Documentation
¶
Overview ¶
Package jwtverifier provides JWT claim extraction and verification backends.
The package supports three modes:
- ESPv1: Extract claims from X-Endpoint-API-UserInfo header set by Cloud Endpoints
- Direct: Validate JWT from Authorization header using JWKS
- Insecure: Parse JWT without validation (development/testing only)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Direct ¶
type Direct struct {
// contains filtered or unexported fields
}
Direct validates JWTs from the Authorization header using JWKS. This mode fetches the JWKS on every request (no caching) and validates the JWT signature. Intended for integration testing, not production use.
func (*Direct) ExtractClaims ¶
ExtractClaims extracts and validates JWT claims from the Authorization header. It fetches the JWKS on every request and validates the JWT signature. This is only meant to be used for local e2e testing. TODO: implement proper caching and JWKS reuse to allow non-GAE deployments.
type ESPv1 ¶
type ESPv1 struct{}
ESPv1 extracts JWT claims from the X-Endpoint-API-UserInfo header set by Cloud Endpoints ESPv1 after JWT validation.
func (*ESPv1) ExtractClaims ¶
ExtractClaims extracts JWT claims from the X-Endpoint-API-UserInfo header.
type Insecure ¶
type Insecure struct {
// contains filtered or unexported fields
}
Insecure parses JWTs from the Authorization header WITHOUT signature verification. This mode is ONLY for development and testing. It requires the ALLOW_INSECURE_JWT=true environment variable to be set as a safety check.
WARNING: Never use this in production - it accepts any JWT regardless of signature.
func NewInsecure ¶
NewInsecure creates a new insecure JWT verifier. Returns an error if the ALLOW_INSECURE_JWT environment variable is not set to "true".
func (*Insecure) ExtractClaims ¶
ExtractClaims extracts JWT claims from the Authorization header without signature verification.
Source Files