Documentation
¶
Index ¶
- func NewJwtTokenAuthenticator(ctx context.Context, cfg config.ConfigurationJWTVerification) security.Authenticator
- type JWK
- type JWKSet
- type TokenAuthenticator
- func (a *TokenAuthenticator) GetKey(token *jwt.Token) (any, error)
- func (a *TokenAuthenticator) GetKeyCount() int
- func (a *TokenAuthenticator) LoadFromJSON(data []byte) error
- func (a *TokenAuthenticator) Refresh() errordeprecated
- func (a *TokenAuthenticator) RefreshWithContext(ctx context.Context) error
- func (a *TokenAuthenticator) Start(ctx context.Context)
- func (a *TokenAuthenticator) Stop()
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewJwtTokenAuthenticator ¶
func NewJwtTokenAuthenticator(ctx context.Context, cfg config.ConfigurationJWTVerification) security.Authenticator
Types ¶
type JWK ¶
type JWK struct {
Kty string `json:"kty"`
Alg string `json:"alg,omitempty"`
Use string `json:"use,omitempty"`
// Common
Kid string `json:"kid"`
// RSA
E string `json:"e,omitempty"`
N string `json:"n,omitempty"`
// EC
Crv string `json:"crv,omitempty"`
X string `json:"x,omitempty"`
Y string `json:"y,omitempty"`
// OKP (EdDSA)
OKPCrv string `json:"crv,omitempty"` //nolint:govet // JWK format allows overlapping field names for different key types
OKPX string `json:"x,omitempty"` //nolint:govet // JWK format allows overlapping field names for different key types
}
type TokenAuthenticator ¶
type TokenAuthenticator struct {
// contains filtered or unexported fields
}
func NewTokenAuthenticator ¶
func NewTokenAuthenticator(jwksURL string, refresh time.Duration) *TokenAuthenticator
func (*TokenAuthenticator) GetKey ¶
func (a *TokenAuthenticator) GetKey(token *jwt.Token) (any, error)
func (*TokenAuthenticator) GetKeyCount ¶
func (a *TokenAuthenticator) GetKeyCount() int
GetKeyCount returns the number of currently loaded keys (for testing purposes).
func (*TokenAuthenticator) LoadFromJSON ¶
func (a *TokenAuthenticator) LoadFromJSON(data []byte) error
LoadFromJSON parses JWK Set JSON data and loads the keys directly, without fetching from a URL. This is useful when JWKS data is provided via configuration (e.g. OAUTH2_WELL_KNOWN_JWK_DATA env var).
func (*TokenAuthenticator) Refresh
deprecated
func (a *TokenAuthenticator) Refresh() error
Refresh refreshes the JWKS from the well-known URL using a default timeout.
Deprecated: Use RefreshWithContext instead.
func (*TokenAuthenticator) RefreshWithContext ¶ added in v2.0.2
func (a *TokenAuthenticator) RefreshWithContext(ctx context.Context) error
RefreshWithContext refreshes the JWKS from the well-known URL using the provided context.
func (*TokenAuthenticator) Start ¶
func (a *TokenAuthenticator) Start(ctx context.Context)
Start begins the background JWKS refresh using the provided context. The context controls the lifetime of the background goroutine.
func (*TokenAuthenticator) Stop ¶
func (a *TokenAuthenticator) Stop()
Click to show internal directories.
Click to hide internal directories.