package jwtsvid

v2 – github.com/spiffe/go-spiffe/v2/svid/jwtsvid Index | Examples | Files

import "github.com/spiffe/go-spiffe/v2/svid/jwtsvid"

Index ¶

type Params
type SVID

func ParseAndValidate(token string, bundles jwtbundle.Source, audience []string) (*SVID, error)
func ParseInsecure(token string, audience []string) (*SVID, error)
func (svid *SVID) Marshal() string

type Source

Examples ¶

ParseAndValidate

Types ¶

type Params ¶

type Params struct {
	Audience       string
	ExtraAudiences []string
	Subject        spiffeid.ID
}

Params are JWT-SVID parameters used when fetching a new JWT-SVID.

type SVID ¶

type SVID struct {
	// ID is the SPIFFE ID of the JWT-SVID as present in the 'sub' claim
	ID spiffeid.ID
	// Audience is the intended recipients of JWT-SVID as present in the 'aud' claim
	Audience []string
	// Expiry is the expiration time of JWT-SVID as present in 'exp' claim
	Expiry time.Time
	// Claims is the parsed claims from token
	Claims map[string]interface{}
	// Hint is an operator-specified string used to provide guidance on how this
	// identity should be used by a workload when more than one SVID is returned.
	Hint string
	// contains filtered or unexported fields
}

SVID represents a JWT-SVID.

func ParseAndValidate ¶

func ParseAndValidate(token string, bundles jwtbundle.Source, audience []string) (*SVID, error)

ParseAndValidate parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is verified using the JWT bundle source.

Example¶

Code:play

package main

import (
	"context"

	"github.com/spiffe/go-spiffe/v2/spiffeid"
	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
	"github.com/spiffe/go-spiffe/v2/workloadapi"
)

func main() {
	td, err := spiffeid.TrustDomainFromString("example.org")
	if err != nil {
		// TODO: error handling
	}

	token := "TODO"
	audience := []string{spiffeid.RequireFromPath(td, "/server").String()}

	jwtSource, err := workloadapi.NewJWTSource(context.TODO())
	if err != nil {
		// TODO: error handling
	}
	defer jwtSource.Close()

	svid, err := jwtsvid.ParseAndValidate(token, jwtSource, audience)
	if err != nil {
		// TODO: error handling
	}

	// TODO: do something with the JWT-SVID
	svid = svid
}

func ParseInsecure ¶

func ParseInsecure(token string, audience []string) (*SVID, error)

ParseInsecure parses and validates a JWT-SVID token and returns the JWT-SVID. The JWT-SVID signature is not verified.

func (*SVID) Marshal ¶

func (svid *SVID) Marshal() string

Marshal returns the JWT-SVID marshaled to a string. The returned value is the same token value originally passed to ParseAndValidate.

type Source ¶

type Source interface {
	// FetchJWTSVID fetches a JWT-SVID from the source with the given
	// parameters.
	FetchJWTSVID(ctx context.Context, params Params) (*SVID, error)
}

Source represents a source of JWT-SVIDs.

Source Files ¶

source.go svid.go

Version: v2.5.0 (latest)
Published: Jan 31, 2025
Platform: linux/amd64
Imports: 7 packages
Last checked: 2 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples