signer

package

v1.78.2 Latest Latest Go to latest Published: Mar 12, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pitabwire/frame

Links

Open Source Insights

Documentation ¶

Index ¶

func SetFetchX509SVIDsForTest(...) func()
type JWKSURLSigner
- func NewJWKSURLSigner(httpClient *http.Client, cfg *config.PrivateKeyJWTConfig) *JWKSURLSigner
type JWTAssertionSigner
- func Resolve(_ context.Context, httpClient *http.Client, cfg *config.PrivateKeyJWTConfig) (JWTAssertionSigner, error)
type WorkloadAPISigner
- func NewWorkloadAPISigner(cfg *config.PrivateKeyJWTConfig) *WorkloadAPISigner

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func SetFetchX509SVIDsForTest ¶

func SetFetchX509SVIDsForTest(
	fn func(context.Context, ...workloadapi.ClientOption) ([]*x509svid.SVID, error),
) func()

SetFetchX509SVIDsForTest replaces the Workload API fetch function and returns a cleanup function that restores the original.

Types ¶

type JWKSURLSigner ¶ added in v1.78.1

type JWKSURLSigner struct {
	// contains filtered or unexported fields
}

JWKSURLSigner fetches a JWK set from a URL and uses the first signing key to produce JWT signatures. This is suitable for setups where an admin API (e.g. Ory Hydra) manages the key pairs and exposes them via JWKS.

func NewJWKSURLSigner ¶ added in v1.78.1

func NewJWKSURLSigner(httpClient *http.Client, cfg *config.PrivateKeyJWTConfig) *JWKSURLSigner

NewJWKSURLSigner creates a signer that fetches signing keys from a JWKS URL.

func (*JWKSURLSigner) Algorithm ¶ added in v1.78.1

func (s *JWKSURLSigner) Algorithm(ctx context.Context) (string, error)

func (*JWKSURLSigner) KeyID ¶ added in v1.78.1

func (s *JWKSURLSigner) KeyID(ctx context.Context) (string, error)

func (*JWKSURLSigner) Sign ¶ added in v1.78.1

func (s *JWKSURLSigner) Sign(ctx context.Context, payload []byte) ([]byte, error)

type JWTAssertionSigner ¶

type JWTAssertionSigner interface {
	Algorithm(ctx context.Context) (string, error)
	KeyID(ctx context.Context) (string, error)
	Sign(ctx context.Context, payload []byte) ([]byte, error)
}

JWTAssertionSigner signs JWT client assertions for the private_key_jwt authentication method.

func Resolve ¶

func Resolve(
	_ context.Context,
	httpClient *http.Client,
	cfg *config.PrivateKeyJWTConfig,
) (JWTAssertionSigner, error)

Resolve inspects the private key JWT configuration and returns an appropriate signer implementation.

type WorkloadAPISigner ¶

type WorkloadAPISigner struct {
	// contains filtered or unexported fields
}

WorkloadAPISigner signs JWT assertions using SPIFFE X509-SVIDs fetched from the Workload API.

func NewWorkloadAPISigner ¶

func NewWorkloadAPISigner(cfg *config.PrivateKeyJWTConfig) *WorkloadAPISigner

NewWorkloadAPISigner creates a signer backed by the SPIFFE Workload API.

func (*WorkloadAPISigner) Algorithm ¶

func (s *WorkloadAPISigner) Algorithm(ctx context.Context) (string, error)

func (*WorkloadAPISigner) KeyID ¶

func (s *WorkloadAPISigner) KeyID(_ context.Context) (string, error)

func (*WorkloadAPISigner) Sign ¶

func (s *WorkloadAPISigner) Sign(ctx context.Context, payload []byte) ([]byte, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL