Documentation
¶
Overview ¶
Package statejwt encodes and decodes the OAuth `state` parameter used in the Slack install / link flows.
The state parameter binds the user's dashboard session (account_id, org_id) to the redirect that will land at Slack's OAuth callback, so that when the callback fires we know which Nuon account+org initiated the install. It is signed with HS256 using the SlackStateJWTSecret config value and carries a short TTL.
Index ¶
Constants ¶
const DefaultTTL = 10 * time.Minute
DefaultTTL bounds how long an issued state value is accepted at the callback. OAuth round-trips through Slack are interactive and complete in seconds; 10 minutes is a generous ceiling that tolerates redirects and slow approval flows.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct {
AccountID string `json:"acc"`
OrgID string `json:"org"`
// Nonce is a per-issuance random string so two state values issued in
// the same second still differ; the caller supplies it.
Nonce string `json:"nonce"`
jwt.RegisteredClaims
}
Claims is the payload encoded into the OAuth state parameter.
type Encoder ¶
type Encoder struct {
// contains filtered or unexported fields
}
Encoder issues and verifies signed state values. It holds the signing secret so callers don't have to thread it through every call site.
Source Files