Documentation
¶
Overview ¶
Package lambda_jwt appends critical libraries necessary for using JWTs (Json Web Tokens) within AWS Lambda through API Gateway proxy requests / integration. It adds multiple middleware functions for checking and validating permissions based on user type and has multiple examples of appending information from the caller's JWT directly into the golang context object so other handler functions can utilize the information. If you wish to use the standard 7 JWT values as defined by Auth0 at https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims then you want to use the jwt.StandardClaims object. If you wish to use an expanded claim set with a few additional helpful values like email and usertype then check out the ExpandedClaims object. If you wish to provide your own totally custom claim values and object then check out ExtractCustomClaims.
Index ¶
- Constants
- Variables
- func AllowOptionsMW(next lambda_router.Handler) lambda_router.Handler
- func DecodeAndInjectExpandedClaims(next lambda_router.Handler) lambda_router.Handler
- func DecodeAndInjectStandardClaims(next lambda_router.Handler) lambda_router.Handler
- func ExtendExpandedClaims(claims ExpandedClaims) jwt.MapClaims
- func ExtendStandardClaims(claims jwt.StandardClaims) jwt.MapClaims
- func ExtractCustomClaims(mapClaims jwt.MapClaims, val any) error
- func ExtractJWT(headers map[string]string) (jwt.MapClaims, int, error)
- func ExtractStandardClaims(mapClaims jwt.MapClaims, standardClaims *jwt.StandardClaims) error
- func LogRequestMW(next lambda_router.Handler) lambda_router.Handler
- func Sign(mapClaims jwt.MapClaims) (string, error)
- func VerifyJWT(userJWT string) (jwt.MapClaims, error)
- type ExpandedClaims
Constants ¶
const ( AudienceKey = "aud" ExpiresAtKey = "exp" FirstNameKey = "firstName" FullNameKey = "fullName" IDKey = "jti" IssuedAtKey = "iat" IssuerKey = "iss" LevelKey = "level" NotBeforeKey = "nbf" SubjectKey = "sub" UserTypeKey = "userType" )
Use these const values to populate your own custom claim values
Variables ¶
var ErrBadClaimsObject = errors.New("lambda_jwt_router: the provided object to extract claims into is not compatible with the default claim set and its types")
var ErrInvalidJWT = errors.New("lambda_jwt_router: the provided JWT is invalid")
var ErrInvalidToken = errors.New("lambda_jwt_router: the provided jwt was unable to be parsed into a token")
var ErrInvalidTokenClaims = errors.New("lambda_jwt_router: the provided jwt was unable to be parsed for map claims")
var ErrNoAuthorizationHeader = errors.New("no Authorization header value set")
var ErrNoBearerPrefix = errors.New("missing 'Bearer ' prefix for Authorization header value")
var ErrUnableToSignToken = errors.New("lambda_jwt_router: the provided claims were unable to be signed")
var ErrUnsupportedSigningMethod = errors.New("lambda_jwt_router:the provided signing method is unsupported. HMAC only allowed")
var ErrVerifyJWT = errors.New("unable to verify JWT to retrieve claims. try logging in again to ensure it is not expired")
Functions ¶
func AllowOptionsMW ¶
func AllowOptionsMW(next lambda_router.Handler) lambda_router.Handler
AllowOptionsMW is a helper middleware function that will immediately return a successful request if the method is OPTIONS. This makes sure that HTTP OPTIONS calls for CORS functionality are supported.
func DecodeAndInjectExpandedClaims ¶
func DecodeAndInjectExpandedClaims(next lambda_router.Handler) lambda_router.Handler
DecodeAndInjectExpandedClaims attempts to parse a Json Web Token from the request's "Authorization" header. If the Authorization header is missing, or does not contain a valid Json Web Token (JWT) then an error message and appropriate HTTP status code will be returned. If the JWT is correctly set and contains an instance of ExpandedClaims then the values from that standard claim will be added to the context object for others to use during their processing.
func DecodeAndInjectStandardClaims ¶
func DecodeAndInjectStandardClaims(next lambda_router.Handler) lambda_router.Handler
DecodeAndInjectStandardClaims attempts to parse a Json Web Token from the request's "Authorization" header. If the Authorization header is missing, or does not contain a valid Json Web Token (JWT) then an error message and appropriate HTTP status code will be returned. If the JWT is correctly set and contains a StandardClaim then the values from that standard claim will be added to the context object for others to use during their processing.
func ExtendExpandedClaims ¶
func ExtendExpandedClaims(claims ExpandedClaims) jwt.MapClaims
ExtendExpandedClaims returns an instance of jwt.MapClaims which you can freely extend with your own custom fields. It uses ExpandedClaims as the base struct to start with.
func ExtendStandardClaims ¶
func ExtendStandardClaims(claims jwt.StandardClaims) jwt.MapClaims
ExtendStandardClaims returns an instance of jwt.MapClaims which you can freely extend with your own custom fields. It uses jwt.StandardClaims as the base struct to start with.
func ExtractCustomClaims ¶
ExtractCustomClaims takes in a claims map that is used to create JWTs and returns a generic interface value that you can use to convert
func ExtractJWT ¶
ExtractJWT will attempt to extract the JWT value and retrieve the map claims from an events.APIGatewayProxyRequest object. If there is an error that will be returned along with an appropriate HTTP status code as an integer. If everything goes right then error will be nil and the int will be http.StatusOK
func ExtractStandardClaims ¶
func ExtractStandardClaims(mapClaims jwt.MapClaims, standardClaims *jwt.StandardClaims) error
ExtractStandardClaims takes in the claims map that is used to create JWTs and returns the standard 7 values expected in all json web tokens
func LogRequestMW ¶
func LogRequestMW(next lambda_router.Handler) lambda_router.Handler
LogRequestMW is a standard middleware function that will log every incoming events.APIGatewayProxyRequest request and the pertinent information in it.
Types ¶
type ExpandedClaims ¶
type ExpandedClaims struct {
Audience string `json:"aud"`
ExpiresAt int64 `json:"exp"`
FirstName string `json:"firstName"`
FullName string `json:"fullName"`
ID string `json:"jti"`
IssuedAt int64 `json:"iat"`
Issuer string `json:"iss"`
Level string `json:"level"`
NotBefore int64 `json:"nbf"`
Subject string `json:"sub"`
UserType string `json:"userType"`
}
Source Files