README
¶
Documentation
¶
Index ¶
- Variables
- func CheckCrit(data json.RawMessage, crit []string) error
- func DecodeToken[R any](source string, decoder TokenDecoder[R]) (R, error)
- func NewBasicClaims(payload any, config ClaimsProducerConfig) (*jwa.Claims, error)
- type ClaimsProducerConfig
- type DefaultRecipientPlugin
- type EncryptedToken
- type EncryptedTokenDecoder
- type HeaderDecoder
- type HeaderProducer
- type HeaderProducerConfig
- type Producer
- type ProducerConfig
- type ProducerPlugin
- type ProducerStaticPlugin
- type RawToken
- type RawTokenDecoder
- type Recipient
- type RecipientConfig
- type RecipientPlugin
- type SignedToken
- type SignedTokenDecoder
- type TargetConfig
- type TokenDecoder
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrConflictingHeader = errors.New("conflicting header") ErrInvalidSecretKey = errors.New("invalid secret key") )
View Source
var ErrMismatchRecipientPlugin = errors.New("mismatch recipient plugin")
View Source
var ErrMissingCritHeader = errors.New("missing crit header value")
View Source
var ErrUnsupportedTokenFormat = errors.New("unsupported token format")
Functions ¶
func DecodeToken ¶
func DecodeToken[R any](source string, decoder TokenDecoder[R]) (R, error)
func NewBasicClaims ¶
func NewBasicClaims(payload any, config ClaimsProducerConfig) (*jwa.Claims, error)
NewBasicClaims creates a new encoded claims object for a JSON Web Token. It uses the standardized claims format to wrap the user-provided payload.
Types ¶
type ClaimsProducerConfig ¶
type ClaimsProducerConfig struct {
TargetConfig
// TTL is the time to live of the token. If set to 0, the token will never expire.
TTL time.Duration
}
ClaimsProducerConfig is a configuration struct used to issue standardized claims.
type DefaultRecipientPlugin ¶
type DefaultRecipientPlugin struct{}
func NewDefaultRecipientPlugin ¶
func NewDefaultRecipientPlugin() *DefaultRecipientPlugin
type EncryptedToken ¶
func (EncryptedToken) Bytes ¶
func (token EncryptedToken) Bytes() []byte
func (EncryptedToken) String ¶
func (token EncryptedToken) String() string
type EncryptedTokenDecoder ¶
type EncryptedTokenDecoder struct{}
func (*EncryptedTokenDecoder) Decode ¶
func (decoder *EncryptedTokenDecoder) Decode(source string) (*EncryptedToken, error)
type HeaderDecoder ¶
type HeaderDecoder struct{}
type HeaderProducer ¶
type HeaderProducer struct {
// contains filtered or unexported fields
}
func NewHeaderProducer ¶
func NewHeaderProducer(config HeaderProducerConfig) *HeaderProducer
type HeaderProducerConfig ¶
type Producer ¶
type Producer struct {
// contains filtered or unexported fields
}
func NewProducer ¶
func NewProducer(config ProducerConfig) *Producer
type ProducerConfig ¶
type ProducerConfig struct {
Header HeaderProducerConfig
// Sorted list of operations to perform on the token.
Plugins []ProducerPlugin
// StaticPlugins to apply to the token. Those are executed BEFORE the regular operations.
StaticPlugins []ProducerStaticPlugin
}
type ProducerPlugin ¶
type ProducerPlugin interface {
Header(ctx context.Context, header *jwa.JWH) (modifiedHeader *jwa.JWH, err error)
Transform(ctx context.Context, header *jwa.JWH, token string) (modifiedToken string, err error)
}
ProducerPlugin is an operation performed on a token to transform it.
Each JWT operation MUST do 2 things:
- Describe itself in the header
- Perform a transformation on the final token
While this interface is generic, some operations might be exclusive, or require a certain order. If that happens, an operation may fail with the ErrUnsupportedTokenFormat error.
type ProducerStaticPlugin ¶
type ProducerStaticPlugin interface {
Header(ctx context.Context, header *jwa.JWH) (modifiedHeader *jwa.JWH, err error)
}
ProducerStaticPlugin is much like an ProducerPlugin that does not perform any transformation on the token.
Such operations usually produce intermediate values that can be used as an input to a regular operation, such as key derivation.
type RawTokenDecoder ¶
type RawTokenDecoder struct{}
type Recipient ¶
type Recipient struct {
// contains filtered or unexported fields
}
func NewRecipient ¶
func NewRecipient(config RecipientConfig) *Recipient
type RecipientConfig ¶
type RecipientConfig struct {
// Sorted list of operations to perform on the token.
Plugins []RecipientPlugin
// Set a custom deserializer to decode the token's payload. Uses json.Unmarshal by default.
Deserializer func(raw []byte, dst any) error
}
type RecipientPlugin ¶
type SignedToken ¶
func (SignedToken) Bytes ¶
func (token SignedToken) Bytes() []byte
func (SignedToken) String ¶
func (token SignedToken) String() string
type SignedTokenDecoder ¶
type SignedTokenDecoder struct{}
func (*SignedTokenDecoder) Decode ¶
func (decoder *SignedTokenDecoder) Decode(source string) (*SignedToken, error)
type TargetConfig ¶
type TargetConfig struct {
// Issuer of the token. The receiving side MUST filter only tokens that come from trusted producers.
Issuer string
// Audience of the token. The receiving side MUST filter only tokens that are intended for them.
Audience string
// Subject of the token. The receiving side MUST filter only tokens that are intended for the given subject.
Subject string
}
TargetConfig sets the target of a given set of claims. Target information prevents the token from being misused.
type TokenDecoder ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.