A Library for Signing, Verifying and Decoding Authentication Tokens
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

48 lines
2.2 KiB

/*
* Copyright 2021 Lucas Hinderberger
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Package KISStokens is a Go library for signing, verifying and decoding
// authentication tokens following the JSON Web Signature (JWS, RFC7515)
// and JSON Web Token (JWT, RFC7519) standards.
//
// KISStokens offers both a high-level and a low-level API.
// While the high-level API aims to be easily usable from within applications,
// offering implementations with reasonable defaults for common use cases, the
// low-level API offers a more direct representation of the JWS and JWT
// standards, for use cases in which more control is needed.
//
// The high-level API is contained in the top-level KISStokens package, with
// opinionated implementations in the subpackage opinionated.
// The low-level API can be found in the subpackages jws and jwt, with
// strictjson being a helper package for unambiguous JSON parsing.
package KISStokens
import (
"codeberg.org/lhinderberger/KISStokens/jwt"
)
// A TokenAuthority holds key and configuration for signing and verifying authentication tokens
// It provides methods for signing, and decoding/verifying tokens.
type TokenAuthority interface {
// Sign produces a signed authentication token for the given set of claims.
// Note that this function may check the given claims object against constraints defined by the
// concrete TokenAuthority implementation, rejecting claim sets that don't meet its requirements.
Sign(claims *jwt.Claims) (string, error)
// DecodeAndVerify decodes and verifies an authentication token and returns its JWT claims.
// On failure, an error describing why decoding or verification failed will be returned.
DecodeAndVerify(encodedToken string) (*jwt.Claims, error)
}