Documentation
¶
Overview ¶
Package jwt provides a JWT-based implementation of the security interfaces.
Package jwt implements the functions, types, and interfaces for the module.
Package jwt implements the functions, types, and interfaces for module.
Index ¶
- Constants
- func NewAuthenticator(cfg *authnv1.Authenticator, opts ...Option) (authn.Authenticator, error)
- type Authenticator
- func (a *Authenticator) Authenticate(ctx context.Context, cred security.Credential) (security.Principal, error)
- func (a *Authenticator) CreateCredential(ctx context.Context, p security.Principal) (security.CredentialResponse, error)
- func (a *Authenticator) RefreshCredential(ctx context.Context, refreshToken string) (security.CredentialResponse, error)
- func (a *Authenticator) Revoke(ctx context.Context, cred security.Credential) error
- func (a *Authenticator) Supports(cred security.Credential) bool
- type Claims
- func (c *Claims) Export() map[string]*structpb.Value
- func (c *Claims) Get(key string) (interface{}, bool)
- func (c *Claims) GetBool(key string) (bool, bool)
- func (c *Claims) GetFloat64(key string) (float64, bool)
- func (c *Claims) GetInt64(key string) (int64, bool)
- func (c *Claims) GetMap(key string) (map[string]any, bool)
- func (c *Claims) GetString(key string) (string, bool)
- func (c *Claims) GetStringSlice(key string) ([]string, bool)
- func (c *Claims) UnmarshalValue(key string, target any) error
- type Option
- func WithAccessTokenLifetime(d time.Duration) Option
- func WithAudience(audience []string) Option
- func WithCache(cache securitycache.Cache) Option
- func WithClock(c func() time.Time) Option
- func WithExtraClaims(extras map[string]string) Option
- func WithGenerateID(g func() string) Option
- func WithIssuer(issuer string) Option
- func WithKeyFunc(keyFunc func(token *jwtv5.Token) (any, error)) Option
- func WithLogger(logger log.Logger) Option
- func WithRefreshTokenLifetime(d time.Duration) Option
- func WithSigningKey(algorithm, keyData string) Option
- func WithSigningMethod(signingMethod jwtv5.SigningMethod) Option
- type Options
Constants ¶
const ( // DefaultIssuer is the default issuer for JWT tokens. DefaultIssuer = "origadmin" // DefaultAccessTokenTTL is the default time-to-live for access tokens. DefaultAccessTokenTTL = 2 * time.Hour // DefaultRefreshTokenTTL is the default time-to-live for refresh tokens. DefaultRefreshTokenTTL = 7 * 24 * time.Hour )
Variables ¶
This section is empty.
Functions ¶
func NewAuthenticator ¶
func NewAuthenticator(cfg *authnv1.Authenticator, opts ...Option) (authn.Authenticator, error)
NewAuthenticator creates a new JWT Provider from the given configuration and options.
Types ¶
type Authenticator ¶
type Authenticator struct {
*Options
// contains filtered or unexported fields
}
Authenticator implements the security interfaces for JWT.
func New ¶ added in v1.2.0
func New(opts *Options, logger log.Logger) (*Authenticator, error)
New creates a new Authenticator instance from a pre-built Options object and a logger.
func (*Authenticator) Authenticate ¶
func (a *Authenticator) Authenticate(ctx context.Context, cred security.Credential) (security.Principal, error)
Authenticate validates the provided credential and returns a Principal if successful.
func (*Authenticator) CreateCredential ¶
func (a *Authenticator) CreateCredential(ctx context.Context, p security.Principal) (security.CredentialResponse, error)
CreateCredential issues a new credential for the given principal.
func (*Authenticator) RefreshCredential ¶ added in v1.3.0
func (a *Authenticator) RefreshCredential(ctx context.Context, refreshToken string) (security.CredentialResponse, error)
RefreshCredential issues a new credential based on a valid refresh token.
func (*Authenticator) Revoke ¶
func (a *Authenticator) Revoke(ctx context.Context, cred security.Credential) error
Revoke invalidates the given credential.
func (*Authenticator) Supports ¶
func (a *Authenticator) Supports(cred security.Credential) bool
Supports returns true if this authenticator can handle the given credential.
type Claims ¶
type Claims struct {
jwtv5.RegisteredClaims
Roles []string `json:"roles,omitempty"`
Permissions []string `json:"permissions,omitempty"`
Scopes map[string]bool `json:"scopes,omitempty"`
}
Claims represents the JWT claims, including standard claims and custom ones.
type Option ¶
Option is a functional option type for configuring the JWT authenticator.
func WithAccessTokenLifetime ¶
WithAccessTokenLifetime returns an options.Option that sets access token expiration.
func WithAudience ¶
WithAudience returns an options.Option that sets JWT audience.
func WithCache ¶
func WithCache(cache securitycache.Cache) Option
WithCache returns an options.Option that sets token cache.
func WithExtraClaims ¶
WithExtraClaims returns an options.Option that sets extra claims.
func WithGenerateID ¶
WithGenerateID provides a function to generate unique IDs (e.g., for 'jti' claims).
func WithIssuer ¶
WithIssuer returns an options.Option that sets JWT issuer.
func WithKeyFunc ¶
WithKeyFunc returns an options.Option that sets key function.
func WithLogger ¶ added in v1.3.0
WithLogger sets the logger for the authenticator.
func WithRefreshTokenLifetime ¶
WithRefreshTokenLifetime returns an options.Option that sets refresh token expiration.
func WithSigningKey ¶
WithSigningKey sets the JWT signing method and key function from algorithm and key data strings. This is a convenience option for common use cases.
func WithSigningMethod ¶
func WithSigningMethod(signingMethod jwtv5.SigningMethod) Option
WithSigningMethod returns an options.Option that sets JWT signing method.
type Options ¶
Options holds the configuration options for the JWT authenticator.
func FromOptions ¶
FromOptions creates a new Options struct from a slice of option functions.
func NewOptions ¶ added in v1.2.0
func NewOptions(cfg *authnv1.Authenticator, opts ...Option) (*Options, error)
NewOptions creates a new Options object from the given configuration and functional options.
Source Files