Documentation ¶
Overview ¶
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 Northern.tech AS
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrTokenExpired = errors.New("jwt: token expired") ErrTokenInvalid = errors.New("jwt: token invalid") )
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct { // ID is the unique jwt ID, also device AuthSet UUID. (Required) ID oid.ObjectID `json:"jti,omitempty" bson:"_id"` // Subject claim holds the device ID. (Required) Subject oid.ObjectID `json:"sub,omitempty" bson:"sub"` Audience string `json:"aud,omitempty" bson:"aud,omitempty"` Scope string `json:"scp,omitempty" bson:"scp,omitempty"` // Issuer holds the configurable issuer claim. Issuer string `json:"iss,omitempty" bson:"iss,omitempty"` // Tenant claim holds the tenant id this device belongs to. Tenant string `json:"mender.tenant,omitempty" bson:"mender.tenant,omitempty"` // ExpiresAt is the timestamp when the token becomes invalid. (Required) ExpiresAt Time `json:"exp,omitempty" bson:"exp"` IssuedAt Time `json:"iat,omitempty" bson:"iat,omitempty"` NotBefore Time `json:"nbf,omitempty" bson:"nbf,omitempty"` // Device claim states that this token belongs to a device Device bool `json:"mender.device,omitempty" bson:"mender.device,omitempty"` // Plan holds the tenant's feature plan claim. Plan string `json:"mender.plan,omitempty"` // Trial claim holds a boolean which is true if the tenant is in trial mode Trial bool `json:"mender.trial" bson:"trial"` // Addons contains the settings for addons enabled for the tenant. Addons []addons.Addon `json:"mender.addons,omitempty"` }
type Handler ¶
type Handler interface { ToJWT(t *Token) (string, error) // FromJWT parses the token // returns: // ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.) FromJWT(string) (*Token, error) // Validate does basic validity checks (Claims.Valid()). // returns: // ErrTokenExpired when the token is valid but expired // ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.) Validate(string) error }
Handler jwt generator/verifier
func NewJWTHandler ¶
type JWTHandlerEd25519 ¶
type JWTHandlerEd25519 struct {
// contains filtered or unexported fields
}
JWTHandlerEd25519 is an Ed25519-specific JWTHandler
func NewJWTHandlerEd25519 ¶
func NewJWTHandlerEd25519(privKey *ed25519.PrivateKey) *JWTHandlerEd25519
func (*JWTHandlerEd25519) FromJWT ¶
func (j *JWTHandlerEd25519) FromJWT(tokstr string) (*Token, error)
func (*JWTHandlerEd25519) Validate ¶
func (j *JWTHandlerEd25519) Validate(tokstr string) error
type JWTHandlerRS256 ¶
type JWTHandlerRS256 struct {
// contains filtered or unexported fields
}
JWTHandlerRS256 is an RS256-specific JWTHandler
func NewJWTHandlerRS256 ¶
func NewJWTHandlerRS256(privKey *rsa.PrivateKey) *JWTHandlerRS256
func (*JWTHandlerRS256) Validate ¶
func (j *JWTHandlerRS256) Validate(tokstr string) error
type Token ¶
type Token struct {
Claims `bson:"inline"`
}
Token wrapper
func (*Token) MarshalJWT ¶
MarshalJWT marshals Token into JWT comaptible format. `sign` provides means for generating a signed JWT token.
func (*Token) UnmarshalJWT ¶
func (t *Token) UnmarshalJWT(raw []byte, unpack UnpackFunc) error
UnmarshalJWT unmarshals raw JWT data into Token. UnpackFunc does the actual heavy-lifting of parsing and deserializing base64'ed JWT. Returns an error if `unpack` failed, however if `unpack` returns a token `t` will be updated as well (may happen if token is valid wrt. to structure & signature, but expired).