# README
jwt
Package jwt provides signature verification and claims set validation for JSON Web Tokens (JWT) of the JSON Web Signature (JWS) form.
Primary types provided by the package:
-
KeySet: Represents a set of keys that can be used to verify the signatures of JWTs. A KeySet is expected to be backed by a set of local or remote keys. -
Validator: Provides signature verification and claims set validation behavior for JWTs. -
Expected: Defines the expected claims values to assert when validating a JWT. -
Alg: Represents asymmetric signing algorithms.
Examples:
Please see docs_test.go for additional usage examples.
# Functions
NewJSONWebKeySet returns a KeySet that verifies JWT signatures using keys from the JSON Web Key Set (JWKS) at the given jwksURL.
NewOIDCDiscoveryKeySet returns a KeySet that verifies JWT signatures using keys from the JSON Web Key Set (JWKS) published in the discovery document at the given issuer URL.
NewStaticKeySet returns a KeySet that verifies JWT signatures using the given publicKeys.
NewValidator returns a Validator that uses the given KeySet to verify JWT signatures.
ParsePublicKeyPEM is used to parse RSA and ECDSA public keys from PEMs.
SupportedSigningAlgorithm returns an error if any of the given Algs are not supported signing algorithms.
# Constants
DefaultLeewaySeconds defines the amount of leeway that's used by default for validating the "nbf" (Not Before) and "exp" (Expiration Time) claims.
Ed25519 using SHA-512.
ECDSA using P-256 and SHA-256.
ECDSA using P-384 and SHA-384.
ECDSA using P-521 and SHA-512.
RSASSA-PSS using SHA256 and MGF1-SHA256.
RSASSA-PSS using SHA384 and MGF1-SHA384.
RSASSA-PSS using SHA512 and MGF1-SHA512.
RSASSA-PKCS-v1.5 using SHA-256.
RSASSA-PKCS-v1.5 using SHA-384.
RSASSA-PKCS-v1.5 using SHA-512.
# Interfaces
KeySet represents a set of keys that can be used to verify the signatures of JWTs.
# Type aliases
Alg represents asymmetric signing algorithms.