authn

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package authn implements a JWT token factory and verifier.

Index

Constants

View Source 
const (
	MaxClockSkew = 2 * time.Minute
)

Variables

View Source 
var (
	ErrWrongKeyFormat = errors.New("wrong key type")
	ErrBadSignature   = errors.New("bad signature")
	ErrVerification   = errors.New("signature verification failed")
)
View Source 
var MinCompatibleVersion = semver.MustParse("1.1.0")

MinCompatibleVersion is the minimum peer version this node will accept connections from. Update this constant when introducing breaking wire protocol changes; do not change it for routine minor releases.

Functions

This section is empty.

Types

type ClaimValidator added in v0.2.1 

type ClaimValidator struct {
	// contains filtered or unexported fields
}

func NewClaimValidator added in v0.2.1 

func NewClaimValidator(logger *zap.Logger, serverVersion *semver.Version) (*ClaimValidator, error)

func (*ClaimValidator) ValidateVersionClaimIsCompatible added in v0.2.1 

func (cv *ClaimValidator) ValidateVersionClaimIsCompatible(claims *XmtpdClaims) (CloseFunc, error)

type CloseFunc added in v0.3.0 

type CloseFunc func()

type JWTVerifier 

type JWTVerifier interface {
	Verify(tokenString string) (uint32, CloseFunc, error)
}

type RegistryVerifier 

type RegistryVerifier struct {
	// contains filtered or unexported fields
}

func NewRegistryVerifier 

func NewRegistryVerifier(
	logger *zap.Logger,
	registry registry.NodeRegistry,
	myNodeID uint32,
	serverVersion *semver.Version,
) (*RegistryVerifier, error)

NewRegistryVerifier returns a new RegistryVerifier that connects to the NodeRegistry and verifies JWTs against the registered public keys based on the JWT's subject field.

func (*RegistryVerifier) Verify 

func (v *RegistryVerifier) Verify(tokenString string) (uint32, CloseFunc, error)

type SigningMethodSecp256k1 

type SigningMethodSecp256k1 struct{}

SigningMethodSecp256k1 is the JWT signing method for secp256k1. Inspired by https://github.com/ureeves/jwt-go-secp256k1/blob/master/secp256k1.go but updated to work with the latest serverVersion of jwt-go.

func (*SigningMethodSecp256k1) Alg 

func (sm *SigningMethodSecp256k1) Alg() string

func (*SigningMethodSecp256k1) Sign 

func (sm *SigningMethodSecp256k1) Sign(signingString string, key any) ([]byte, error)

func (*SigningMethodSecp256k1) Verify 

func (sm *SigningMethodSecp256k1) Verify(signingString string, sig []byte, key any) error

type Token 

type Token struct {
	SignedString string
	ExpiresAt    time.Time
}

func NewToken 

func NewToken(signedString string, expiresAt time.Time) *Token

type TokenFactory 

type TokenFactory struct {
	// contains filtered or unexported fields
}

func NewTokenFactory 

func NewTokenFactory(
	privateKey *ecdsa.PrivateKey,
	nodeID uint32,
	serverVersion *semver.Version,
) TokenFactory

func (*TokenFactory) CreateToken 

func (f *TokenFactory) CreateToken(forNodeID uint32) (*Token, error)

type XmtpdClaims added in v0.2.0 

type XmtpdClaims struct {
	Version *semver.Version `json:"version,omitempty"`
	jwt.RegisteredClaims
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.