package jwt
import "google.golang.org/grpc/credentials/jwt"
Package jwt implements JWT token file-based call credentials.
This package provides support for A97 JWT Call Credentials, allowing gRPC clients to authenticate using JWT tokens read from files. While originally designed for xDS environments, these credentials are general-purpose.
The credentials can be used directly in gRPC clients or configured via xDS.
Token Requirements
JWT tokens must:
- Be valid, well-formed JWT tokens with header, payload, and signature
- Include an "exp" (expiration) claim
- Be readable from the specified file path
Considerations
- Tokens are cached until expiration to avoid excessive file I/O - Transport security is required (RequireTransportSecurity returns true) - Errors in reading tokens or parsing JWTs will result in RPC UNAVAILALBE or UNAUTHENTICATED errors. The errors are cached and retried with exponential backoff.
This implementation is originally intended for use in service mesh environments like Istio where JWT tokens are provisioned and rotated by the infrastructure.
Experimental
Notice: All APIs in this package are experimental and may be removed in a later release.
Index ¶
Functions ¶
func NewTokenFileCallCredentials ¶
func NewTokenFileCallCredentials(tokenFilePath string) (credentials.PerRPCCredentials, error)
NewTokenFileCallCredentials creates PerRPCCredentials that reads JWT tokens from the specified file path.
Source Files ¶
doc.go file_reader.go token_file_call_creds.go
- Version
- v1.77.0-dev
- Published
- Sep 17, 2025
- Platform
- windows/amd64
- Imports
- 13 packages
- Last checked
- 20 minutes ago –
Tools for package owners.