jwt

package
v1.0.10021 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 3, 2025 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Defines the list of headers that are registered in the IANA "JSON Web Token Headers" registry
	RegisteredHeadersType       = "typ"
	RegisteredHeadersAlgorithm  = "alg"
	RegisteredHeadersEncryption = "enc"

	// Defines the list of claims that are registered in the IANA "JSON Web Token Claims" registry
	RegisteredClaimsAudience       = "aud"
	RegisteredClaimsExpirationTime = "exp"
	RegisteredClaimsID             = "jti"
	RegisteredClaimsIssuedAt       = "iat"
	RegisteredClaimsIssuer         = "iss"
	RegisteredClaimsNotBefore      = "nbf"
	RegisteredClaimsSubject        = "sub"
)
View Source 
const MaxModulusLen = 512
View Source 
const Version = "1.0.10021"

Variables

View Source 
var (
	ErrVerifyKeyTooShort     = errors.New("go-jwt: SignBlake2b key too short")
	ErrSignBlake2bVerifyFail = errors.New("go-jwt: SignBlake2b Verify fail")
)
View Source 
var (
	SigningES256 = NewSignECDSA(crypto.SHA256, 32, "ES256")
	SigningES384 = NewSignECDSA(crypto.SHA384, 48, "ES384")
	SigningES512 = NewSignECDSA(crypto.SHA512, 66, "ES512")
)
View Source 
var (
	ErrSignECDSASignLengthInvalid = errors.New("go-jwt: sign length error")
	ErrSignECDSAVerifyFail        = errors.New("go-jwt: SignECDSA Verify fail")
)
View Source 
var (
	ErrNotECPublicKey  = errors.New("go-jwt: key is not a valid ECDSA public key")
	ErrNotECPrivateKey = errors.New("go-jwt: key is not a valid ECDSA private key")
)
View Source 
var (
	SigningEdDSA   = NewSignEdDSA("EdDSA")
	SigningED25519 = NewSignEdDSA("ED25519")
)
View Source 
var (
	ErrSignEdDSASignLengthInvalid = errors.New("go-jwt: sign length error")
	ErrSignEdDSAVerifyFail        = errors.New("go-jwt: SignEdDSA Verify fail")
)
View Source 
var (
	ErrNotEdPrivateKey = errors.New("go-jwt: key is not a valid Ed25519 private key")
	ErrNotEdPublicKey  = errors.New("go-jwt: key is not a valid Ed25519 public key")
)
View Source 
var (
	SigningHMD5  = NewSignHmac(md5.New, "HMD5")
	SigningHSHA1 = NewSignHmac(sha1.New, "HSHA1")
	SigningHS224 = NewSignHmac(sha256.New224, "HS224")
	SigningHS256 = NewSignHmac(sha256.New, "HS256")
	SigningHS384 = NewSignHmac(sha512.New384, "HS384")
	SigningHS512 = NewSignHmac(sha512.New, "HS512")
)
View Source 
var (
	// Hmac
	SigningMethodHMD5  = NewJWT[[]byte, []byte](SigningHMD5, JWTEncoder)
	SigningMethodHSHA1 = NewJWT[[]byte, []byte](SigningHSHA1, JWTEncoder)
	SigningMethodHS224 = NewJWT[[]byte, []byte](SigningHS224, JWTEncoder)
	SigningMethodHS256 = NewJWT[[]byte, []byte](SigningHS256, JWTEncoder)
	SigningMethodHS384 = NewJWT[[]byte, []byte](SigningHS384, JWTEncoder)
	SigningMethodHS512 = NewJWT[[]byte, []byte](SigningHS512, JWTEncoder)

	// RSA
	SigningMethodRS256 = NewJWT[*rsa.PrivateKey, *rsa.PublicKey](SigningRS256, JWTEncoder)
	SigningMethodRS384 = NewJWT[*rsa.PrivateKey, *rsa.PublicKey](SigningRS384, JWTEncoder)
	SigningMethodRS512 = NewJWT[*rsa.PrivateKey, *rsa.PublicKey](SigningRS512, JWTEncoder)

	// RSA-PSS
	SigningMethodPS256 = NewJWT[*rsa.PrivateKey, *rsa.PublicKey](SigningPS256, JWTEncoder)
	SigningMethodPS384 = NewJWT[*rsa.PrivateKey, *rsa.PublicKey](SigningPS384, JWTEncoder)
	SigningMethodPS512 = NewJWT[*rsa.PrivateKey, *rsa.PublicKey](SigningPS512, JWTEncoder)

	// ECDSA
	SigningMethodES256 = NewJWT[*ecdsa.PrivateKey, *ecdsa.PublicKey](SigningES256, JWTEncoder)
	SigningMethodES384 = NewJWT[*ecdsa.PrivateKey, *ecdsa.PublicKey](SigningES384, JWTEncoder)
	SigningMethodES512 = NewJWT[*ecdsa.PrivateKey, *ecdsa.PublicKey](SigningES512, JWTEncoder)

	// EdDSA
	SigningMethodEdDSA   = NewJWT[ed25519.PrivateKey, ed25519.PublicKey](SigningEdDSA, JWTEncoder)
	SigningMethodED25519 = NewJWT[ed25519.PrivateKey, ed25519.PublicKey](SigningED25519, JWTEncoder)

	// Blake2b
	SigningMethodBLAKE2B = NewJWT[[]byte, []byte](SigningBLAKE2B, JWTEncoder)

	// None
	SigningMethodNone = NewJWT[[]byte, []byte](SigningNone, JWTEncoder)
)
View Source 
var (
	ErrJWTInvalidType           = errors.New("go-jwt: invalid type for claim")
	ErrJWTSignerInvalid         = errors.New("go-jwt: Signer invalid")
	ErrJWTEncoderInvalid        = errors.New("go-jwt: Encoder invalid")
	ErrJWTTokenInvalid          = errors.New("go-jwt: Token invalid")
	ErrJWTTypeInvalid           = errors.New("go-jwt: Type invalid")
	ErrJWTAlgoInvalid           = errors.New("go-jwt: Algo invalid")
	ErrJWTTokenSignatureInvalid = errors.New("go-jwt: token signature is invalid")
	ErrJWTMethodExists          = errors.New("go-jwt: Method not exists")
	ErrJWTMethodInvalid         = errors.New("go-jwt: Method invalid")
	ErrJWTVerifyFail            = errors.New("go-jwt: Verify fail")
)
View Source 
var (
	SigningRS256 = NewSignRSA(crypto.SHA256, "RS256")
	SigningRS384 = NewSignRSA(crypto.SHA384, "RS384")
	SigningRS512 = NewSignRSA(crypto.SHA512, "RS512")
)
View Source 
var (
	SigningPS256 = NewSignRSAPSS(crypto.SHA256, &rsa.PSSOptions{
		SaltLength: rsa.PSSSaltLengthEqualsHash,
	}, &rsa.PSSOptions{
		SaltLength: rsa.PSSSaltLengthAuto,
	}, "PS256")

	SigningPS384 = NewSignRSAPSS(crypto.SHA384, &rsa.PSSOptions{
		SaltLength: rsa.PSSSaltLengthEqualsHash,
	}, &rsa.PSSOptions{
		SaltLength: rsa.PSSSaltLengthAuto,
	}, "PS384")

	SigningPS512 = NewSignRSAPSS(crypto.SHA512, &rsa.PSSOptions{
		SaltLength: rsa.PSSSaltLengthEqualsHash,
	}, &rsa.PSSOptions{
		SaltLength: rsa.PSSSaltLengthAuto,
	}, "PS512")
)
View Source 
var (
	ErrNotRSAPrivateKey = errors.New("go-jwt: key is not a valid RSA private key")
	ErrNotRSAPublicKey  = errors.New("go-jwt: key is not a valid RSA public key")
)
View Source 
var ErrPEMInvalid = errors.New("go-jwt: PEM parse invalid")
View Source 
var ErrSignHmacVerifyFail = errors.New("go-jwt: SignHmac Verify fail")
View Source 
var ErrSignNoneSignatureInvalid = errors.New("go-jwt: SignNone verify signature not empty")
View Source 
var JWTEncoder = encoder.NewJoseEncoder()

jwt default encoder

View Source 
var JWTParserOption = ParserOption{
	Encoder: JWTEncoder,
}

default ParserOption

View Source 
var JWTStrictEncoder = encoder.NewJoseEncoder(encoder.WithStrictDecoding())

jwt encoder for strict decoding

View Source 
var (
	SigningBLAKE2B = NewSignBlake2b(blake2b.New256, "BLAKE2B")
)
View Source 
var (
	SigningNone = NewSignNone("none")
)
View Source 
var TimePrecision = time.Second

TimePrecision sets the precision of times and dates within this library.

Functions

func GetSigningMethod added in v1.0.10007 

func GetSigningMethod(alg string) (method any)

GetSigningMethod retrieves a signing method from an "alg" string

func GetSigningMethodAlgs added in v1.0.10007 

func GetSigningMethodAlgs() (algs []string)

GetSigningMethodAlgs returns a list of registered "alg" names

func NewError added in v1.0.10015 

func NewError(message string, err error, more ...error) error

NewError creates a new error message with a detailed error message.

func ParseECPrivateKeyFromDer 

func ParseECPrivateKeyFromDer(der []byte) (*ecdsa.PrivateKey, error)

ParseECPrivateKeyFromDer parses a PEM encoded Elliptic Curve Private Key Structure

func ParseECPublicKeyFromDer 

func ParseECPublicKeyFromDer(der []byte) (*ecdsa.PublicKey, error)

ParseECPublicKeyFromDer parses a PEM encoded PKCS1 or PKCS8 public key

func ParseEdPrivateKeyFromDer 

func ParseEdPrivateKeyFromDer(der []byte) (ed25519.PrivateKey, error)

ParseEdPrivateKeyFromDer parses a PEM-encoded Edwards curve private key

func ParseEdPublicKeyFromDer 

func ParseEdPublicKeyFromDer(der []byte) (ed25519.PublicKey, error)

ParseEdPublicKeyFromDer parses a PEM-encoded Edwards curve public key

func ParsePEM 

func ParsePEM(data []byte) ([]byte, error)

parse PEM string and return der bytes

func ParseRSAPrivateKeyFromDer 

func ParseRSAPrivateKeyFromDer(der []byte) (*rsa.PrivateKey, error)

ParseRSAPrivateKeyFromDer parses a PEM encoded PKCS1 or PKCS8 private key

func ParseRSAPublicKeyFromDer 

func ParseRSAPublicKeyFromDer(der []byte) (*rsa.PublicKey, error)

ParseRSAPublicKeyFromDer parses a PEM encoded PKCS1 or PKCS8 public key

func RegisterSigningMethod added in v1.0.10007 

func RegisterSigningMethod(alg string, f func() any)

RegisterSigningMethod registers the "alg" name and a factory function for signing method.

Types

type Builder added in v1.0.10011 

type Builder[S any] struct {
	// contains filtered or unexported fields
}

This class makes easier the token creation process

func NewBuilder added in v1.0.10011 

func NewBuilder[S any](signer ISigning[S], encoder IEncoder) *Builder[S]

func (*Builder[S]) CanOnlyBeUsedAfter added in v1.0.10011 

func (b *Builder[S]) CanOnlyBeUsedAfter(notBefore *NumericDate) *Builder[S]

Configures the time before which the token cannot be accepted

func (*Builder[S]) ExpiresAt added in v1.0.10011 

func (b *Builder[S]) ExpiresAt(expiration *NumericDate) *Builder[S]

Configures the expiration time, expirTime

func (*Builder[S]) GetToken added in v1.0.10011 

func (b *Builder[S]) GetToken(key S) (*Token, error)

Returns the resultant token

func (*Builder[S]) HeaderAlgo added in v1.0.10011 

func (b *Builder[S]) HeaderAlgo(value any) *Builder[S]

Configures the header algorithm

func (*Builder[S]) HeaderType added in v1.0.10011 

func (b *Builder[S]) HeaderType(value any) *Builder[S]

Configures the header type

func (*Builder[S]) IdentifiedBy added in v1.0.10011 

func (b *Builder[S]) IdentifiedBy(id string) *Builder[S]

Configures the token id JwtId

func (*Builder[S]) IssuedAt added in v1.0.10011 

func (b *Builder[S]) IssuedAt(issuedAt *NumericDate) *Builder[S]

Configures the time that the token was issued

func (*Builder[S]) IssuedBy added in v1.0.10011 

func (b *Builder[S]) IssuedBy(issuer string) *Builder[S]

Configures the issuer

func (*Builder[S]) PermittedFor added in v1.0.10011 

func (b *Builder[S]) PermittedFor(audiences ClaimStrings) *Builder[S]

Configures the audience

func (*Builder[S]) RelatedTo added in v1.0.10011 

func (b *Builder[S]) RelatedTo(subject string) *Builder[S]

Configures the subject

func (*Builder[S]) WithClaim added in v1.0.10011 

func (b *Builder[S]) WithClaim(name string, value any) *Builder[S]

Configures a claim item

func (*Builder[S]) WithHeader added in v1.0.10011 

func (b *Builder[S]) WithHeader(name string, value any) *Builder[S]

Configures a header item

type ClaimStrings added in v1.0.10008 

type ClaimStrings struct {
	Value    []string
	AsString bool
}

ClaimStrings is basically just a slice of strings, but it can be either serialized from a string array or just a string. This type is necessary, since the "aud" claim can either be a single string or an array.

func NewClaimSingleString added in v1.0.10010 

func NewClaimSingleString(val string) ClaimStrings

NewClaimSingleString constructs a new ClaimStrings.

func NewClaimStringArray added in v1.0.10010 

func NewClaimStringArray(val []string) ClaimStrings

NewClaimStringArray constructs a new ClaimStrings.

func NewClaimStrings added in v1.0.10010 

func NewClaimStrings(val []string, asString bool) ClaimStrings

NewClaimStrings constructs a new ClaimStrings.

func (ClaimStrings) MarshalJSON added in v1.0.10008 

func (s ClaimStrings) MarshalJSON() (b []byte, err error)

func (*ClaimStrings) UnmarshalJSON added in v1.0.10008 

func (s *ClaimStrings) UnmarshalJSON(data []byte) (err error)

type Claims added in v1.0.10008 

type Claims interface {
	GetExpirationTime() (*NumericDate, error)
	GetIssuedAt() (*NumericDate, error)
	GetNotBefore() (*NumericDate, error)
	GetIssuer() (string, error)
	GetSubject() (string, error)
	GetAudience() (ClaimStrings, error)
}

Claims represent any form of a JWT Claims Set according to https://datatracker.ietf.org/doc/html/rfc7519#section-4. In order to have a common basis for validation, it is required that an implementation is able to supply at least the claim names provided in https://datatracker.ietf.org/doc/html/rfc7519#section-4.1 namely `exp`, `iat`, `nbf`, `iss`, `sub` and `aud`.

type IEncoder 

type IEncoder interface {
	// Base64URL Encode function
	Base64URLEncode(data []byte) (string, error)

	// Base64URL Decode function
	Base64URLDecode(data string) ([]byte, error)

	// JSON Encode function
	JSONEncode(data any) ([]byte, error)

	// JSON Decode function
	JSONDecode(data []byte, dst any) error
}

jwt encoder driver interface

type ISignAlgo added in v1.0.10019 

type ISignAlgo interface {
	// algo name
	Alg() string

	// sign length
	SignLength() int
}

jwt sing algo interface

type ISigner 

type ISigner[S any, V any] interface {
	ISignAlgo

	// sign function
	Sign(msg []byte, signKey S) ([]byte, error)

	// verify function
	Verify(msg []byte, signature []byte, verifyKey V) (bool, error)
}

jwt singer driver interface

type ISigning added in v1.0.10019 

type ISigning[S any] interface {
	ISignAlgo

	// sign function
	Sign(msg []byte, signKey S) ([]byte, error)
}

jwt singing driver interface

type IVerifying added in v1.0.10019 

type IVerifying[V any] interface {
	ISignAlgo

	// verify function
	Verify(msg []byte, signature []byte, verifyKey V) (bool, error)
}

jwt verifying driver interface

type JWT 

type JWT[S any, V any] struct {
	// contains filtered or unexported fields
}

func NewJWT 

func NewJWT[S any, V any](signer ISigner[S, V], encoder IEncoder) JWT[S, V]

func (*JWT[S, V]) Alg 

func (jwt *JWT[S, V]) Alg() string

Signer algo name.

func (*JWT[S, V]) Build added in v1.0.10011 

func (jwt *JWT[S, V]) Build() *Builder[S]

return a new *Builder.

func (JWT[S, V]) New 

func (jwt JWT[S, V]) New() *JWT[S, V]

return a clone JWT

func (*JWT[S, V]) Parse 

func (jwt *JWT[S, V]) Parse(tokenString string, verifyKey V) (*Token, error)

Parse parses the signature and returns the parsed token.

func (*JWT[S, V]) Sign 

func (jwt *JWT[S, V]) Sign(claims any, signKey S) (string, error)

Sign implements token signing for the Signer.

func (*JWT[S, V]) SignLength 

func (jwt *JWT[S, V]) SignLength() int

Signer signed bytes length.

func (*JWT[S, V]) SignWithHeader 

func (jwt *JWT[S, V]) SignWithHeader(header any, claims any, signKey S) (string, error)

SignWithHeader implements token signing for the Signer.

func (*JWT[S, V]) WithEncoder 

func (jwt *JWT[S, V]) WithEncoder(encoder IEncoder) *JWT[S, V]

with new encoder

type MapClaims added in v1.0.10007 

type MapClaims map[string]any

MapClaims is a claims type that uses the map[string]any for JSON decoding. This is the default claims type if you don't supply one

func (MapClaims) GetAudience added in v1.0.10007 

func (m MapClaims) GetAudience() (ClaimStrings, error)

GetAudience implements the Claims interface.

func (MapClaims) GetClaimsString added in v1.0.10008 

func (m MapClaims) GetClaimsString(name string) (ClaimStrings, error)

GetClaimsString implements the Claims interface.

func (MapClaims) GetExpirationTime added in v1.0.10007 

func (m MapClaims) GetExpirationTime() (*NumericDate, error)

GetExpirationTime implements the Claims interface.

func (MapClaims) GetIssuedAt added in v1.0.10007 

func (m MapClaims) GetIssuedAt() (*NumericDate, error)

GetIssuedAt implements the Claims interface.

func (MapClaims) GetIssuer added in v1.0.10007 

func (m MapClaims) GetIssuer() (string, error)

GetIssuer implements the Claims interface.

func (MapClaims) GetNotBefore added in v1.0.10007 

func (m MapClaims) GetNotBefore() (*NumericDate, error)

GetNotBefore implements the Claims interface.

func (MapClaims) GetNumericDate added in v1.0.10007 

func (m MapClaims) GetNumericDate(name string) (*NumericDate, error)

GetNumericDate implements the Claims interface.

func (MapClaims) GetString added in v1.0.10007 

func (m MapClaims) GetString(name string) (string, error)

GetString implements the Claims interface.

func (MapClaims) GetSubject added in v1.0.10007 

func (m MapClaims) GetSubject() (string, error)

GetSubject implements the Claims interface.

type NumericDate added in v1.0.10007 

type NumericDate struct {
	time.Time
}

NumericDate represents a JSON numeric date value, as referenced at https://datatracker.ietf.org/doc/html/rfc7519#section-2.

func NewNumericDate added in v1.0.10007 

func NewNumericDate(t time.Time) *NumericDate

NewNumericDate constructs a new *NumericDate from a standard library time.Time struct.

func (NumericDate) MarshalJSON added in v1.0.10008 

func (date NumericDate) MarshalJSON() (b []byte, err error)

MarshalJSON is an implementation of the json.RawMessage interface and serializes the UNIX epoch represented in NumericDate to a byte array, using the precision specified in TimePrecision.

func (*NumericDate) UnmarshalJSON added in v1.0.10008 

func (date *NumericDate) UnmarshalJSON(b []byte) (err error)

UnmarshalJSON is an implementation of the json.RawMessage interface and deserializes a NumericDate from a JSON representation, i.e. a json.Number. This number represents an UNIX epoch with either integer or non-integer seconds.

type ParserOption added in v1.0.10013 

type ParserOption struct {
	// jwt encoder
	Encoder IEncoder

	// jwt valid methods
	ValidMethods []string
}

jwt ParserOption for Parse function

type RegisteredClaims added in v1.0.10008 

type RegisteredClaims struct {
	// the `iss` (Issuer) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1
	Issuer string `json:"iss,omitempty"`

	// the `sub` (Subject) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
	Subject string `json:"sub,omitempty"`

	// the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
	Audience ClaimStrings `json:"aud,omitempty"`

	// the `exp` (Expiration Time) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4
	ExpiresAt *NumericDate `json:"exp,omitempty"`

	// the `nbf` (Not Before) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5
	NotBefore *NumericDate `json:"nbf,omitempty"`

	// the `iat` (Issued At) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
	IssuedAt *NumericDate `json:"iat,omitempty"`

	// the `jti` (JWT ID) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7
	ID string `json:"jti,omitempty"`
}

RegisteredClaims are a structured version of the JWT Claims Set, restricted to Registered Claim Names, as referenced at https://datatracker.ietf.org/doc/html/rfc7519#section-4.1

func (RegisteredClaims) GetAudience added in v1.0.10008 

func (c RegisteredClaims) GetAudience() (ClaimStrings, error)

GetAudience implements the Claims interface.

func (RegisteredClaims) GetExpirationTime added in v1.0.10008 

func (c RegisteredClaims) GetExpirationTime() (*NumericDate, error)

GetExpirationTime implements the Claims interface.

func (RegisteredClaims) GetIssuedAt added in v1.0.10008 

func (c RegisteredClaims) GetIssuedAt() (*NumericDate, error)

GetIssuedAt implements the Claims interface.

func (RegisteredClaims) GetIssuer added in v1.0.10008 

func (c RegisteredClaims) GetIssuer() (string, error)

GetIssuer implements the Claims interface.

func (RegisteredClaims) GetNotBefore added in v1.0.10008 

func (c RegisteredClaims) GetNotBefore() (*NumericDate, error)

GetNotBefore implements the Claims interface.

func (RegisteredClaims) GetSubject added in v1.0.10008 

func (c RegisteredClaims) GetSubject() (string, error)

GetSubject implements the Claims interface.

type SignBlake2b 

type SignBlake2b struct {
	NewHash func([]byte) (hash.Hash, error)
	Name    string
}

SignBlake2b implements signing methods.

func NewSignBlake2b 

func NewSignBlake2b(newHash func([]byte) (hash.Hash, error), name string) *SignBlake2b

func (*SignBlake2b) Alg 

func (s *SignBlake2b) Alg() string

Signer algo name.

func (*SignBlake2b) Sign 

func (s *SignBlake2b) Sign(msg []byte, key []byte) ([]byte, error)

Sign implements token signing for the Signer.

func (*SignBlake2b) SignLength 

func (s *SignBlake2b) SignLength() int

Signer signed bytes length.

func (*SignBlake2b) Verify 

func (s *SignBlake2b) Verify(msg []byte, signature []byte, key []byte) (bool, error)

Verify implements token verification for the Signer.

type SignECDSA 

type SignECDSA struct {
	Name    string
	Hash    crypto.Hash
	KeySize int
}

SignECDSA implements the ECDSA family of signing methods.

func NewSignECDSA 

func NewSignECDSA(hash crypto.Hash, keySize int, name string) *SignECDSA

func (*SignECDSA) Alg 

func (s *SignECDSA) Alg() string

Signer algo name.

func (*SignECDSA) Sign 

func (s *SignECDSA) Sign(msg []byte, key *ecdsa.PrivateKey) ([]byte, error)

Sign implements token signing for the Signer.

func (*SignECDSA) SignLength 

func (s *SignECDSA) SignLength() int

Signer signed bytes length.

func (*SignECDSA) Verify 

func (s *SignECDSA) Verify(msg []byte, signature []byte, key *ecdsa.PublicKey) (bool, error)

Verify implements token verification for the Signer.

type SignEdDSA 

type SignEdDSA struct {
	Name string
}

SignEdDSA implements the EdDSA family of signing methods.

func NewSignEdDSA 

func NewSignEdDSA(name string) *SignEdDSA

func (*SignEdDSA) Alg 

func (s *SignEdDSA) Alg() string

Signer algo name.

func (*SignEdDSA) Sign 

func (s *SignEdDSA) Sign(msg []byte, key ed25519.PrivateKey) ([]byte, error)

Sign implements token signing for the Signer.

func (*SignEdDSA) SignLength 

func (s *SignEdDSA) SignLength() int

Signer signed bytes length.

func (*SignEdDSA) Verify 

func (s *SignEdDSA) Verify(msg []byte, signature []byte, key ed25519.PublicKey) (bool, error)

Verify implements token verification for the Signer.

type SignHmac 

type SignHmac struct {
	Hash func() hash.Hash
	Name string
}

SignHmac implements the Hmac family of signing methods.

func NewSignHmac 

func NewSignHmac(hash func() hash.Hash, name string) *SignHmac

func (*SignHmac) Alg 

func (s *SignHmac) Alg() string

Signer algo name.

func (*SignHmac) Sign 

func (s *SignHmac) Sign(msg []byte, key []byte) ([]byte, error)

Sign implements token signing for the Signer.

func (*SignHmac) SignLength 

func (s *SignHmac) SignLength() int

Signer signed bytes length.

func (*SignHmac) Verify 

func (s *SignHmac) Verify(msg []byte, signature []byte, key []byte) (bool, error)

Verify implements token verification for the Signer.

type SignNone 

type SignNone struct {
	Name string
}

SignNone implements signing methods.

func NewSignNone 

func NewSignNone(name string) *SignNone

func (*SignNone) Alg 

func (s *SignNone) Alg() string

Signer algo name.

func (*SignNone) Sign 

func (s *SignNone) Sign(msg []byte, key []byte) ([]byte, error)

Sign implements token signing for the Signer.

func (*SignNone) SignLength 

func (s *SignNone) SignLength() int

Signer signed bytes length.

func (*SignNone) Verify 

func (s *SignNone) Verify(msg []byte, signature []byte, key []byte) (bool, error)

Verify implements token verification for the Signer.

type SignRSA 

type SignRSA struct {
	Name string
	Hash crypto.Hash
}

SignRSA implements the RSA family of signing methods.

func NewSignRSA 

func NewSignRSA(hash crypto.Hash, name string) *SignRSA

func (*SignRSA) Alg 

func (s *SignRSA) Alg() string

Signer algo name.

func (*SignRSA) Sign 

func (s *SignRSA) Sign(msg []byte, key *rsa.PrivateKey) ([]byte, error)

Sign implements token signing for the Signer.

func (*SignRSA) SignLength 

func (s *SignRSA) SignLength() int

Signer signed bytes length. rsa sign size can get from rsa.PrivateKey.Size()

func (*SignRSA) Verify 

func (s *SignRSA) Verify(msg []byte, signature []byte, key *rsa.PublicKey) (bool, error)

Verify implements token verification for the Signer.

type SignRSAPSS added in v1.0.10007 

type SignRSAPSS struct {
	Name string
	Hash crypto.Hash

	Options       *rsa.PSSOptions
	VerifyOptions *rsa.PSSOptions
}

SignRSA implements the RSA family of signing methods.

func NewSignRSAPSS added in v1.0.10007 

func NewSignRSAPSS(
	hash crypto.Hash,
	options *rsa.PSSOptions,
	verifyOptions *rsa.PSSOptions,
	name string,
) *SignRSAPSS

func (*SignRSAPSS) Alg added in v1.0.10007 

func (s *SignRSAPSS) Alg() string

Signer algo name.

func (*SignRSAPSS) Sign added in v1.0.10007 

func (s *SignRSAPSS) Sign(msg []byte, key *rsa.PrivateKey) ([]byte, error)

Sign implements token signing for the Signer.

func (*SignRSAPSS) SignLength added in v1.0.10007 

func (s *SignRSAPSS) SignLength() int

Signer signed bytes length. rsa sign size can get from rsa.PrivateKey.Size()

func (*SignRSAPSS) Verify added in v1.0.10007 

func (s *SignRSAPSS) Verify(msg []byte, signature []byte, key *rsa.PublicKey) (bool, error)

Verify implements token verification for the Signer.

type Token 

type Token struct {
	// contains filtered or unexported fields
}

Token represents a JWT Token.

func NewToken 

func NewToken(encoder IEncoder) *Token

func Parse added in v1.0.10007 

func Parse[V any](tokenString string, key V, opt ...ParserOption) (*Token, error)

Parse parses the signature and returns the parsed token.

func (*Token) GetClaims 

func (t *Token) GetClaims() (MapClaims, error)

return token claims map

func (*Token) GetClaimsT 

func (t *Token) GetClaimsT(dst any) error

return token claims with custom type

func (*Token) GetHeader 

func (t *Token) GetHeader() (TokenHeader, error)

return token TokenHeader struct

func (*Token) GetHeaders added in v1.0.10001 

func (t *Token) GetHeaders() (map[string]string, error)

return token header map

func (*Token) GetHeadersT added in v1.0.10001 

func (t *Token) GetHeadersT(dst any) error

return token header with custom type

func (*Token) GetMsg added in v1.0.10011 

func (t *Token) GetMsg() string

return token without signature

func (*Token) GetPartCount added in v1.0.10011 

func (t *Token) GetPartCount() int

return token string part count

func (*Token) GetRaw 

func (t *Token) GetRaw() string

return token raw

func (*Token) GetSignature 

func (t *Token) GetSignature() []byte

return token signature

func (*Token) Parse 

func (t *Token) Parse(tokenString string)

Parse token string and returns the parsed token.

func (*Token) SetClaims 

func (t *Token) SetClaims(claims any) error

Set claims with json encode

func (*Token) SetHeader 

func (t *Token) SetHeader(header any) error

Set header with json encode

func (*Token) SignedString 

func (t *Token) SignedString() (string, error)

SignedString creates and returns a complete, signed JWT.

func (*Token) SigningString 

func (t *Token) SigningString() (string, error)

SigningString generates the signing string.

func (*Token) WithClaims 

func (t *Token) WithClaims(claims []byte)

Set claims raw

func (*Token) WithHeader 

func (t *Token) WithHeader(header []byte)

Set header raw

func (*Token) WithSignature 

func (t *Token) WithSignature(signature []byte)

Set signature raw

type TokenHeader 

type TokenHeader struct {
	Typ string `json:"typ"`
	Alg string `json:"alg"`
	Kid string `json:"kid,omitempty"`
}

Token Header data.

func GetTokenHeader 

func GetTokenHeader(tokenString string, encoder ...IEncoder) (TokenHeader, error)

get token header from token string

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

jwt token validator

func NewValidator 

func NewValidator(token *Token) (*Validator, error)

func (*Validator) HasBeenIssuedBefore 

func (v *Validator) HasBeenIssuedBefore(now int64) bool

func (*Validator) HasBeenIssuedBy 

func (v *Validator) HasBeenIssuedBy(issuer string) bool

func (*Validator) IsExpired 

func (v *Validator) IsExpired(now int64) bool

func (*Validator) IsIdentifiedBy 

func (v *Validator) IsIdentifiedBy(id string) bool

func (*Validator) IsMinimumTimeBefore 

func (v *Validator) IsMinimumTimeBefore(now int64) bool

func (*Validator) IsPermittedFor 

func (v *Validator) IsPermittedFor(audience string) bool

func (*Validator) IsRelatedTo 

func (v *Validator) IsRelatedTo(subject string) bool

func (*Validator) WithLeeway 

func (v *Validator) WithLeeway(leeway int64) *Validator

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.