Rene Nochebuena
d8773b0f9f
Provides AuthMiddleware (calls httpauth.SetTokenData, accepts Verifier or Signer), IssueTokenPair (access + refresh tokens as jwt.MapClaims, custom claims at top level for ClaimsPermissionProvider compatibility), RefreshTokenPair (blacklist check + rotation + re-issue), and Signer/Verifier implementations for HMAC-SHA256 and RSA-SHA256 including PEM loaders and a public-key-only Verifier for read-only microservices.
27 lines
1020 B
Go
27 lines
1020 B
Go
// Package jwtauth provides self-issued JWT authentication middleware and token
|
|
// management for HTTP services.
|
|
//
|
|
// It integrates with code.nochebuena.dev/go/httpauth: AuthMiddleware verifies
|
|
// Bearer tokens and calls httpauth.SetTokenData, making uid and claims available
|
|
// to EnrichmentMiddleware, AuthzMiddleware, and ClaimsPermissionProvider.
|
|
//
|
|
// Typical flow:
|
|
//
|
|
// 1. Issue a token pair on login:
|
|
//
|
|
// signer := jwtauth.NewHMACSigner([]byte(os.Getenv("JWT_SECRET")))
|
|
// pair, err := jwtauth.IssueTokenPair(signer, uid, customClaims, cfg)
|
|
//
|
|
// 2. Protect routes:
|
|
//
|
|
// r.Use(jwtauth.AuthMiddleware(signer, publicPaths))
|
|
// r.Use(httpauth.EnrichmentMiddleware(myEnricher))
|
|
//
|
|
// 3. Rotate tokens on refresh:
|
|
//
|
|
// newPair, err := jwtauth.RefreshTokenPair(ctx, signer, refreshToken, blacklist, cfg, freshClaims)
|
|
//
|
|
// For microservices that only verify tokens (not issue them), use NewRSAPublicKeyVerifier
|
|
// or NewRSAPublicKeyVerifierFromPEM with the public key only.
|
|
package jwtauth
|