mirror of
https://github.com/therootcompany/golib.git
synced 2026-03-13 12:27:59 +00:00
AJ ONeal
83b22dbb86
Claims via embedded structs rather than generics: - Decode(token, &claims) pattern: JSON payload unmarshaled directly into the caller's pre-allocated struct, stored in jws.Claims; custom fields accessible through the local variable without a type assertion - StandardClaims.Validate promoted to any embedding struct via value receiver; override Validate on the outer struct for custom checks, calling ValidateStandardClaims to preserve standard OIDC validation - Sign(crypto.Signer): algorithm set from key.Public() type switch; ES256 (P-256) and RS256 (PKCS#1 v1.5) supported; works with HSM/KMS - ecdsaDERToRaw: converts ASN.1 DER output of crypto.Signer to raw r||s - SignES256 uses FillBytes for correct zero-padded r||s (no leading-zero bug) - UnsafeVerify(Key): dispatches on Header.Alg; ES256 and RS256 supported - Non-generic PublicJWK with ECDSA()/RSA() typed accessor methods (contrast: bestjwt uses generic PublicJWK[K] + TypedKeys[K]) - JWKS fetch/parse: FetchPublicJWKs, ReadPublicJWKs, UnmarshalPublicJWKs for RSA and EC (P-256/384/521) keys - 10 tests covering round trips, promoted/overridden validate, wrong key, wrong key type, unknown alg, JWKS accessors, and JWKS JSON parsing