當前位置: 首頁>>代碼示例>>Golang>>正文

Golang jose.JWT類代碼示例

本文整理匯總了Golang中github.com/coreos/go-oidc/jose.JWT的典型用法代碼示例。如果您正苦於以下問題:Golang JWT類的具體用法?Golang JWT怎麽用?Golang JWT使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。


在下文中一共展示了JWT類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。

示例1: authToken

func authToken(oidc *Client, jwt jose.JWT, mustBeAdmin bool) (string, bool, error) {
	claims, err := jwt.Claims()
	if err != nil {
		return "", false, fmt.Errorf("auth.go: failed to get claims %v", err)
	}

	aud, ok, err := claims.StringClaim("aud")
	if err != nil || !ok || aud == "" {
		return "", false, fmt.Errorf("auth.go: failed to parse 'aud' claim: %v", err)
	}

	sub, ok, err := claims.StringClaim("sub")
	if err != nil {
		return "", false, fmt.Errorf("auth.go: failed to parse 'sub' claim: %v", err)
	}
	if !ok || sub == "" {
		return "", false, fmt.Errorf("auth.go: missing required 'sub' claim")
	}

	err = oidc.VerifyJWT(jwt, aud)
	if err != nil {
		return sub, false, fmt.Errorf("auth.go: Failed to verify signature: %v", err)
	}

	typ, _, _ := claims.StringClaim(OtsimoUserTypeClaim)

	if mustBeAdmin {
		if typ != OtsimoAdminUserType {
			return sub, false, fmt.Errorf("auth.go: user must be admin")
		}
	}
	return sub, typ == OtsimoAdminUserType, nil
}
開發者ID:otsimo,項目名稱:watch,代碼行數:33,代碼來源:auth.go

示例2: getUserFromJWT

func getUserFromJWT(jwt jose.JWT) (*models.User, error) {
	claims, err := jwt.Claims()
	if err != nil {
		return nil, fmt.Errorf("auth.go: failed to get claims %v", err)
	}

	sub, ok, err := claims.StringClaim("sub")
	if err != nil {
		return nil, fmt.Errorf("auth.go: failed to parse 'sub' claim: %v", err)
	}
	if !ok || sub == "" {
		return nil, fmt.Errorf("auth.go: missing required 'sub' claim")
	}

	aud, _, _ := claims.StringClaim("aud")
	typ, _, _ := claims.StringClaim(OtsimoUserTypeClaim)
	isadmin := typ == OtsimoAdminUserType

	return &models.User{
		ID:       sub,
		IsAdmin:  isadmin,
		Token:    jwt,
		ClientID: aud,
	}, nil
}
開發者ID:otsimo,項目名稱:distribution,代碼行數:25,代碼來源:auth.go

示例3: compareJWTs

func compareJWTs(a, b jose.JWT) string {
	if a.Encode() == b.Encode() {
		return ""
	}

	var aClaims, bClaims jose.Claims
	for _, j := range []struct {
		claims *jose.Claims
		jwt    jose.JWT
	}{
		{&aClaims, a},
		{&bClaims, b},
	} {
		var err error
		*j.claims, err = j.jwt.Claims()
		if err != nil {
			*j.claims = jose.Claims(map[string]interface{}{
				"msg": "bad claims",
				"err": err,
			})
		}
	}

	return diff.ObjectDiff(aClaims, bClaims)
}
開發者ID:FlyWings,項目名稱:kubernetes,代碼行數:25,代碼來源:oidc_test.go

示例4: GetJWTIdentity

// Extracts the JWT Identity Claims (includes ID, Email, Expiry) from a JWT.
func GetJWTIdentity(jwt jose.JWT) (identity *oidc.Identity, err error) {

	claims, err := jwt.Claims()
	if err != nil {
		return identity, err
	}

	return oidc.IdentityFromClaims(claims)
}
開發者ID:paulharter,項目名稱:sync_gateway,代碼行數:10,代碼來源:jwt.go

示例5: VerifyClaims

// Verify claims in accordance with OIDC spec
// http://openid.net/specs/openid-connect-basic-1_0.html#IDTokenValidation
func VerifyClaims(jwt jose.JWT, issuer, clientID string) error {
	now := time.Now().UTC()

	claims, err := jwt.Claims()
	if err != nil {
		return err
	}

	ident, err := IdentityFromClaims(claims)
	if err != nil {
		return err
	}

	if ident.ExpiresAt.Before(now) {
		return errors.New("token is expired")
	}

	// iss REQUIRED. Issuer Identifier for the Issuer of the response.
	// The iss value is a case sensitive URL using the https scheme that contains scheme,
	// host, and optionally, port number and path components and no query or fragment components.
	if iss, exists := claims["iss"].(string); exists {
		if !urlEqual(iss, issuer) {
			return fmt.Errorf("invalid claim value: 'iss'. expected=%s, found=%s.", issuer, iss)
		}
	} else {
		return errors.New("missing claim: 'iss'")
	}

	// iat REQUIRED. Time at which the JWT was issued.
	// Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z
	// as measured in UTC until the date/time.
	if _, exists := claims["iat"].(float64); !exists {
		return errors.New("missing claim: 'iat'")
	}

	// aud REQUIRED. Audience(s) that this ID Token is intended for.
	// It MUST contain the OAuth 2.0 client_id of the Relying Party as an audience value.
	// It MAY also contain identifiers for other audiences. In the general case, the aud
	// value is an array of case sensitive strings. In the common special case when there
	// is one audience, the aud value MAY be a single case sensitive string.
	if aud, ok, err := claims.StringClaim("aud"); err == nil && ok {
		if aud != clientID {
			return fmt.Errorf("invalid claims, 'aud' claim and 'client_id' do not match, aud=%s, client_id=%s", aud, clientID)
		}
	} else if aud, ok, err := claims.StringsClaim("aud"); err == nil && ok {
		if !containsString(clientID, aud) {
			return fmt.Errorf("invalid claims, cannot find 'client_id' in 'aud' claim, aud=%v, client_id=%s", aud, clientID)
		}
	} else {
		return errors.New("invalid claim value: 'aud' is required, and should be either string or string array")
	}

	return nil
}
開發者ID:Clarifai,項目名稱:kubernetes,代碼行數:56,代碼來源:verification.go

示例6: verifyJWT

func (o *testOIDCClient) verifyJWT(jwt jose.JWT) error {
	claims, err := jwt.Claims()
	if err != nil {
		return err
	}
	claim, _, _ := claims.StringClaim("test")
	if claim != "good" {
		return errors.New("bad token")
	}
	return nil
}
開發者ID:FlyWings,項目名稱:kubernetes,代碼行數:11,代碼來源:oidc_test.go

示例7: VerifySignature

func VerifySignature(jwt jose.JWT, keys []key.PublicKey) (bool, error) {
	jwtBytes := []byte(jwt.Data())
	for _, k := range keys {
		v, err := k.Verifier()
		if err != nil {
			return false, err
		}
		if v.Verify(jwt.Signature, jwtBytes) == nil {
			return true, nil
		}
	}
	return false, nil
}
開發者ID:Clarifai,項目名稱:kubernetes,代碼行數:13,代碼來源:verification.go

示例8: validateJWTSignature

func validateJWTSignature(jwt *jose.JWT, jwkSet *jwkSet) (bool, error) {
	for _, jwk := range jwkSet.Keys {
		v, err := jose.NewVerifier(jwk)
		if err != nil {
			return false, err
		}

		if err := v.Verify(jwt.Signature, []byte(jwt.Data())); err == nil {
			return true, nil
		}
	}

	return false, nil
}
開發者ID:jzelinskie,項目名稱:chihaya,代碼行數:14,代碼來源:jwt.go

示例9: VerifyJWTForClientID

func (c *Client) VerifyJWTForClientID(jwt jose.JWT, clientID string) error {
	var keysFunc func() []key.PublicKey
	if kID, ok := jwt.KeyID(); ok {
		keysFunc = c.keysFuncWithID(kID)
	} else {
		keysFunc = c.keysFuncAll()
	}

	v := oidc.NewJWTVerifier(
		c.providerConfig.Get().Issuer.String(),
		clientID,
		c.maybeSyncKeys, keysFunc)

	return v.Verify(jwt)
}
開發者ID:otsimo,項目名稱:accounts,代碼行數:15,代碼來源:oidc.go

示例10: VerifyJWT

func (c *Client) VerifyJWT(jwt jose.JWT) error {
	var keysFunc func() []key.PublicKey
	if kID, ok := jwt.KeyID(); ok {
		keysFunc = c.keysFuncWithID(kID)
	} else {
		keysFunc = c.keysFuncAll()
	}

	v := NewJWTVerifier(
		c.providerConfig.Issuer,
		c.credentials.ID,
		c.maybeSyncKeys, keysFunc)

	return v.Verify(jwt)
}
開發者ID:sym3tri,項目名稱:go-oidc,代碼行數:15,代碼來源:client.go

示例11: VerifyClientClaims

// VerifyClientClaims verifies all the required claims are valid for a "client credentials" JWT.
// Returns the client ID if valid, or an error if invalid.
func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error) {
	claims, err := jwt.Claims()
	if err != nil {
		return "", fmt.Errorf("failed to parse JWT claims: %v", err)
	}

	iss, ok, err := claims.StringClaim("iss")
	if err != nil {
		return "", fmt.Errorf("failed to parse 'iss' claim: %v", err)
	} else if !ok {
		return "", errors.New("missing required 'iss' claim")
	} else if !urlEqual(iss, issuer) {
		return "", fmt.Errorf("'iss' claim does not match expected issuer, iss=%s", iss)
	}

	sub, ok, err := claims.StringClaim("sub")
	if err != nil {
		return "", fmt.Errorf("failed to parse 'sub' claim: %v", err)
	} else if !ok {
		return "", errors.New("missing required 'sub' claim")
	}

	if aud, ok, err := claims.StringClaim("aud"); err == nil && ok {
		if aud != sub {
			return "", fmt.Errorf("invalid claims, 'aud' claim and 'sub' claim do not match, aud=%s, sub=%s", aud, sub)
		}
	} else if aud, ok, err := claims.StringsClaim("aud"); err == nil && ok {
		if !containsString(sub, aud) {
			return "", fmt.Errorf("invalid claims, cannot find 'sud' in 'aud' claim, aud=%v, sub=%s", aud, sub)
		}
	} else {
		return "", errors.New("invalid claim value: 'aud' is required, and should be either string or string array")
	}

	now := time.Now().UTC()
	exp, ok, err := claims.TimeClaim("exp")
	if err != nil {
		return "", fmt.Errorf("failed to parse 'exp' claim: %v", err)
	} else if !ok {
		return "", errors.New("missing required 'exp' claim")
	} else if exp.Before(now) {
		return "", fmt.Errorf("token already expired at: %v", exp)
	}

	return sub, nil
}
開發者ID:Clarifai,項目名稱:kubernetes,代碼行數:48,代碼來源:verification.go

示例12: VerifyClientClaims

// VerifyClientClaims verifies all the required claims are valid for a "client credentials" JWT.
// Returns the client ID if valid, or an error if invalid.
func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error) {
	claims, err := jwt.Claims()
	if err != nil {
		return "", fmt.Errorf("failed to parse JWT claims: %v", err)
	}

	iss, ok, err := claims.StringClaim("iss")
	if err != nil {
		return "", fmt.Errorf("failed to parse 'iss' claim: %v", err)
	} else if !ok {
		return "", errors.New("missing required 'iss' claim")
	} else if !urlEqual(iss, issuer) {
		return "", fmt.Errorf("'iss' claim does not match expected issuer, iss=%s", iss)
	}

	sub, ok, err := claims.StringClaim("sub")
	if err != nil {
		return "", fmt.Errorf("failed to parse 'sub' claim: %v", err)
	} else if !ok {
		return "", errors.New("missing required 'sub' claim")
	}

	aud, ok, err := claims.StringClaim("aud")
	if err != nil {
		return "", fmt.Errorf("failed to parse 'aud' claim: %v", err)
	} else if !ok {
		return "", errors.New("missing required 'aud' claim")
	}

	if sub != aud {
		return "", fmt.Errorf("invalid claims, 'aud' claim and 'sub' claim do not match, aud=%s, sub=%s", aud, sub)
	}

	now := time.Now().UTC()
	exp, ok, err := claims.TimeClaim("exp")
	if err != nil {
		return "", fmt.Errorf("failed to parse 'exp' claim: %v", err)
	} else if !ok {
		return "", errors.New("missing required 'exp' claim")
	} else if exp.Before(now) {
		return "", fmt.Errorf("token already expired at: %v", exp)
	}

	return sub, nil
}
開發者ID:johnmccawley,項目名稱:origin,代碼行數:47,代碼來源:verification.go

示例13: authToken

func (s *grpcServer) authToken(jwt jose.JWT, mustBeAdmin bool) (string, string, error) {
	claims, err := jwt.Claims()
	if err != nil {
		return "", "", fmt.Errorf("auth.go: failed to get claims %v", err)
	}

	aud, ok, err := claims.StringClaim("aud")
	if err != nil || !ok || aud == "" {
		return "", "", fmt.Errorf("auth.go: failed to parse 'aud' claim: %v", err)
	}

	err = s.server.Oidc.VerifyJWT(jwt, aud)
	if err != nil {
		return "", "", fmt.Errorf("auth.go: Failed to verify signature: %v", err)
	}

	sub, ok, err := claims.StringClaim("sub")
	if err != nil {
		return "", "", fmt.Errorf("auth.go: failed to parse 'sub' claim: %v", err)
	}
	if !ok || sub == "" {
		return "", "", fmt.Errorf("auth.go: missing required 'sub' claim")
	}

	email, ok, err := claims.StringClaim("email")
	if err != nil || !ok || email == "" {
		return "", "", fmt.Errorf("auth.go: failed to parse 'email' claim: %v", err)
	}

	if mustBeAdmin {
		typ, ok, err := claims.StringClaim(OtsimoUserTypeClaim)
		if err != nil {
			return "", "", fmt.Errorf("auth.go: failed to parse '%s' claim: %v", OtsimoUserTypeClaim, err)
		}
		if !ok || typ == "" {
			return "", "", fmt.Errorf("auth.go: missing required '%s' claim", OtsimoUserTypeClaim)
		}
		if typ != OtsimoAdminUserType {
			return "", "", fmt.Errorf("auth.go: user must be admin")
		}
	}
	return sub, email, nil
}
開發者ID:otsimo,項目名稱:listener,代碼行數:43,代碼來源:auth.go

示例14: Verify

func (r *idTokenRefresher) Verify(jwt jose.JWT) error {
	claims, err := jwt.Claims()
	if err != nil {
		return err
	}

	now := time.Now()
	exp, ok, err := claims.TimeClaim("exp")
	switch {
	case err != nil:
		return fmt.Errorf("failed to parse 'exp' claim: %v", err)
	case !ok:
		return errors.New("missing required 'exp' claim")
	case exp.Before(now):
		return fmt.Errorf("token already expired at: %v", exp)
	}

	return nil
}
開發者ID:Q-Lee,項目名稱:kubernetes,代碼行數:19,代碼來源:oidc.go

示例15: getUserIdAndEmail

func getUserIdAndEmail(jwt jose.JWT) (string, string, error) {
	claims, err := jwt.Claims()

	if err != nil {
		return "", "", fmt.Errorf("auth.go: failed to get claims %v", err)
	}
	sub, ok, err := claims.StringClaim("sub")
	if err != nil {
		return "", "", fmt.Errorf("auth.go: failed to parse 'sub' claim: %v", err)
	}
	if !ok || sub == "" {
		return "", "", fmt.Errorf("auth.go: missing required 'sub' claim")
	}
	email, ok, err := claims.StringClaim("email")
	if err != nil || !ok || email == "" {
		return "", "", fmt.Errorf("auth.go: failed to parse 'email' claim: %v", err)
	}

	return sub, email, nil

}
開發者ID:otsimo,項目名稱:integration-tests,代碼行數:21,代碼來源:connect.go


注:本文中的github.com/coreos/go-oidc/jose.JWT類示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。