Documentation
¶
Overview ¶
Package auth provides JWT verification with JWKS caching for the LFX MCP server.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractScopes ¶
ExtractScopes extracts scopes from a JWT token. Handles both "scope" (space-separated string) and "scopes" (array) claims.
Types ¶
type JWTVerifier ¶
type JWTVerifier struct {
// contains filtered or unexported fields
}
JWTVerifier verifies JWT tokens using cached JWKS from authorization servers.
func NewJWTVerifier ¶
func NewJWTVerifier(cfg JWTVerifierConfig) (*JWTVerifier, error)
NewJWTVerifier creates a new JWT verifier with JWKS caching.
func (*JWTVerifier) VerifyToken ¶
VerifyToken verifies a JWT token and returns the parsed token.
type JWTVerifierConfig ¶
type JWTVerifierConfig struct {
// AuthServers is the list of authorization server URLs (e.g., ["https://example.auth0.com"]).
// JWKS will be fetched from {authServer}/.well-known/jwks.json for each server.
AuthServers []string
// Audience is the expected audience claim (aud) in the JWT.
Audience string
// HTTPClient is the HTTP client to use for fetching JWKS.
// If nil, a default client with 30s timeout will be created.
HTTPClient *http.Client
// CacheRefreshInterval is how often to refresh the JWKS cache.
// If zero, defaults to 15 minutes.
CacheRefreshInterval time.Duration
}
JWTVerifierConfig holds configuration for JWT verification.
Source Files
Click to show internal directories.
Click to hide internal directories.