Categorygithub.com/go-kit/kitauthjwt
package
0.13.0
Repository: https://github.com/go-kit/kit.git
Documentation: pkg.go.dev
Versions
1
Dependencies
10
Dependents
104
Files
194 SLOC

# README

package auth/jwt

package auth/jwt provides a set of interfaces for service authorization through JSON Web Tokens.

Usage

NewParser takes a key function and an expected signing method and returns an endpoint.Middleware. The middleware will parse a token passed into the context via the jwt.JWTContextKey. If the token is valid, any claims will be added to the context via the jwt.JWTClaimsContextKey.

import (
	stdjwt "github.com/golang-jwt/jwt/v4"

	"github.com/go-kit/kit/auth/jwt"
	"github.com/go-kit/kit/endpoint"
)

func main() {
	var exampleEndpoint endpoint.Endpoint
	{
		kf := func(token *stdjwt.Token) (interface{}, error) { return []byte("SigningString"), nil }
		exampleEndpoint = MakeExampleEndpoint(service)
		exampleEndpoint = jwt.NewParser(kf, stdjwt.SigningMethodHS256, jwt.StandardClaimsFactory)(exampleEndpoint)
	}
}

NewSigner takes a JWT key ID header, the signing key, signing method, and a claims object. It returns an endpoint.Middleware. The middleware will build the token string and add it to the context via the jwt.JWTContextKey.

import (
	stdjwt "github.com/golang-jwt/jwt/v4"

	"github.com/go-kit/kit/auth/jwt"
	"github.com/go-kit/kit/endpoint"
)

func main() {
	var exampleEndpoint endpoint.Endpoint
	{
		exampleEndpoint = grpctransport.NewClient(...).Endpoint()
		exampleEndpoint = jwt.NewSigner(
			"kid-header",
			[]byte("SigningString"),
			stdjwt.SigningMethodHS256,
			jwt.Claims{},
		)(exampleEndpoint)
	}
}

In order for the parser and the signer to work, the authorization headers need to be passed between the request and the context. HTTPToContext(), ContextToHTTP(), GRPCToContext(), and ContextToGRPC() are given as helpers to do this. These functions implement the correlating transport's RequestFunc interface and can be passed as ClientBefore or ServerBefore options.

Example of use in a client:

import (
	stdjwt "github.com/golang-jwt/jwt/v4"

	grpctransport "github.com/go-kit/kit/transport/grpc"
	"github.com/go-kit/kit/auth/jwt"
	"github.com/go-kit/kit/endpoint"
)

func main() {

	options := []httptransport.ClientOption{}
	var exampleEndpoint endpoint.Endpoint
	{
		exampleEndpoint = grpctransport.NewClient(..., grpctransport.ClientBefore(jwt.ContextToGRPC())).Endpoint()
		exampleEndpoint = jwt.NewSigner(
			"kid-header",
			[]byte("SigningString"),
			stdjwt.SigningMethodHS256,
			jwt.Claims{},
		)(exampleEndpoint)
	}
}

Example of use in a server:

import (
	"context"

	"github.com/go-kit/kit/auth/jwt"
	"github.com/go-kit/log"
	grpctransport "github.com/go-kit/kit/transport/grpc"
)

func MakeGRPCServer(ctx context.Context, endpoints Endpoints, logger log.Logger) pb.ExampleServer {
	options := []grpctransport.ServerOption{grpctransport.ServerErrorLogger(logger)}

	return &grpcServer{
		createUser: grpctransport.NewServer(
			ctx,
			endpoints.CreateUserEndpoint,
			DecodeGRPCCreateUserRequest,
			EncodeGRPCCreateUserResponse,
			append(options, grpctransport.ServerBefore(jwt.GRPCToContext()))...,
		),
		getUser: grpctransport.NewServer(
			ctx,
			endpoints.GetUserEndpoint,
			DecodeGRPCGetUserRequest,
			EncodeGRPCGetUserResponse,
			options...,
		),
	}
}

# Functions

ContextToGRPC moves a JWT from context to grpc metadata.
ContextToHTTP moves a JWT from context to request header.
GRPCToContext moves a JWT from grpc metadata to context.
HTTPToContext moves a JWT from request header to context.
MapClaimsFactory is a ClaimsFactory that returns an empty jwt.MapClaims.
NewParser creates a new JWT parsing middleware, specifying a jwt.Keyfunc interface, the signing method and the claims type to be used.
NewSigner creates a new JWT generating middleware, specifying key ID, signing string, signing method and the claims you would like it to contain.
StandardClaimsFactory is a ClaimsFactory that returns an empty jwt.StandardClaims.

# Constants

JWTClaimsContextKey holds the key used to store the JWT Claims in the context.
JWTContextKey holds the key used to store a JWT in the context.
JWTTokenContextKey is an alias for JWTContextKey.

# Variables

ErrTokenContextMissing denotes a token was not passed into the parsing middleware's context.
ErrTokenExpired denotes a token's expire header (exp) has since passed.
ErrTokenInvalid denotes a token was not able to be validated.
ErrTokenMalformed denotes a token was not formatted as a JWT.
ErrTokenNotActive denotes a token's not before header (nbf) is in the future.
ErrUnexpectedSigningMethod denotes a token was signed with an unexpected signing method.

# Type aliases

ClaimsFactory is a factory for jwt.Claims.