jwtclaims

package

v0.0.0-...-93fed14 Latest Latest Go to latest Published: Jan 5, 2024 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/FlintyLemming/netbird

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AuthorizationClaims
type ClaimsExtractor
- func NewClaimsExtractor(options ...ClaimsExtractorOption) *ClaimsExtractor
- func (c *ClaimsExtractor) FromToken(token *jwt.Token) AuthorizationClaims
type ClaimsExtractorOption
type ExtractClaims
type JSONWebKey
type JWTValidator
- func NewJWTValidator(issuer string, audienceList []string, keysLocation string, ...) (*JWTValidator, error)
- func (m *JWTValidator) ValidateAndParse(token string) (*jwt.Token, error)
type Jwks
type Options

Constants ¶

View Source

const (
	// TokenUserProperty key for the user property in the request context
	TokenUserProperty = "user"
	// AccountIDSuffix suffix for the account id claim
	AccountIDSuffix = "wt_account_id"
	// DomainIDSuffix suffix for the domain id claim
	DomainIDSuffix = "wt_account_domain"
	// DomainCategorySuffix suffix for the domain category claim
	DomainCategorySuffix = "wt_account_domain_category"
	// UserIDClaim claim for the user id
	UserIDClaim = "sub"
	// LastLoginSuffix claim for the last login
	LastLoginSuffix = "nb_last_login"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthorizationClaims ¶

type AuthorizationClaims struct {
	UserId         string
	AccountId      string
	Domain         string
	DomainCategory string
	LastLogin      time.Time

	Raw jwt.MapClaims
}

AuthorizationClaims stores authorization information from JWTs

type ClaimsExtractor ¶

type ClaimsExtractor struct {
	FromRequestContext ExtractClaims
	// contains filtered or unexported fields
}

ClaimsExtractor struct that holds the extract function

func NewClaimsExtractor ¶

func NewClaimsExtractor(options ...ClaimsExtractorOption) *ClaimsExtractor

NewClaimsExtractor returns an extractor, and if provided with a function with ExtractClaims signature, then it will use that logic. Uses ExtractClaimsFromRequestContext by default

func (*ClaimsExtractor) FromToken ¶

func (c *ClaimsExtractor) FromToken(token *jwt.Token) AuthorizationClaims

FromToken extracts claims from the token (after auth)

type ClaimsExtractorOption ¶

type ClaimsExtractorOption func(*ClaimsExtractor)

ClaimsExtractorOption is a function that configures the ClaimsExtractor

func WithAudience ¶

func WithAudience(audience string) ClaimsExtractorOption

WithAudience sets the audience for the extractor

func WithFromRequestContext ¶

func WithFromRequestContext(ec ExtractClaims) ClaimsExtractorOption

WithFromRequestContext sets the function that extracts claims from the request context

func WithUserIDClaim ¶

func WithUserIDClaim(userIDClaim string) ClaimsExtractorOption

WithUserIDClaim sets the user id claim for the extractor

type ExtractClaims ¶

type ExtractClaims func(r *http.Request) AuthorizationClaims

ExtractClaims Extract function type

type JSONWebKey ¶

type JSONWebKey struct {
	Kty string   `json:"kty"`
	Kid string   `json:"kid"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	X5c []string `json:"x5c"`
}

JSONWebKey is a representation of a Jason Web Key

type JWTValidator ¶

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator struct to handle token validation and parsing

func NewJWTValidator ¶

func NewJWTValidator(issuer string, audienceList []string, keysLocation string, idpSignkeyRefreshEnabled bool) (*JWTValidator, error)

NewJWTValidator constructor

func (*JWTValidator) ValidateAndParse ¶

func (m *JWTValidator) ValidateAndParse(token string) (*jwt.Token, error)

ValidateAndParse validates the token and returns the parsed token

type Jwks ¶

type Jwks struct {
	Keys []JSONWebKey `json:"keys"`
	// contains filtered or unexported fields
}

Jwks is a collection of JSONWebKey obtained from Config.HttpServerConfig.AuthKeysLocation

type Options ¶

type Options struct {
	// The function that will return the Key to validate the JWT.
	// It can be either a shared secret or a public key.
	// Default value: nil
	ValidationKeyGetter jwt.Keyfunc
	// The name of the property in the request where the user information
	// from the JWT will be stored.
	// Default value: "user"
	UserProperty string
	// The function that will be called when there's an error validating the token
	// Default value:
	CredentialsOptional bool
	// A function that extracts the token from the request
	// Default: FromAuthHeader (i.e., from Authorization header as bearer token)
	Debug bool
	// When set, all requests with the OPTIONS method will use authentication
	// Default: false
	EnableAuthOnOptions bool
	// When set, the middelware verifies that tokens are signed with the specific signing algorithm
	// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
	// Important to avoid security issues described here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
	// Default: nil
	SigningMethod jwt.SigningMethod
}

Options is a struct for specifying configuration options for the middleware.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL