jwt

package
v0.0.0-...-252f4b7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 11 Imported by: 4

Documentation

Overview

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright 2023 Northern.tech AS 

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrTokenExpired = errors.New("jwt: token expired")
	ErrTokenInvalid = errors.New("jwt: token invalid")
)

Functions

This section is empty.

Types

type Claims 

type Claims struct {
	// ID is the unique jwt ID, also device AuthSet UUID. (Required)
	ID oid.ObjectID `json:"jti,omitempty" bson:"_id"`
	// Subject claim holds the device ID. (Required)
	Subject  oid.ObjectID `json:"sub,omitempty" bson:"sub"`
	Audience string       `json:"aud,omitempty" bson:"aud,omitempty"`
	Scope    string       `json:"scp,omitempty" bson:"scp,omitempty"`
	// Issuer holds the configurable issuer claim.
	Issuer string `json:"iss,omitempty" bson:"iss,omitempty"`
	// Tenant claim holds the tenant id this device belongs to.
	Tenant string `json:"mender.tenant,omitempty" bson:"mender.tenant,omitempty"`
	// ExpiresAt is the timestamp when the token becomes invalid. (Required)
	ExpiresAt Time `json:"exp,omitempty" bson:"exp"`
	IssuedAt  Time `json:"iat,omitempty" bson:"iat,omitempty"`
	NotBefore Time `json:"nbf,omitempty" bson:"nbf,omitempty"`
	// Device claim states that this token belongs to a device
	Device bool `json:"mender.device,omitempty" bson:"mender.device,omitempty"`
	// Plan holds the tenant's feature plan claim.
	Plan string `json:"mender.plan,omitempty"`
	// Trial claim holds a boolean which is true if the tenant is in trial mode
	Trial bool `json:"mender.trial" bson:"trial"`
	// Addons contains the settings for addons enabled for the tenant.
	Addons []addons.Addon `json:"mender.addons,omitempty"`
}

func (*Claims) Valid 

func (c *Claims) Valid() error

Valid checks if claims are valid. Returns error if validation fails. Note that for now we're only using iss, exp, sub, scp. Basic checks are done here, field correctness (e.g. issuer) - at the service level, where this info is available.

type Handler 

type Handler interface {
	ToJWT(t *Token) (string, error)
	// FromJWT parses the token
	// returns:
	// ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.)
	FromJWT(string) (*Token, error)
	// Validate does basic validity checks (Claims.Valid()).
	// returns:
	// ErrTokenExpired when the token is valid but expired
	// ErrTokenInvalid when the token is invalid (malformed, missing required claims, etc.)
	Validate(string) error
}

Handler jwt generator/verifier

func NewJWTHandler 

func NewJWTHandler(privateKeyPath string) (Handler, error)

type JWTHandlerEd25519 

type JWTHandlerEd25519 struct {
	// contains filtered or unexported fields
}

JWTHandlerEd25519 is an Ed25519-specific JWTHandler

func NewJWTHandlerEd25519 

func NewJWTHandlerEd25519(privKey *ed25519.PrivateKey) *JWTHandlerEd25519

func (*JWTHandlerEd25519) FromJWT 

func (j *JWTHandlerEd25519) FromJWT(tokstr string) (*Token, error)

func (*JWTHandlerEd25519) ToJWT 

func (j *JWTHandlerEd25519) ToJWT(token *Token) (string, error)

func (*JWTHandlerEd25519) Validate 

func (j *JWTHandlerEd25519) Validate(tokstr string) error

type JWTHandlerRS256 

type JWTHandlerRS256 struct {
	// contains filtered or unexported fields
}

JWTHandlerRS256 is an RS256-specific JWTHandler

func NewJWTHandlerRS256 

func NewJWTHandlerRS256(privKey *rsa.PrivateKey) *JWTHandlerRS256

func (*JWTHandlerRS256) FromJWT 

func (j *JWTHandlerRS256) FromJWT(tokstr string) (*Token, error)

func (*JWTHandlerRS256) ToJWT 

func (j *JWTHandlerRS256) ToJWT(token *Token) (string, error)

func (*JWTHandlerRS256) Validate 

func (j *JWTHandlerRS256) Validate(tokstr string) error

type SignFunc 

type SignFunc func(token *Token) (string, error)

SignFunc will sign and encode token.

type Time 

type Time struct {
	time.Time
}

func (Time) MarshalJSON 

func (t Time) MarshalJSON() ([]byte, error)

func (*Time) UnmarshalJSON 

func (t *Time) UnmarshalJSON(b []byte) error

type Token 

type Token struct {
	Claims `bson:"inline"`
}

Token wrapper

func (*Token) MarshalJWT 

func (t *Token) MarshalJWT(sign SignFunc) ([]byte, error)

MarshalJWT marshals Token into JWT comaptible format. `sign` provides means for generating a signed JWT token.

func (*Token) UnmarshalJWT 

func (t *Token) UnmarshalJWT(raw []byte, unpack UnpackFunc) error

UnmarshalJWT unmarshals raw JWT data into Token. UnpackFunc does the actual heavy-lifting of parsing and deserializing base64'ed JWT. Returns an error if `unpack` failed, however if `unpack` returns a token `t` will be updated as well (may happen if token is valid wrt. to structure & signature, but expired).

func (*Token) Verify 

func (t *Token) Verify(raw []byte, verify VerifyFunc) error

Verify verifies the Token. VerifyFunc does the actual heavy-lifting of validating the JWT token. Returns an error if `verify` failed.

type UnpackFunc 

type UnpackFunc func(s string) (*Token, error)

UnpackFunc will decode token

type VerifyFunc 

type VerifyFunc func(s string) error

VerifyFunc will verify token

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.