Documentation
¶
Index ¶
- Variables
- func AvailableJWTTokensAlgs() []string
- func JwtChangeAlgToNone(token string) (string, error)
- func JwtGenerate(alg string, claims any, typ string, key []byte) (string, error)
- func JwtGenerateEx(alg string, header, claims any, typ string, key []byte) (string, error)
- type AuthHackJWTSigningNone
- type OMapClaims
- func (m *OMapClaims) MarshalJSON() ([]byte, error)
- func (m *OMapClaims) ToMap() map[string]any
- func (m *OMapClaims) ToOrderedMap() *orderedmap.OrderedMap
- func (m *OMapClaims) UnmarshalJSON(data []byte) error
- func (m *OMapClaims) Valid() error
- func (m *OMapClaims) VerifyAudience(cmp string, req bool) bool
- func (m *OMapClaims) VerifyExpiresAt(cmp int64, req bool) bool
- func (m *OMapClaims) VerifyIssuedAt(cmp int64, req bool) bool
- func (m *OMapClaims) VerifyIssuer(cmp string, req bool) bool
- func (m *OMapClaims) VerifyNotBefore(cmp int64, req bool) bool
- type Token
Constants ¶
This section is empty.
Variables ¶
var ( ErrKeyNotFound = utils.Errorf("key not found") JwtAlgs = []jwt.SigningMethod{ jwt.SigningMethodES384, jwt.SigningMethodES256, jwt.SigningMethodES512, jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512, jwt.SigningMethodPS256, jwt.SigningMethodPS384, jwt.SigningMethodPS512, jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512, &AuthHackJWTSigningNone{}, } WeakJWTTokenKeys = utils.ParseStringToLines(jwtWeakkeyRaw) )
var JWTExports = map[string]interface{}{ "ALG_NONE": "None", "ALG_ES256": "ES256", "ALG_ES384": "ES384", "ALG_ES512": "ES512", "ALG_HS256": "HS256", "ALG_HS384": "HS384", "ALG_HS512": "HS512", "ALG_RS256": "RS256", "ALG_RS384": "RS384", "ALG_RS512": "RS512", "ALG_PS256": "PS256", "ALG_PS384": "PS384", "ALG_PS512": "PS512", "Parse": JwtParse, "JWTGenerate": func(alg string, i any, key []byte) (string, error) { return JwtGenerate(alg, i, "JWT", key) }, "JWTGenerateEx": func(alg string, extraHeader, claims any, key []byte) (string, error) { return JwtGenerateEx(alg, extraHeader, claims, "JWT", key) }, "JWSGenerate": func(alg string, claims any, key []byte) (string, error) { return JwtGenerate(alg, claims, "JWS", key) }, "JWSGenerateEx": func(alg string, extraHeader, claims any, key []byte) (string, error) { return JwtGenerateEx(alg, extraHeader, claims, "JWS", key) }, "RemoveAlg": JwtChangeAlgToNone, "AllAlgs": AvailableJWTTokensAlgs, "CommonWeakJWTKeys": WeakJWTTokenKeys, }
Functions ¶
func AvailableJWTTokensAlgs ¶
func AvailableJWTTokensAlgs() []string
func JwtChangeAlgToNone ¶
Types ¶
type AuthHackJWTSigningNone ¶
type AuthHackJWTSigningNone struct{}
Implements the none signing method. This is required by the spec but you probably should never use it.
func (*AuthHackJWTSigningNone) Alg ¶
func (m *AuthHackJWTSigningNone) Alg() string
func (*AuthHackJWTSigningNone) Sign ¶
func (m *AuthHackJWTSigningNone) Sign(signingString string, key interface{}) (string, error)
Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
func (*AuthHackJWTSigningNone) Verify ¶
func (m *AuthHackJWTSigningNone) Verify(signingString, signature string, key interface{}) (err error)
Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
type OMapClaims ¶
type OMapClaims orderedmap.OrderedMap
func NewOMapClaims ¶
func NewOMapClaims() *OMapClaims
func NewOMapClaimsFromOrderedMap ¶
func NewOMapClaimsFromOrderedMap(m *orderedmap.OrderedMap) *OMapClaims
func (*OMapClaims) MarshalJSON ¶
func (m *OMapClaims) MarshalJSON() ([]byte, error)
func (*OMapClaims) ToMap ¶
func (m *OMapClaims) ToMap() map[string]any
func (*OMapClaims) ToOrderedMap ¶
func (m *OMapClaims) ToOrderedMap() *orderedmap.OrderedMap
func (*OMapClaims) UnmarshalJSON ¶
func (m *OMapClaims) UnmarshalJSON(data []byte) error
func (*OMapClaims) Valid ¶
func (m *OMapClaims) Valid() error
Validates time based claims "exp, iat, nbf". There is no accounting for clock skew. As well, if any of the above claims are not in the token, it will still be considered a valid claim.
func (*OMapClaims) VerifyAudience ¶
func (m *OMapClaims) VerifyAudience(cmp string, req bool) bool
Compares the aud claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*OMapClaims) VerifyExpiresAt ¶
func (m *OMapClaims) VerifyExpiresAt(cmp int64, req bool) bool
Compares the exp claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*OMapClaims) VerifyIssuedAt ¶
func (m *OMapClaims) VerifyIssuedAt(cmp int64, req bool) bool
Compares the iat claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*OMapClaims) VerifyIssuer ¶
func (m *OMapClaims) VerifyIssuer(cmp string, req bool) bool
Compares the iss claim against cmp. If required is false, this method will return true if the value matches or is unset
func (*OMapClaims) VerifyNotBefore ¶
func (m *OMapClaims) VerifyNotBefore(cmp int64, req bool) bool
Compares the nbf claim against cmp. If required is false, this method will return true if the value matches or is unset
type Token ¶
type Token struct {
Raw string // The raw token. Populated when you Parse a token
Method jwt.SigningMethod // The signing method used or to be used
Header *orderedmap.OrderedMap // The first segment of the token
Claims jwt.Claims // The second segment of the token
Signature string // The third segment of the token. Populated when you Parse a token
Valid bool // Is the token valid? Populated when you Parse/Verify a token
}
func NewJWTHelper ¶
func NewTokenFromJwtToken ¶
func NewTokenFromJwtToken(old *jwt.Token) *Token
func (*Token) SignedString ¶
Get the complete, signed token
func (*Token) SigningString ¶
Generate the signing string. This is the most expensive part of the whole deal. Unless you need this for something special, just go straight for the SignedString.
Source Files