access token for the provided user info.

func SetAudience 

func SetAudience(aud string) auth.Option

SetAudience sets token audience(aud), no default value.

func SetExpDuration 

func SetExpDuration(d time.Duration) auth.Option

SetExpDuration sets token exp duartion, Default Value 5 min.

func SetIssuer 

func SetIssuer(iss string) auth.Option

SetIssuer sets token issuer(iss), no default value.

func SetNamedScopes 

func SetNamedScopes(scp ...string) auth.Option

SetNamedScopes sets the access token scopes,

Types

type SecretsKeeper 

type SecretsKeeper interface {
	// KID return's secret/key id.
	// KID must return the most recently used id if more than one secret/key exists.
	// https://tools.ietf.org/html/rfc7515#section-4.1.4
	KID() string
	// Get return's secret/key and the corresponding sign algorithm.
	Get(kid string) (key interface{}, algorithm string, err error)
}

SecretsKeeper hold all secrets/keys to sign and parse JWT token

type StaticSecret 

type StaticSecret struct {
	Secret    interface{}
	ID        string
	Algorithm string
}

StaticSecret implements the SecretsKeeper and holds only a single secret.

func (StaticSecret) Get 

func (s StaticSecret) Get(kid string) (key interface{}, algorithm string, err error)

Get return's secret/key and the corresponding sign algorithm.

func (StaticSecret) KID 

func (s StaticSecret) KID() string

KID return's secret/key id.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.