Documentation
¶
Overview ¶
Package jwt provides a JWT-based implementation of the security interfaces.
Package jwt implements the functions, types, and interfaces for the module.
Package jwt implements the functions, types, and interfaces for module.
Index ¶
- Constants
- func NewAuthenticator(cfg *authnv1.Authenticator, opts ...Option) (authn.Authenticator, error)
- type Authenticator
- func (a *Authenticator) Authenticate(ctx context.Context, cred security.Credential) (security.Principal, error)
- func (a *Authenticator) CreateCredential(ctx context.Context, p security.Principal) (security.CredentialResponse, error)
- func (a *Authenticator) Revoke(ctx context.Context, cred security.Credential) error
- func (a *Authenticator) Supports(cred security.Credential) bool
- type Claims
- func (c *Claims) Export() map[string]*structpb.Value
- func (c *Claims) Get(key string) (interface{}, bool)
- func (c *Claims) GetBool(key string) (bool, bool)
- func (c *Claims) GetFloat64(key string) (float64, bool)
- func (c *Claims) GetInt64(key string) (int64, bool)
- func (c *Claims) GetMap(key string) (map[string]any, bool)
- func (c *Claims) GetString(key string) (string, bool)
- func (c *Claims) GetStringSlice(key string) ([]string, bool)
- func (c *Claims) UnmarshalValue(key string, target any) error
- type Option
- func WithAccessTokenLifetime(d time.Duration) Option
- func WithAudience(audience []string) Option
- func WithCache(cache securitycache.Cache) Option
- func WithClock(c func() time.Time) Option
- func WithExtraClaims(extras map[string]string) Option
- func WithGenerateID(g func() string) Option
- func WithIssuer(issuer string) Option
- func WithKeyFunc(keyFunc func(token *jwtv5.Token) (any, error)) Option
- func WithRefreshTokenLifetime(d time.Duration) Option
- func WithSigningKey(algorithm, keyData string) Option
- func WithSigningMethod(signingMethod jwtv5.SigningMethod) Option
- type Options
Constants ¶
const ( // DefaultIssuer is the default issuer for JWT tokens. DefaultIssuer = "origadmin" // DefaultAccessTokenTTL is the default time-to-live for access tokens. DefaultAccessTokenTTL = 2 * time.Hour // DefaultRefreshTokenTTL is the default time-to-live for refresh tokens. DefaultRefreshTokenTTL = 7 * 24 * time.Hour )
Variables ¶
This section is empty.
Functions ¶
func NewAuthenticator ¶
func NewAuthenticator(cfg *authnv1.Authenticator, opts ...Option) (authn.Authenticator, error)
NewAuthenticator creates a new JWT Provider from the given configuration and options.
Types ¶
type Authenticator ¶
type Authenticator struct {
*Options
// contains filtered or unexported fields
}
Authenticator implements the security interfaces for JWT.
func New ¶ added in v1.2.0
func New(opts *Options, logger log.Logger) (*Authenticator, error)
New creates a new Authenticator instance from a pre-built Options object and a logger. This is the recommended way to create an Authenticator when you need to customize its dependencies or when you are creating it as part of a dependency injection system.
func (*Authenticator) Authenticate ¶
func (a *Authenticator) Authenticate(ctx context.Context, cred security.Credential) (security.Principal, error)
Authenticate validates the provided credential and returns a Principal if successful.
func (*Authenticator) CreateCredential ¶
func (a *Authenticator) CreateCredential(ctx context.Context, p security.Principal) (security.CredentialResponse, error)
CreateCredential issues a new credential for the given principal.
func (*Authenticator) Revoke ¶
func (a *Authenticator) Revoke(ctx context.Context, cred security.Credential) error
Revoke invalidates the given credential.
func (*Authenticator) Supports ¶
func (a *Authenticator) Supports(cred security.Credential) bool
Supports returns true if this authenticator can handle the given credential.
type Claims ¶
type Claims struct {
jwtv5.RegisteredClaims
Roles []string `json:"roles,omitempty"`
Permissions []string `json:"permissions,omitempty"`
Scopes map[string]bool `json:"scopes,omitempty"`
}
Claims represents the JWT claims, including standard claims and custom ones.
type Option ¶
Option is a functional option type for configuring the JWT authenticator.
func WithAccessTokenLifetime ¶
WithAccessTokenLifetime returns an options.Option that sets access token expiration.
func WithAudience ¶
WithAudience returns an options.Option that sets JWT audience.
func WithCache ¶
func WithCache(cache securitycache.Cache) Option
WithCache returns an options.Option that sets token cache.
func WithExtraClaims ¶
WithExtraClaims returns an options.Option that sets extra claims.
func WithGenerateID ¶
WithGenerateID provides a function to generate unique IDs (e.g., for 'jti' claims).
func WithIssuer ¶
WithIssuer returns an options.Option that sets JWT issuer.
func WithKeyFunc ¶
WithKeyFunc returns an options.Option that sets key function.
func WithRefreshTokenLifetime ¶
WithRefreshTokenLifetime returns an options.Option that sets refresh token expiration.
func WithSigningKey ¶
WithSigningKey sets the JWT signing method and key function from algorithm and key data strings. This is a convenience option for common use cases.
func WithSigningMethod ¶
func WithSigningMethod(signingMethod jwtv5.SigningMethod) Option
WithSigningMethod returns an options.Option that sets JWT signing method.
type Options ¶
type Options struct {
// contains filtered or unexported fields
}
Options holds the configuration options for the JWT authenticator.
func FromOptions ¶
FromOptions creates a new Options struct from a slice of option functions.
func NewOptions ¶ added in v1.2.0
func NewOptions(cfg *authnv1.Authenticator, opts ...Option) (*Options, error)
NewOptions creates a new Options object from the given configuration and functional options. It is responsible for parsing the protobuf configuration and merging it with any provided functional options. This function is intended to be used when you need to create the configuration options separately before creating the Authenticator instance.
Source Files