mirror of
https://github.com/therootcompany/golib.git
synced 2026-04-24 12:48:00 +00:00
AJ ONeal
3f7985317f
Rename ValidateParams → Validator, make Issuer immutable after construction. Key changes: - StandardClaims.GetStandardClaims() + StandardClaimsSource interface: any struct embedding StandardClaims satisfies the interface for free via Go's method promotion — zero boilerplate for callers - Issuer is now immutable after construction; keys and validator are unexported; Params field removed - New constructors: New, NewWithJWKs, NewWithOIDC, NewWithOAuth2 - UnsafeVerify(tokenStr string) (*JWS, error): Decode + sig verify + iss check; "unsafe" means exp/aud/etc. are NOT checked - VerifyAndValidate(tokenStr, claims, now): full pipeline requiring non-nil Validator; fails loudly with nil Validator - FetchJWKs(ctx, url), FetchJWKsFromOIDC(ctx, base), FetchJWKsFromOAuth2(ctx, base): standalone fetch functions with context - PublicJWK.Thumbprint(): RFC 7638 SHA-256 thumbprint, canonical field ordering per spec (EC: crv/kty/x/y, RSA: e/kty/n, OKP: crv/kty/x) - DecodePublicJWKsJSON: auto-populates KID from Thumbprint when absent - Tests: 14 pass, covering VerifyAndValidate, UnsafeVerify, nil-validator error, all alg round trips, tampered alg, Thumbprint, auto-KID