summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/labstack/echo/v4/middleware/jwt.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/labstack/echo/v4/middleware/jwt.go')
-rw-r--r--vendor/github.com/labstack/echo/v4/middleware/jwt.go33
1 files changed, 30 insertions, 3 deletions
diff --git a/vendor/github.com/labstack/echo/v4/middleware/jwt.go b/vendor/github.com/labstack/echo/v4/middleware/jwt.go
index 861d3142..d4420246 100644
--- a/vendor/github.com/labstack/echo/v4/middleware/jwt.go
+++ b/vendor/github.com/labstack/echo/v4/middleware/jwt.go
@@ -26,10 +26,14 @@ type (
// It may be used to define a custom JWT error.
ErrorHandler JWTErrorHandler
- // Signing key to validate token.
- // Required.
+ // Signing key to validate token. Used as fallback if SigningKeys has length 0.
+ // Required. This or SigningKeys.
SigningKey interface{}
+ // Map of signing keys to validate token with kid field usage.
+ // Required. This or SigningKey.
+ SigningKeys map[string]interface{}
+
// Signing method, used to check token signing method.
// Optional. Default value HS256.
SigningMethod string
@@ -48,6 +52,7 @@ type (
// Possible values:
// - "header:<name>"
// - "query:<name>"
+ // - "param:<name>"
// - "cookie:<name>"
TokenLookup string
@@ -110,7 +115,7 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
if config.Skipper == nil {
config.Skipper = DefaultJWTConfig.Skipper
}
- if config.SigningKey == nil {
+ if config.SigningKey == nil && len(config.SigningKeys) == 0 {
panic("echo: jwt middleware requires signing key")
}
if config.SigningMethod == "" {
@@ -133,6 +138,15 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
if t.Method.Alg() != config.SigningMethod {
return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])
}
+ if len(config.SigningKeys) > 0 {
+ if kid, ok := t.Header["kid"].(string); ok {
+ if key, ok := config.SigningKeys[kid]; ok {
+ return key, nil
+ }
+ }
+ return nil, fmt.Errorf("unexpected jwt key id=%v", t.Header["kid"])
+ }
+
return config.SigningKey, nil
}
@@ -142,6 +156,8 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
switch parts[0] {
case "query":
extractor = jwtFromQuery(parts[1])
+ case "param":
+ extractor = jwtFromParam(parts[1])
case "cookie":
extractor = jwtFromCookie(parts[1])
}
@@ -215,6 +231,17 @@ func jwtFromQuery(param string) jwtExtractor {
}
}
+// jwtFromParam returns a `jwtExtractor` that extracts token from the url param string.
+func jwtFromParam(param string) jwtExtractor {
+ return func(c echo.Context) (string, error) {
+ token := c.Param(param)
+ if token == "" {
+ return "", ErrJWTMissing
+ }
+ return token, nil
+ }
+}
+
// jwtFromCookie returns a `jwtExtractor` that extracts token from the named cookie.
func jwtFromCookie(name string) jwtExtractor {
return func(c echo.Context) (string, error) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 04:33:38 +0000