Code
Hub
Workspaces
Following
Trending
Connect
MCP
copy
Index your code
hub
/
github.com/auth0/go-jwt-middleware
/ functions
Functions
744 in github.com/auth0/go-jwt-middleware
⨍
Functions
744
◇
Types & classes
102
↓ 449 callers
Method
Error
(msg string, args ...any)
integrations/grpc/option.go:21
↓ 372 callers
Method
Close
Close closes the Redis connection.
examples/http-multi-issuer-redis-example/main.go:100
↓ 102 callers
Function
NewValidationError
NewValidationError creates a new ValidationError with the given code and message.
core/errors.go:78
↓ 83 callers
Function
New
New creates a new Validator with the provided options. Required options: - WithKeyFunc: Function to provide verification key(s) - WithAlgorithm: Sign
validator/validator.go:147
↓ 82 callers
Function
WithKeyFunc
WithKeyFunc sets the function that provides the key for token verification. This is a required option. The keyFunc is called during token validation
validator/option.go:20
↓ 77 callers
Function
WithAlgorithm
WithAlgorithm sets the signature algorithm that tokens must use. This is a required option. Supported algorithms: RS256, RS384, RS512, ES256, ES384,
validator/option.go:35
↓ 67 callers
Function
WithIssuer
WithIssuer sets a single expected issuer claim (iss) for token validation. This is a required option (use either WithIssuer, WithIssuers, or WithIssue
validator/option.go:82
↓ 65 callers
Function
New
New creates a new Core instance with the provided options. The Core must be configured with at least a TokenValidator using WithValidator. All other
core/option.go:27
↓ 64 callers
Function
WithValidator
WithValidator sets the validator for the Core. This is a required option. The validator must implement both ValidateToken and ValidateDPoPProof method
core/option.go:65
↓ 61 callers
Function
WithAudience
WithAudience sets a single expected audience claim (aud) for token validation. This is a required option (use either WithAudience or WithAudiences, no
validator/option.go:191
↓ 50 callers
Method
Get
Get retrieves a JWKS from the cache or fetches it if not cached.
jwks/provider.go:28
↓ 50 callers
Method
KeyFunc
KeyFunc adheres to the keyFunc signature that the Validator requires. While it returns an interface to adhere to keyFunc, as long as the error is nil
jwks/provider.go:499
↓ 49 callers
Function
NewMultiIssuerProvider
NewMultiIssuerProvider creates a new MultiIssuerProvider. This provider automatically routes JWKS requests to the correct issuer based on the validate
jwks/multi_issuer_provider.go:125
↓ 48 callers
Function
WithValidator
WithValidator configures the middleware with a JWT validator. This is the REQUIRED way to configure the middleware. The validator must implement Vali
option.go:42
↓ 45 callers
Method
CheckTokenWithDPoP
CheckTokenWithDPoP validates an access token with optional DPoP proof. This is the primary validation method that handles both Bearer and DPoP tokens.
core/dpop.go:173
↓ 45 callers
Function
WithIssuerURL
WithIssuerURL sets the OIDC issuer URL for JWKS discovery. This is a required option. The issuer URL is used to discover the JWKS endpoint via the .w
jwks/option.go:25
↓ 41 callers
Function
New
New constructs a new JWTMiddleware instance with the supplied options. All parameters are passed via options (pure options pattern). Required options
middleware.go:76
↓ 38 callers
Method
CheckJWT
CheckJWT is the main JWTMiddleware function which performs the main logic. It is passed a http.Handler which will be called if the JWT passes validati
middleware.go:296
↓ 37 callers
Method
Context
Context returns the wrapped context with JWT claims.
integrations/grpc/interceptor.go:239
↓ 37 callers
Function
New
New creates a new gRPC JWT interceptor with the provided options. WithValidator option is required. Example: interceptor, err := grpc.New( grp
integrations/grpc/interceptor.go:43
↓ 36 callers
Function
NewCachingProvider
NewCachingProvider builds and returns a new CachingProvider. The cache automatically handles background refresh. Accepts both ProviderOption and Cach
jwks/provider.go:370
↓ 36 callers
Function
WithValidator
WithValidator sets the JWT validator (REQUIRED). This is the primary way to configure the interceptor. For advanced configuration (logging, error han
integrations/grpc/option.go:67
↓ 33 callers
Function
setupHandler
()
examples/http-dpop-example/main.go:76
↓ 29 callers
Function
createTestValidator
(t *testing.T)
integrations/grpc/interceptor_test.go:67
↓ 28 callers
Method
KeyFunc
KeyFunc adheres to the keyFunc signature that the Validator requires. It automatically routes JWKS requests to the correct issuer based on the validat
jwks/multi_issuer_provider.go:172
↓ 27 callers
Function
WithCacheTTL
WithCacheTTL sets the cache refresh interval for the CachingProvider. If not specified, defaults to 15 minutes. The TTL determines the minimum interv
jwks/option.go:84
↓ 26 callers
Function
SetIssuerInContext
SetIssuerInContext stores the issuer in the context. This is primarily used for testing purposes. In production, the issuer is automatically set by Va
validator/validator.go:46
↓ 24 callers
Method
UnaryServerInterceptor
UnaryServerInterceptor returns a grpc.UnaryServerInterceptor that validates JWTs. It extracts the JWT from gRPC metadata, validates it, and makes the
integrations/grpc/interceptor.go:109
↓ 22 callers
Function
DefaultErrorHandler
DefaultErrorHandler maps JWT validation errors to appropriate gRPC status codes. It returns gRPC status errors that follow standard gRPC error handlin
integrations/grpc/error_handler.go:22
↓ 21 callers
Method
String
String returns a string representation of the DPoP mode.
core/dpop.go:44
↓ 21 callers
Function
WithAudiences
WithAudiences sets multiple expected audience claims (aud) for token validation. This is a required option (use either WithAudience or WithAudiences,
validator/option.go:206
↓ 21 callers
Function
WithLogger
WithLogger sets an optional logger for the Core. When configured, the Core will log debug information about token extraction, validation success/fail
core/option.go:105
↓ 21 callers
Function
createTestValidator
createTestValidator creates a basic validator for testing
option_test.go:23
↓ 20 callers
Function
WithLogger
WithLogger sets an optional logger for the middleware. The logger will be used throughout the validation flow in both middleware and core. The logger
option.go:136
↓ 20 callers
Function
computeAccessTokenHash
computeAccessTokenHash computes the SHA-256 hash of the access token and returns it as a base64url-encoded string (without padding) per RFC 9449. This
core/dpop.go:589
↓ 20 callers
Method
logError
logError logs an error message if the logger is configured.
core/dpop.go:559
↓ 20 callers
Function
setupHandler
()
examples/http-dpop-required/main_integration_test.go:35
↓ 19 callers
Method
ValidateToken
(ctx context.Context, token string)
core/core.go:16
↓ 19 callers
Function
createMockOIDCServer
Helper function to create a mock OIDC server
jwks/multi_issuer_provider_test.go:446
↓ 18 callers
Function
createDPoPBoundToken
createDPoPBoundToken creates a DPoP-bound access token with cnf claim
examples/http-dpop-example/main_integration_test.go:1414
↓ 17 callers
Function
GetWellKnownEndpointsFromIssuerURL
GetWellKnownEndpointsFromIssuerURL gets the well known endpoints for the passed in issuer url and validates that the metadata's issuer field exactly m
internal/oidc/oidc.go:53
↓ 17 callers
Method
ProviderCount
ProviderCount returns the total number of issuers currently managed. This includes both OIDC providers (cached dynamically) and symmetric issuers (con
jwks/multi_issuer_provider.go:307
↓ 17 callers
Function
WithCustomClaims
WithCustomClaims sets a function that returns a CustomClaims object for unmarshalling and validation. The function is called during construction to v
validator/option.go:294
↓ 17 callers
Function
createDPoPProofWithAccessToken
createDPoPProofWithAccessToken creates a DPoP proof with ATH claim (RFC 9449 compliant)
examples/http-dpop-example/main_integration_test.go:1440
↓ 17 callers
Function
newMockOIDCServer
(t *testing.T, issuerPath string)
examples/http-multi-issuer-example/main_integration_test.go:31
↓ 17 callers
Function
newMockOIDCServer
(t *testing.T)
examples/http-dynamic-issuer-example/main_integration_test.go:31
↓ 17 callers
Function
reconstructRequestURL
reconstructRequestURL builds the full request URL for DPoP HTU validation. It respects the TrustedProxyConfig to determine which headers to trust. Wh
proxy.go:162
↓ 16 callers
Function
WithDPoPMode
WithDPoPMode configures the DPoP operational mode. Modes: - DPoPAllowed (default): Accept both Bearer and DPoP tokens - DPoPRequired: Only accept DPo
core/option.go:128
↓ 16 callers
Function
setupHandler
()
examples/http-dpop-disabled/main_integration_test.go:28
↓ 14 callers
Method
Debug
(msg string, args ...any)
integrations/grpc/option.go:18
↓ 14 callers
Function
SetClaims
SetClaims stores claims in the context. This is a helper function for adapters to set claims after validation.
core/context.go:51
↓ 14 callers
Function
WithAllowedClockSkew
WithAllowedClockSkew sets the allowed clock skew for time-based claims. This allows for some tolerance when validating exp, nbf, and iat claims to ac
validator/option.go:226
↓ 14 callers
Function
WithIssuerKeyConfig
WithIssuerKeyConfig configures a symmetric key for a single issuer. This enables MCD (Multiple Custom Domains) scenarios where some issuers use symmet
jwks/option.go:283
↓ 14 callers
Function
setupHandlerWithConfig
setupHandlerWithConfig creates a handler with custom proxy configuration for testing
examples/http-dpop-trusted-proxy/main_integration_test.go:17
↓ 13 callers
Method
Is
Is allows the error to support equality to ErrJWTInvalid.
error_handler.go:475
↓ 13 callers
Function
buildWWWAuthenticateHeaders
buildWWWAuthenticateHeaders builds appropriate WWW-Authenticate headers based on auth scheme and DPoP mode. Returns both Bearer and DPoP challenges in
error_handler.go:375
↓ 13 callers
Function
newMockOIDCServer
(t *testing.T, issuerPath string)
examples/http-multi-issuer-redis-example/main_integration_test.go:33
↓ 12 callers
Method
SayHello
Sends a greeting (requires authentication)
examples/grpc-example/proto/greeter_grpc.pb.go:26
↓ 12 callers
Function
SetAuthScheme
SetAuthScheme stores the authorization scheme in the context. This is used by adapters to track which auth scheme was used in the request.
core/context.go:107
↓ 12 callers
Method
ValidateDPoPProof
ValidateDPoPProof validates a DPoP proof JWT and returns the extracted claims. It verifies the JWT signature using the embedded JWK and calculates the
validator/dpop.go:38
↓ 12 callers
Function
WithTokenExtractor
WithTokenExtractor sets the function to extract the JWT from the request. Default: AuthHeaderTokenExtractor
option.go:93
↓ 12 callers
Function
generateJWKS
()
jwks/provider_test.go:1057
↓ 12 callers
Function
setupHandler
(audience []string)
examples/http-dynamic-issuer-example/main.go:138
↓ 11 callers
Function
NewProvider
NewProvider builds and returns a new *Provider. Required options: - WithIssuerURL: OIDC issuer URL for JWKS discovery Optional options: - WithCustomJ
jwks/provider.go:56
↓ 11 callers
Function
WithExclusionUrls
WithExclusionUrls configures URL patterns to exclude from JWT validation. URLs can be full URLs or just paths.
option.go:105
↓ 11 callers
Function
WithIssuersResolver
WithIssuersResolver sets a dynamic issuer resolution function for token validation. This option allows issuers to be determined at request time based
validator/option.go:173
↓ 11 callers
Function
setupTestDatabase
setupTestDatabase replaces the global tenantDatabase for testing
examples/http-dynamic-issuer-example/main_integration_test.go:91
↓ 10 callers
Function
AuthHeaderTokenExtractor
AuthHeaderTokenExtractor is a TokenExtractor that takes a request and extracts the token and scheme from the Authorization header. Supports both "Bear
extractor.go:47
↓ 10 callers
Method
CheckToken
CheckToken validates a JWT token string and returns the validated claims. This is the core validation logic that is framework-agnostic: - If token is
core/core.go:51
↓ 10 callers
Function
GetAuthScheme
GetAuthScheme retrieves the authorization scheme from the context. Returns AuthSchemeUnknown if no scheme was set. Example usage: scheme := core.Ge
core/context.go:120
↓ 10 callers
Function
MetadataTokenExtractor
MetadataTokenExtractor extracts JWT from the "authorization" metadata key. It supports the "Bearer <token>" format (standard for gRPC). gRPC normaliz
integrations/grpc/extractor.go:38
↓ 10 callers
Function
SetDPoPMode
SetDPoPMode stores the DPoP mode in the context. This is used by adapters to track the DPoP mode configuration for error handling.
core/context.go:136
↓ 10 callers
Function
createDPoPBoundToken
(jkt []byte, sub, scope string)
examples/http-dpop-required/main_integration_test.go:962
↓ 10 callers
Function
createDPoPProof
(key jwk.Key, httpMethod, httpURL, accessToken string)
examples/http-dpop-required/main_integration_test.go:984
↓ 10 callers
Method
generateToken
(t *testing.T, subject, name string)
examples/http-dynamic-issuer-example/main_integration_test.go:70
↓ 10 callers
Function
setupHandler
(issuers []string, audience []string)
examples/http-multi-issuer-example/main.go:44
↓ 10 callers
Function
setupHandler
()
examples/http-example/main.go:65
↓ 10 callers
Function
setupTestServer
setupTestServer creates a test HTTP server that returns the specified response code and body.
internal/oidc/oidc_test.go:15
↓ 9 callers
Function
HasClaims
HasClaims checks if claims exist in the context. Example: if jwtgrpc.HasClaims(ctx) { claims, _ := jwtgrpc.GetClaims[*validator.ValidatedClaim
integrations/grpc/claims.go:54
↓ 9 callers
Function
buildTestToken
buildTestToken generates a valid JWT for testing using jwx/v3
integrations/grpc/interceptor_test.go:33
↓ 9 callers
Function
setupHandler
(issuers []string, audience []string, redisCache *RedisCache)
examples/http-multi-issuer-redis-example/main.go:134
↓ 9 callers
Function
setupTestServer
setupTestServer creates a test gRPC server with JWT authentication
examples/grpc-example/server/main_integration_test.go:24
↓ 8 callers
Function
GetDPoPMode
GetDPoPMode retrieves the DPoP mode from the context. Returns DPoPAllowed if no mode was set (default). Example usage: mode := core.GetDPoPMode(ctx
core/context.go:149
↓ 8 callers
Function
WithDPoPHeaderExtractor
WithDPoPHeaderExtractor sets a custom DPoP header extractor. Optional - defaults to extracting from the "DPoP" HTTP header per RFC 9449. Use this for
option.go:163
↓ 8 callers
Function
WithDPoPMode
WithDPoPMode sets the DPoP operational mode. Modes: - core.DPoPAllowed (default): Accept both Bearer and DPoP tokens - core.DPoPRequired: Only accept
option.go:186
↓ 8 callers
Function
WithIssuers
WithIssuers sets multiple expected issuer claims (iss) for token validation. This is a required option (use either WithIssuer, WithIssuers, or WithIss
validator/option.go:106
↓ 8 callers
Function
WithLogger
WithLogger sets an optional logger for the interceptor. The logger will be used throughout the validation flow in both interceptor and core. The logg
integrations/grpc/option.go:107
↓ 8 callers
Method
logDebug
logDebug logs a debug message if the logger is configured.
core/dpop.go:573
↓ 8 callers
Function
sendRequest
sendRequest sends a GET request to the test server with an optional Bearer token.
examples/http-example/main_integration_test.go:44
↓ 8 callers
Function
setupTestRedis
setupTestRedis creates a test Redis client and clears it
examples/http-multi-issuer-redis-example/main_integration_test.go:93
↓ 8 callers
Method
validateIssuerWithResolver
validateIssuerWithResolver checks if the token issuer is valid using either the static expectedIssuers list or the dynamic issuersResolver function. T
validator/validator.go:465
↓ 7 callers
Function
GetDPoPContext
GetDPoPContext retrieves DPoP context from the context. Returns nil if no DPoP context exists (e.g., for Bearer tokens). Example usage: dpopCtx :=
core/context.go:78
↓ 7 callers
Function
SetDPoPContext
SetDPoPContext stores DPoP context in the context. This is a helper function for adapters to set DPoP context after validation. DPoP context contains
core/context.go:65
↓ 7 callers
Method
StreamServerInterceptor
StreamServerInterceptor returns a grpc.StreamServerInterceptor that validates JWTs. It extracts the JWT from gRPC metadata, validates it, and makes th
integrations/grpc/interceptor.go:139
↓ 7 callers
Function
WithAlgorithms
WithAlgorithms sets multiple signature algorithms that tokens may use. This is useful for mixed-algorithm MCD (Multiple Custom Domains) scenarios wher
validator/option.go:57
↓ 7 callers
Function
WithCredentialsOptional
WithCredentialsOptional sets whether credentials are optional. If set to true, an empty token will be considered valid. Default: false (credentials r
option.go:59
↓ 7 callers
Function
WithCredentialsOptional
WithCredentialsOptional configures whether credentials are optional. When set to true, requests without tokens will be allowed to proceed without val
core/option.go:83
↓ 7 callers
Function
WithMaxProviders
WithMaxProviders sets the maximum number of issuer providers to cache in memory. When the limit is reached, the least-recently-used provider will be e
jwks/option.go:253
↓ 7 callers
Function
WithTrustedProxies
WithTrustedProxies configures trusted proxy headers for URL reconstruction. Required when behind reverse proxies to correctly validate DPoP HTU claim.
proxy.go:71
↓ 7 callers
Function
createDPoPProof
(key jwk.Key, httpMethod, httpURL string)
examples/http-dpop-disabled/main_integration_test.go:837
next →
1–100 of 744, ranked by callers