jwtkit

package

v0.2.50 Latest Latest Go to latest Published: Jun 18, 2025 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/plainq/servekit

Links

Open Source Insights

Documentation ¶

Index ¶

type Claims
type JWKSProvider
- func NewJWKSProvider(jwksURL string, refreshInterval time.Duration) (*JWKSProvider, error)
type Key
type KeyStore
type Token
type TokenManager
type TokenManagerJWT
- func NewTokenManager(signer jwt.Signer, verifier jwt.Verifier) *TokenManagerJWT

Examples ¶

NewJWKSProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Claims ¶ added in v0.2.40

type Claims = jwt.RegisteredClaims

Claims represents claims for JWT. See: https://tools.ietf.org/html/rfc7519#section-4.1

type JWKSProvider ¶ added in v0.2.46

type JWKSProvider struct {
	// contains filtered or unexported fields
}

JWKSProvider is a token provider that uses a JWKS endpoint to verify tokens.

func NewJWKSProvider ¶ added in v0.2.46

func NewJWKSProvider(jwksURL string, refreshInterval time.Duration) (*JWKSProvider, error)

NewJWKSProvider creates a new JWKSProvider.

Example ¶

package main

import (
	"fmt"
	"time"

	"github.com/plainq/servekit/authkit/jwtkit"
)

func main() {
	// This is a placeholder for a real JWKS endpoint
	// In a real application, you would use a URL like
	// "https://www.googleapis.com/oauth2/v3/certs"
	// or your own identity provider's JWKS endpoint.
	jwksURL := "http://127.0.0.1:8080/.well-known/jwks.json"

	// Create a new JWKSProvider with a 1-hour refresh interval.
	// The provider will fetch the keys from the URL upon creation
	// and then periodically refresh them.
	provider, err := jwtkit.NewJWKSProvider(jwksURL, 1*time.Hour)
	if err != nil {
		// In a real app, you would likely log this error and exit,
		// as the application cannot verify tokens without the keys.
		fmt.Printf("failed to create JWKS provider: %v", err)
		return
	}

	// The provider can now be used to verify tokens.
	// Typically, you would use this in a middleware to protect your routes.
	// For example:
	// token := "a.jwt.token"
	// parsedToken, err := provider.ParseVerify(token)
	_ = provider
}

func (*JWKSProvider) ParseVerify ¶ added in v0.2.46

func (p *JWKSProvider) ParseVerify(token string) (*Token, error)

ParseVerify parses and verifies a token using the key from the JWKS endpoint.

func (*JWKSProvider) ParseVerifyClaims ¶ added in v0.2.46

func (p *JWKSProvider) ParseVerifyClaims(token string, claims any) error

ParseVerifyClaims parses and verifies a token using the key from the JWKS endpoint.

func (*JWKSProvider) Sign ¶ added in v0.2.46

func (*JWKSProvider) Sign(_ *Token) (string, error)

Sign is not supported for JWKSProvider.

func (*JWKSProvider) Verify ¶ added in v0.2.46

func (p *JWKSProvider) Verify(token string) error

Verify verifies a token.

type Key ¶ added in v0.2.46

type Key struct {
	Use string `json:"use"`
	Kty string `json:"kty"`
	Kid string `json:"kid"`
	Alg string `json:"alg"`
	N   string `json:"n"`
	E   string `json:"e"`
}

Key represents a single key in a JWK set.

type KeyStore ¶ added in v0.2.46

type KeyStore struct {
	Keys []Key `json:"keys"`
}

KeyStore represents a set of keys from a JWKS endpoint.

type Token ¶

type Token struct {
	Claims
	Meta map[string]any `json:"meta,omitempty"`
	// contains filtered or unexported fields
}

Token represents claims for JWT with additional metadata.

func (*Token) Metadata ¶

func (t *Token) Metadata() map[string]any

Metadata returns the metadata of the token.

func (*Token) Raw ¶

func (t *Token) Raw() *jwt.Token

Raw returns the raw token.

func (*Token) Validate ¶ added in v0.2.46

func (t *Token) Validate(now time.Time) error

Validate validates the token claims.

type TokenManager ¶

type TokenManager interface {
	// Sign takes a Token and signs it.
	Sign(token *Token) (string, error)

	// Verify takes a token string and verifies it.
	Verify(token string) error

	// ParseVerify takes a token string and parses and verifies it.
	ParseVerify(token string) (*Token, error)

	// ParseVerifyClaims takes a token string and parses and verifies it.
	// It decodes the claims into the provided claims struct.
	ParseVerifyClaims(token string, claims any) error
}

TokenManager is an interface that holds the logic of token management.

type TokenManagerJWT ¶

type TokenManagerJWT struct {
	// contains filtered or unexported fields
}

TokenManagerJWT is an implementation of TokenManager based on JWT.

func NewTokenManager ¶

func NewTokenManager(signer jwt.Signer, verifier jwt.Verifier) *TokenManagerJWT

NewTokenManager creates a new implementation of TokenManager based on JWT. It uses the given signer and verifier to sign and verify the token.

func (*TokenManagerJWT) ParseVerify ¶

func (m *TokenManagerJWT) ParseVerify(token string) (*Token, error)

func (*TokenManagerJWT) ParseVerifyClaims ¶ added in v0.2.46

func (m *TokenManagerJWT) ParseVerifyClaims(token string, claims any) error

func (*TokenManagerJWT) Sign ¶

func (m *TokenManagerJWT) Sign(token *Token) (string, error)

func (*TokenManagerJWT) Verify ¶

func (m *TokenManagerJWT) Verify(token string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL