root/golib
1
0
Fork 0
mirror of https://github.com/therootcompany/golib.git synced 2026-03-13 12:27:59 +00:00
Code Issues Projects Releases Wiki Activity
golib/auth/ajwt/go.mod
AJ ONeal 1f0b36fc6d
feat(auth/ajwt): add first-principles JWT/JWS/JWK package 
Design goals from first principles:

- JWS holds only parsed structure (header, payload, sig) — no Claims
  interface, no Verified flag. Removes footguns from the simpler packages.

- Issuer owns key management and verification. Verify does key lookup by
  kid, sig verification, and iss claim check — in that order, so sig is
  always authenticated before any payload data is trusted.

- ValidateParams is a stable config object with Validate(StandardClaims,
  time.Time) as a method. Time is passed at the call site, not stored in
  the params struct, so the same config object can be reused across requests.

- UnmarshalClaims(v any) accepts any type — no Claims interface to
  implement. Custom validation is a plain function call, not a method
  satisfying an interface.

- Sign uses crypto.Signer, supporting ES256/ES384/ES512 (ECDSA), RS256
  (RSA PKCS#1 v1.5), and EdDSA (Ed25519, RFC 8037).

- PublicJWK uses crypto.PublicKey (not generics) since JWKS returns
  heterogeneous key types at runtime. Typed accessors ECDSA(), RSA(), and
  EdDSA() replace TypedKeys[K] filtering.

- JWKS parsing handles kty: "EC", "RSA", and "OKP" (Ed25519).

10 tests: ES256/RS256/EdDSA round trips, custom validation, wrong key,
unknown kid, iss mismatch, tampered alg, PublicJWK accessors, JWKS JSON.
2026-03-12 19:40:18 -06:00

4 lines
60 B
Modula-2
Raw Blame History

module github.com/therootcompany/golib/auth/ajwt
go 1.24.0
Reference in New Issue View Git Blame Copy Permalink