NotificationsYou must be signed in to change notification settings
Fork21
Star208

Commitabf430b

committed

JWKS support: Fetch, parse JWKS to Keys and encode Keys to JWKS. AWS Cognito JWKS with ease, one-liner: FetchAWSCognitoPublicKeys

1 parent90bfed9 commitabf430bCopy full SHA for abf430b

File tree

24 files changed

+462

-271

lines changed

README.md
_benchmarks
- sign_benchmark_test.go
- verify_benchmark_test.go
_examples
- aws-cognito-verify
  - main.go
- basic
  - main.go
  - rs512-verify
    - main.go
- blocklist
  - main.go
- generate-ed25519
  - main.go
- middleware
  - main.go
claims.go
claims_merge_benchmark_test.go
doc.go
hmac.go
hmac_test.go
jwk.go
jwk_aws_cognito.go
jwt.go
kid_keys.go
kid_keys_aws_cognito.go
rsa_test.go
sign.go
token.go
token_test.go
verify.go

24 files changed

+462

-271

lines changed

`‎README.md`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`
`3`	`3`	[![build status](https://img.shields.io/github/actions/workflow/status/kataras/jwt/ci.yml?style=for-the-badge)](https://github.com/kataras/jwt/actions)[![gocov](https://img.shields.io/badge/Go%20Coverage-92%25-brightgreen.svg?style=for-the-badge)](https://travis-ci.org/github/kataras/jwt/jobs/740739405#L322)[![report card](https://img.shields.io/badge/report%20card-a%2B-ff3333.svg?style=for-the-badge)](https://goreportcard.com/report/github.com/kataras/jwt)[![godocs](https://img.shields.io/badge/go-%20docs-488AC7.svg?style=for-the-badge)](https://pkg.go.dev/github.com/kataras/jwt)
`4`	`4`
`5`		`-Fast and simple[JWT](https://jwt.io/#libraries-io) implementation written in[Go](https://go.dev/dl/). This package was designed with security, performance and simplicity in mind, it protects your tokens from[critical vulnerabilities that you may find in other libraries](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries).`
	`5`	`+Fast and simple[JWT](https://jwt.io/#libraries-io)& JWKSimplementation written in[Go](https://go.dev/dl/). This package was designed with security, performance and simplicity in mind, it protects your tokens from[critical vulnerabilities that you may find in other libraries](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries).`
`6`	`6`
`7`	`7`	`[![Benchmarks Total Repetitions - higher is better](http://iris-go.com/images/jwt/benchmarks.png)](_benchmarks)`
`8`	`8`
@@ -133,7 +133,7 @@ Example Code to manually set all claims using a standard `map`:
`133`	`133`
`134`	`134`	```go
`135`	`135`	`now:= time.Now()`
`136`		`-claims:=map[string]interface{}{`
	`136`	`+claims:=map[string]any{`
`137`	`137`	`"iat": now.Unix(),`
`138`	`138`	`"exp": now.Add(15 * time.Minute).Unix(),`
`139`	`139`	`"foo":"bar",`
`@@ -159,7 +159,7 @@ standardClaims := jwt.Claims{`
`159`	`159`	`token,err:= jwt.Sign(jwt.HS256, sharedKey, customClaims, standardClaims)`
`160`	`160`	```
`161`	`161`
`162`		->The`jwt.Map` is just a_type alias_, a_shortcut_, of`map[string]interface{}`.
	`162`	+>The`jwt.Map` is just a_type alias_, a_shortcut_, of`map[string]any`.
`163`	`163`
`164`	`164`	At all cases, the`iat(IssuedAt)` and`exp(Expiry/MaxAge)` (and`nbf(NotBefore)`) values will be validated automatically on the[`Verify`](#verify-a-token) method.
`165`	`165`
`@@ -260,7 +260,7 @@ type VerifiedToken struct {`
`260`	`260`
`261`	`261`	`###Decode custom Claims`
`262`	`262`
`263`		-To extract any custom claims, given on the`Sign` method, we use the result of the`Verify` method, which is a`VerifiedToken` pointer. This VerifiedToken has a single method, the`Claims(destinterface{}) error` one, which can be used to decode the claims (payload part) to a value of our choice. Again, that value can be a`map` or any`struct`.
	`263`	+To extract any custom claims, given on the`Sign` method, we use the result of the`Verify` method, which is a`VerifiedToken` pointer. This VerifiedToken has a single method, the`Claims(destany) error` one, which can be used to decode the claims (payload part) to a value of our choice. Again, that value can be a`map` or any`struct`.
`264`	`264`
`265`	`265`	```go
`266`	`266`	`varclaims =struct {`

`‎_benchmarks/sign_benchmark_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ func BenchmarkSign_Map(b *testing.B) {`
`23`	`23`	`fori:=0;i<b.N;i++ {`
`24`	`24`	`// supports custom types and expiration helper.`
`25`	`25`	`now:=time.Now()`
`26`		`-claims:=map[string]interface{}{`
	`26`	`+claims:=map[string]any{`
`27`	`27`	`"foo":"bar",`
`28`	`28`	`"exp":now.Add(15*time.Minute).Unix(),`
`29`	`29`	`"iat":now.Unix(),`
`@@ -159,7 +159,7 @@ func BenchmarkSign_go_jose_Map(b *testing.B) {`
`159`	`159`	`// unlike kataras/jwt which u can use already defined structs.`
`160`	`160`	`// We will benchmark it with structs (see below test).`
`161`	`161`	`now:=time.Now()`
`162`		`-claims:=map[string]interface{}{`
	`162`	`+claims:=map[string]any{`
`163`	`163`	`"foo":"bar",`
`164`	`164`	`"exp":now.Add(15*time.Minute).Unix(),`
`165`	`165`	`"iat":now.Unix(),`

`‎_benchmarks/verify_benchmark_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ func BenchmarkVerify_jwt_go(b *testing.B) {`
`45`	`45`	`b.ResetTimer()`
`46`	`46`
`47`	`47`	`fori:=0;i<b.N;i++ {`
`48`		`-_,err:=jwtgo.Parse(tokenString,func(token*jwtgo.Token) (interface{},error) {`
	`48`	`+_,err:=jwtgo.Parse(tokenString,func(token*jwtgo.Token) (any,error) {`
`49`	`49`	`returntestSecret,nil`
`50`	`50`	`})`
`51`	`51`	`iferr!=nil {`

`‎_examples/aws-cognito-verify/main.go`

Lines changed: 1 addition & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,19 +11,7 @@ import (`
`11`	`11`	`// \|=================================================================================\|`
`12`	`12`
`13`	`13`	`funcmain() {`
`14`		`-/*`
`15`		`-cognitoConfig := jwt.AWSKeysConfiguration{`
`16`		`-Region: "us-west-2",`
`17`		`-UserPoolID: "us-west-2_xxx",`
`18`		`-}`
`19`		`-`
`20`		`-keys, err := cognitoConfig.Load()`
`21`		`-if err != nil {`
`22`		`-panic(err)`
`23`		`-}`
`24`		`-OR:`
`25`		`-*/`
`26`		`-keys,err:=jwt.LoadAWSCognitoKeys("us-west-2"/* region /,"us-west-2_xxx"/ user pool id */)`
	`14`	`+keys,err:=jwt.FetchAWSCognitoPublicKeys("us-west-2"/* region /,"us-west-2_xxx"/ user pool id */)`
`27`	`15`	`iferr!=nil {`
`28`	`16`	`panic(err)// handle error, e.g. pool does not exist in the region.`
`29`	`17`	`}`

`‎_examples/basic/main.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ var sharedKey = []byte("sercrethatmaycontainch@r$32chars") // OR jwt.MustGenerat`
`50`	`50`	`// generate token to use.`
`51`	`51`	`funcgetTokenHandler(w http.ResponseWriter,r*http.Request) {`
`52`	`52`	`// now := time.Now()`
`53`		`-// token, err := jwt.Sign(jwt.HS256, sharedKey, map[string]interface{}{`
	`53`	`+// token, err := jwt.Sign(jwt.HS256, sharedKey, map[string]any{`
`54`	`54`	`// "iat": now.Unix(),`
`55`	`55`	`// "exp": now.Add(15 * time.Minute).Unix(),`
`56`	`56`	`// "foo": "bar",`
`@@ -94,7 +94,7 @@ func verifyTokenHandler(w http.ResponseWriter, r *http.Request) {`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`// Parse custom claims...`
`97`		`-varclaimsmap[string]interface{}`
	`97`	`+varclaimsmap[string]any`
`98`	`98`	`// ^ can be any type, e.g.`
`99`	`99`	`// var claims = struct {`
`100`	`100`	// Foo string `json:"foo"`

`‎_examples/basic/rs512-verify/main.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ func verifyTokenHandler(w http.ResponseWriter, r *http.Request) {`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`// Parse custom claims...`
`57`		`-varclaimsmap[string]interface{}`
	`57`	`+varclaimsmap[string]any`
`58`	`58`	`// ^ can be any type, e.g.`
`59`	`59`	`// var claims = struct {`
`60`	`60`	// Foo string `json:"foo"`

`‎_examples/blocklist/main.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ Navigate to http://localhost:8080/protected?token=%s and you should see an ErrBl`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`// Parse custom claims...`
`88`		`-varclaimsmap[string]interface{}`
	`88`	`+varclaimsmap[string]any`
`89`	`89`	`// ^ can be any type, e.g.`
`90`	`90`	`// var claims = struct {`
`91`	`91`	// Foo string `json:"foo"`

`‎_examples/generate-ed25519/main.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,8 @@ package main`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"crypto/ed25519"`
`5`		`-"io/ioutil"`
`6`	`5`	`"log"`
	`6`	`+"os"`
`7`	`7`
`8`	`8`	`"github.com/kataras/jwt"`
`9`	`9`	`)`
`@@ -14,12 +14,12 @@ func main() {`
`14`	`14`	`log.Fatal(err)`
`15`	`15`	`}`
`16`	`16`
`17`		`-err=ioutil.WriteFile("ed25519_private.pem",priv,0600)`
	`17`	`+err=os.WriteFile("ed25519_private.pem",priv,0600)`
`18`	`18`	`iferr!=nil {`
`19`	`19`	`log.Fatalf("ed25519: private: write file: %w",err)`
`20`	`20`	`}`
`21`	`21`
`22`		`-err=ioutil.WriteFile("ed25519_public.pem",pub,0600)`
	`22`	`+err=os.WriteFile("ed25519_public.pem",pub,0600)`
`23`	`23`	`iferr!=nil {`
`24`	`24`	`log.Fatalf("ed25519: public: write file: %w",err)`
`25`	`25`	`}`

`‎_examples/middleware/main.go`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ func main() {`
`24`	`24`	`funcgetTokenHandler(w http.ResponseWriter,r*http.Request) {`
`25`	`25`	`now:=time.Now()`
`26`	`26`
`27`		`-token,err:=jwt.Sign(jwt.HS256,sharedKey,map[string]interface{}{`
	`27`	`+token,err:=jwt.Sign(jwt.HS256,sharedKey,map[string]any{`
`28`	`28`	`"iat":now.Unix(),`
`29`	`29`	`"exp":now.Add(15*time.Minute).Unix(),`
`30`	`30`	`"foo":"bar",`
`@@ -47,7 +47,7 @@ func getTokenHandler(w http.ResponseWriter, r *http.Request) {`
`47`	`47`	`funcprotectedHandler(w http.ResponseWriter,r*http.Request) {`
`48`	`48`	`verifiedToken:=r.Context().Value(tokenContextKey).(*jwt.VerifiedToken)`
`49`	`49`
`50`		`-varclaimsmap[string]interface{}`
	`50`	`+varclaimsmap[string]any`
`51`	`51`	`// ^ can be any type, e.g.`
`52`	`52`	`// var claims = struct {`
`53`	`53`	// Foo string `json:"foo"`
`@@ -108,14 +108,14 @@ func verify2(next http.HandlerFunc) http.HandlerFunc {`
`108`	`108`	`/*`
`109`	`109`	`Another idea, when you want a single middleware to support different`
`110`	`110`	`Go structs (benefit: type safety when access the claims fields):`
`111`		`-verify2(getClaimsPtr func()interface{}, next http.HandlerFunc) {`
	`111`	`+verify2(getClaimsPtr func()any, next http.HandlerFunc) {`
`112`	`112`	`// [...]`
`113`	`113`	`claimsPtr := getClaimsPtr()`
`114`	`114`	`verifiedToken.Claims(claimsPtr)`
`115`	`115`	`// [...]`
`116`	`116`	`}`
`117`	`117`	`Another idea's usage:`
`118`		`-verify2(func()interface{} {`
	`118`	`+verify2(func()any {`
`119`	`119`	`return &userClaims{}`
`120`	`120`	`}, routeHandler)`
`121`	`121`	`Inside the handler:`

`‎claims.go`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,8 +68,8 @@ type claimsSecondChance struct {`
`68`	`68`	Expiry json.Number`json:"exp,omitempty"`
`69`	`69`	IDstring`json:"jti,omitempty"`
`70`	`70`	OriginIDstring`json:"origin_jti,omitempty"`
`71`		-Issuerinterface{}`json:"iss,omitempty"`
`72`		-Subjectinterface{}`json:"sub,omitempty"`
	`71`	+Issuerany`json:"iss,omitempty"`
	`72`	+Subjectany`json:"sub,omitempty"`
`73`	`73`	AudienceAudience`json:"aud,omitempty"`
`74`	`74`	`}`
`75`	`75`
`@@ -90,7 +90,7 @@ func (c claimsSecondChance) toClaims() Claims {`
`90`	`90`	`}`
`91`	`91`	`}`
`92`	`92`
`93`		`-funcgetStr(vinterface{})string {`
	`93`	`+funcgetStr(vany)string {`
`94`	`94`	`ifv==nil {`
`95`	`95`	`return""`
`96`	`96`	`}`
`@@ -246,7 +246,7 @@ func MaxAge(maxAge time.Duration) SignOptionFunc {`
`246`	`246`
`247`	`247`	`// MaxAgeMap is a helper to set "exp" and "iat" claims to a map claims.`
`248`	`248`	`// Usage:`
`249`		`-// claims := map[string]interface{}{"foo": "bar"}`
	`249`	`+// claims := map[string]any{"foo": "bar"}`
`250`	`250`	`// MaxAgeMap(15 * time.Minute, claims)`
`251`	`251`	`// Sign(alg, key, claims)`
`252`	`252`	`funcMaxAgeMap(maxAge time.Duration,claimsMap) {`
`@@ -270,7 +270,7 @@ func MaxAgeMap(maxAge time.Duration, claims Map) {`
`270`	`270`	`//`
`271`	`271`	`// Usage:`
`272`	`272`	`//`
`273`		`-//claims := Merge(map[string]interface{}{"foo":"bar"}, Claims{`
	`273`	`+//claims := Merge(map[string]any{"foo":"bar"}, Claims{`
`274`	`274`	`// MaxAge: 15 * time.Minute,`
`275`	`275`	`// Issuer: "an-issuer",`
`276`	`276`	`//})`
`@@ -280,7 +280,7 @@ func MaxAgeMap(maxAge time.Duration, claims Map) {`
`280`	`280`	`//`
`281`	`281`	`//Sign(alg, key, claims, MaxAge(time.Duration))`
`282`	`282`	`//Sign(alg, key, claims, Claims{...})`
`283`		`-funcMerge(claimsinterface{},otherinterface{}) []byte {`
	`283`	`+funcMerge(claimsany,otherany) []byte {`
`284`	`284`	`claimsB,err:=Marshal(claims)`
`285`	`285`	`iferr!=nil {`
`286`	`286`	`returnnil`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitabf430b

File tree

24 files changed

24 files changed

`‎README.md`

`‎_benchmarks/sign_benchmark_test.go`

`‎_benchmarks/verify_benchmark_test.go`

`‎_examples/aws-cognito-verify/main.go`

`‎_examples/basic/main.go`

`‎_examples/basic/rs512-verify/main.go`

`‎_examples/blocklist/main.go`

`‎_examples/generate-ed25519/main.go`

`‎_examples/middleware/main.go`

`‎claims.go`

0 commit comments