Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateKey(subject string) (*VerificationKey, *SigningKey, error)
- type SignOptions
- type SigningKey
- type VerificationKey
- type VerificationKeyset
- func (v *VerificationKeyset) Add(key *VerificationKey) error
- func (v *VerificationKeyset) AuthorizeRequest(r *http.Request, skew time.Duration, nv nonce.Verifier) (string, string, error)
- func (v *VerificationKeyset) Marshal() ([]byte, error)
- func (v *VerificationKeyset) Remove(id string)
- func (v *VerificationKeyset) String() string
- func (v *VerificationKeyset) Verify(token []byte, opts *VerifyOptions) (string, string, error)
- type VerifyOptions
Constants ¶
const Scheme = "ProtoEd25519 "
Scheme is the custom authorization scheme for the Authorization header: Authorization: ProtoEd25519 <base64 encoded signed token>
Variables ¶
var ( ErrMissingID = errors.New("key missing ID") ErrInvaidKeyLen = errors.New("invalid key length") ErrMissingSubject = errors.New("key missing subject") )
Errors returned from unmarshal:
Functions ¶
func GenerateKey ¶
func GenerateKey(subject string) (*VerificationKey, *SigningKey, error)
Generate an Ed25519 keypair for the given subject.
Types ¶
type SignOptions ¶
type SigningKey ¶
type SigningKey struct {
// contains filtered or unexported fields
}
func UnmarshalSigningKey ¶
func UnmarshalSigningKey(serialized []byte) (*SigningKey, error)
UnmarshalSigningKey unmarshals a signing key from a binary proto.
func (*SigningKey) AuthorizeRequest ¶
AuthorizeRequest signs a token for the given HTTP request and adds it to the Authorization header. Returns the token's unique ID as a hex encoded string.
func (*SigningKey) ID ¶
func (s *SigningKey) ID() string
func (*SigningKey) Marshal ¶
func (k *SigningKey) Marshal() ([]byte, error)
func (*SigningKey) Sign ¶
func (k *SigningKey) Sign(opts *SignOptions) ([]byte, string, error)
Sign a token. Returns the signed token and its unique identifier as a hex encoded string.
func (*SigningKey) String ¶ added in v0.1.1
func (s *SigningKey) String() string
type VerificationKey ¶
type VerificationKey struct {
// contains filtered or unexported fields
}
func UnmarshalVerificationKey ¶
func UnmarshalVerificationKey(serialized []byte) (*VerificationKey, error)
UnmarshalVerificationKey unmarshals a signing key from a binary proto.
func (*VerificationKey) ID ¶
func (v *VerificationKey) ID() string
ID returns the key identifier for this key.
func (*VerificationKey) Marshal ¶
func (k *VerificationKey) Marshal() ([]byte, error)
Marshal the verification key to binary proto.
func (*VerificationKey) String ¶
func (k *VerificationKey) String() string
String returns the JSON-encoded key.
func (*VerificationKey) Subject ¶
func (v *VerificationKey) Subject() string
Subject returns the subject for this key.
type VerificationKeyset ¶
type VerificationKeyset struct {
// contains filtered or unexported fields
}
VerificationKeyset contains a map of key IDs to verification keys.
func UnmarshalKeyset ¶
func UnmarshalKeyset(serialized []byte) (*VerificationKeyset, error)
UnmarshalKeyset unmarshals a keyset from a binary proto.
func (*VerificationKeyset) Add ¶
func (v *VerificationKeyset) Add(key *VerificationKey) error
Add a verification key to the keyset.
func (*VerificationKeyset) AuthorizeRequest ¶
func (v *VerificationKeyset) AuthorizeRequest(r *http.Request, skew time.Duration, nv nonce.Verifier) (string, string, error)
AuthorizeRequest verifies the token in the Authorization header of the given HTTP request.
func (*VerificationKeyset) Marshal ¶
func (v *VerificationKeyset) Marshal() ([]byte, error)
Marshal the keyset into a binary proto.
func (*VerificationKeyset) Remove ¶
func (v *VerificationKeyset) Remove(id string)
Remove a verification key from the keyset by ID.
func (*VerificationKeyset) String ¶
func (v *VerificationKeyset) String() string
String returns the JSON-encoded keyset.
func (*VerificationKeyset) Verify ¶
func (v *VerificationKeyset) Verify(token []byte, opts *VerifyOptions) (string, string, error)
Verify the given token. Returns the subject that signed the token and the token's unique ID as a hex encoded string.
type VerifyOptions ¶
type VerifyOptions struct { // The expected resource. Resource string // The current time. If zero, the current time will be used. Now time.Time // The interface with which to verify the token's nonce. If nil, // the nonce will not be checked for reuse. NonceVerifier nonce.Verifier // How much clock skew to allow for. Skew time.Duration }
VerifyOptions contain the options for verifying a signed token.