MCPcopy Index your code

hub / github.com/auth0/go-jwt-middleware / functions

Functions744 in github.com/auth0/go-jwt-middleware

↓ 7 callersMethodextractConfirmationClaim
extractConfirmationClaim extracts the cnf (confirmation) claim from the token string. This claim is used for DPoP (Demonstrating Proof-of-Possession)
validator/validator.go:427
↓ 7 callersMethodhasAnyTrustedHeaders
hasAnyTrustedHeaders returns true if any header trust flags are enabled
proxy.go:46
↓ 6 callersFunctionHasClaims
HasClaims checks if claims exist in the context without retrieving them.
core/context.go:56
↓ 6 callersFunctionHasDPoPContext
HasDPoPContext checks if a DPoP context exists in the context. Returns true for DPoP-bound tokens, false for Bearer tokens. Example usage: if core.
core/context.go:101
↓ 6 callersFunctionIssuerFromContext
IssuerFromContext extracts the issuer from the context. This is useful for JWKS providers that need to route requests based on the issuer. Note: The
validator/validator.go:37
↓ 6 callersFunctionMultiTokenExtractor
MultiTokenExtractor returns a TokenExtractor that runs multiple TokenExtractors and takes the one that does not return an empty token. If a TokenExtra
extractor.go:133
↓ 6 callersFunctionWithCustomClient
WithCustomClient sets a custom HTTP client for the Provider. If not specified, a default client with 30s timeout is used.
jwks/option.go:50
↓ 6 callersFunctionWithCustomJWKSURI
WithCustomJWKSURI sets a custom JWKS URI for the Provider. When set, the Provider will fetch JWKS directly from this URI, skipping the OIDC discovery
jwks/option.go:38
↓ 6 callersFunctionWithExcludedMethods
WithExcludedMethods excludes specific gRPC methods from JWT validation. Methods should be provided in the format: "/package.Service/Method" For more
integrations/grpc/option.go:153
↓ 6 callersFunctionWithMultiIssuerCacheTTL
WithMultiIssuerCacheTTL sets the cache refresh interval for all per-issuer providers. If not specified, defaults to 15 minutes. The TTL determines th
jwks/option.go:160
↓ 6 callersFunctionWithRegisteredClaimsValidator
WithRegisteredClaimsValidator sets a validation function that runs against the registered claims (iss, sub, aud, exp, nbf, iat, jti) after standard va
validator/option.go:261
↓ 6 callersFunctionWithValidateOnOptions
WithValidateOnOptions sets whether OPTIONS requests should have their JWT validated. Default: true (OPTIONS requests are validated)
option.go:69
↓ 6 callersFunctionassertErrorResponse
assertErrorResponse asserts the HTTP status, JSON error body, and WWW-Authenticate header.
examples/http-example/main_integration_test.go:64
↓ 6 callersFunctionbuildSymmetricKeySet
buildSymmetricKeySet creates a jwk.Set containing a symmetric key with the specified algorithm and optional key ID. This allows symmetric keys to be h
jwks/multi_issuer_provider.go:405
↓ 6 callersFunctioncalculateJKT
calculateJKT computes the JWK thumbprint using SHA-256 per RFC 7638. The thumbprint is base64url-encoded without padding.
validator/dpop.go:167
↓ 6 callersMethodgenerateToken
(t *testing.T, subject, name string)
examples/http-multi-issuer-redis-example/main_integration_test.go:72
↓ 6 callersFunctionsetupApp
Try it out with: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnby1qd3QtbWlkZGxld2FyZS1leGFtcGxlIiwiYXVkIjoiYXVkaWVuY2UtZXhhbXBsZSIsInN1YiI6IjEyMzQ
examples/iris-example/main.go:43
↓ 5 callersFunctionCookieTokenExtractor
CookieTokenExtractor builds a TokenExtractor that takes a request and extracts the token from the cookie using the passed in cookieName. Note: Cookies
extractor.go:87
↓ 5 callersMethodHealthCheck
Health check (no authentication required)
examples/grpc-example/proto/greeter_grpc.pb.go:28
↓ 5 callersMethodString
()
examples/grpc-example/proto/greeter.pb.go:90
↓ 5 callersFunctionWithCredentialsOptional
WithCredentialsOptional allows requests without JWT tokens to proceed. When set to true, requests without tokens will not return an error, but the con
integrations/grpc/option.go:89
↓ 5 callersFunctionWithIssuerKeyConfigs
WithIssuerKeyConfigs configures symmetric keys for multiple issuers at once. This is the batch equivalent of WithIssuerKeyConfig, following the same p
jwks/option.go:305
↓ 5 callersFunctionalgToJWX
algToJWX maps validator.SignatureAlgorithm to jwa.SignatureAlgorithm for symmetric algorithms. This is a local helper to avoid importing the validator
jwks/multi_issuer_provider.go:435
↓ 5 callersFunctioncreateBearerToken
============================================================================= Helper Functions =======================================================
examples/http-dpop-example/main_integration_test.go:1399
↓ 5 callersFunctioncreateDPoPBoundToken
(jkt []byte, sub, scope string)
examples/http-dpop-disabled/main_integration_test.go:815
↓ 5 callersMethodextractCustomClaims
extractCustomClaims extracts and validates custom claims from the token string. SDK-agnostic approach: Manually decodes JWT payload for maximum portab
validator/validator.go:391
↓ 5 callersFunctiongenerateTestToken
generateTestToken creates a test JWT token with the given issuer, audience, and signing key. The token expires in 1 hour to prevent expiration issues
validator/validator_test.go:1146
↓ 5 callersMethodgenerateToken
(t *testing.T, subject, name string)
examples/http-multi-issuer-example/main_integration_test.go:70
↓ 5 callersMethodvalidateAudience
validateAudience checks if the token audiences contain at least one expected audience.
validator/validator.go:491
↓ 4 callersFunctionDPoPHeaderExtractor
DPoPHeaderExtractor extracts the DPoP proof from the "DPoP" HTTP header. Returns empty string if the header is not present (which is valid for Bearer
dpop.go:31
↓ 4 callersFunctionDefaultErrorHandler
DefaultErrorHandler is the default error handler implementation. It provides structured error responses with appropriate HTTP status codes and RFC 675
error_handler.go:102
↓ 4 callersFunctionWithCache
WithCache sets a custom Cache implementation for the CachingProvider. This allows users to provide their own caching strategy (e.g., Redis-backed cach
jwks/option.go:107
↓ 4 callersFunctionWithErrorHandler
WithErrorHandler sets the handler called when errors occur during JWT validation. See the ErrorHandler type for more information. Default: DefaultErr
option.go:80
↓ 4 callersFunctionWithErrorHandler
WithErrorHandler sets a custom error handler function. Default is DefaultErrorHandler which maps errors to gRPC status codes.
integrations/grpc/option.go:131
↓ 4 callersFunctionWithExclusionHandler
WithExclusionHandler sets a function that dynamically determines whether a gRPC method should be excluded from JWT validation. The handler receives th
integrations/grpc/option.go:180
↓ 4 callersFunctionWithMultiIssuerCache
WithMultiIssuerCache sets a custom Cache implementation for all per-issuer providers. This allows users to provide their own caching strategy (e.g., R
jwks/option.go:210
↓ 4 callersFunctionWithStandardProxy
WithStandardProxy configures trust for standard reverse proxies (Nginx, Apache, HAProxy). Trusts X-Forwarded-Proto and X-Forwarded-Host headers. Use t
proxy.go:98
↓ 4 callersFunctionWithTokenExtractor
WithTokenExtractor sets a custom token extractor function. Default is MetadataTokenExtractor which extracts from "authorization" metadata.
integrations/grpc/option.go:119
↓ 4 callersFunctionbuildBareWWWAuthenticateHeaders
buildBareWWWAuthenticateHeaders builds bare WWW-Authenticate headers without error codes. Per RFC 6750 Section 3.1, when a request lacks authenticatio
error_handler.go:440
↓ 4 callersFunctionbuildTestToken
buildTestToken builds a signed HS256 JWT with the given claims.
examples/http-example/main_integration_test.go:26
↓ 4 callersFunctionfile_proto_greeter_proto_rawDescGZIP
()
examples/grpc-example/proto/greeter.pb.go:252
↓ 4 callersFunctiongetLeftmost
getLeftmost extracts the leftmost value from a comma-separated header. This handles multiple proxies: "value1, value2, value3" -> "value1" The leftmos
proxy.go:238
↓ 4 callersMethodparseToken
parseToken parses and performs basic validation on the token. Abstraction point: This method wraps the underlying JWT library's parsing.
validator/validator.go:271
↓ 4 callersFunctionsetupRouter
Try it out with: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnby1qd3QtbWlkZGxld2FyZS1leGFtcGxlIiwiYXVkIjoiYXVkaWVuY2UtZXhhbXBsZSIsInN1YiI6IjEyMzQ
examples/gin-example/main.go:43
↓ 4 callersFunctionsetupRouter
Try it out with: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnby1qd3QtbWlkZGxld2FyZS1leGFtcGxlIiwiYXVkIjoiYXVkaWVuY2UtZXhhbXBsZSIsInN1YiI6IjEyMzQ
examples/echo-example/main.go:43
↓ 4 callersMethodvalidateIssuer
validateIssuer checks if the token issuer matches one of the expected issuers.
validator/validator.go:453
↓ 3 callersMethodContext
()
integrations/grpc/interceptor_test.go:828
↓ 3 callersMethodError
Error implements the error interface.
core/errors.go:41
↓ 3 callersMethodGetConfirmationJKT
GetConfirmationJKT returns the jkt from the cnf claim, or empty string if not present. This method implements the core.TokenClaims interface.
validator/claims.go:49
↓ 3 callersMethodGetHTM
GetHTM returns the HTTP method (htm) from the DPoP proof.
core/dpop.go:99
↓ 3 callersMethodGetHTU
GetHTU returns the HTTP URI (htu) from the DPoP proof.
core/dpop.go:102
↓ 3 callersMethodHasConfirmation
HasConfirmation returns true if the token has a cnf claim. This method implements the core.TokenClaims interface.
validator/claims.go:58
↓ 3 callersFunctionParameterTokenExtractor
ParameterTokenExtractor returns a TokenExtractor that extracts the token from the specified query string parameter. Note: Query parameters do not carr
extractor.go:114
↓ 3 callersMethodStats
Stats returns observability information about all managed issuers. This includes both OIDC providers (dynamically cached) and symmetric issuers (stati
jwks/multi_issuer_provider.go:366
↓ 3 callersMethodValidateDPoPProof
(ctx context.Context, proofString string)
core/core.go:17
↓ 3 callersMethodWarn
(msg string, args ...any)
integrations/grpc/option.go:20
↓ 3 callersFunctionWithDPoPIATLeeway
WithDPoPIATLeeway sets the clock skew allowance for future iat claims in DPoP proofs. This allows DPoP proofs with iat timestamps slightly in the futu
core/option.go:167
↓ 3 callersFunctionWithDPoPProofOffset
WithDPoPProofOffset sets the maximum age offset for DPoP proofs. This determines how far in the past a DPoP proof's iat timestamp can be. Default: 30
core/option.go:146
↓ 3 callersFunctionbuildDPoPWWWAuthenticateHeaders
buildDPoPWWWAuthenticateHeaders builds WWW-Authenticate headers for DPoP-specific errors.
error_handler.go:411
↓ 3 callersFunctioncreateBearerToken
Helper functions
examples/http-dpop-disabled/main_integration_test.go:789
↓ 3 callersFunctioncreateBearerToken
Helper functions
examples/http-dpop-required/main_integration_test.go:949
↓ 3 callersFunctioncreateDPoPProofWithAccessTokenAndTime
createDPoPProofWithAccessTokenAndTime creates a DPoP proof with ATH claim and specified timestamp
examples/http-dpop-example/main_integration_test.go:1445
↓ 3 callersFunctioncreateDPoPProofWithOptions
createDPoPProofWithOptions creates a DPoP proof with configurable algorithm and timestamp
examples/http-dpop-required/main_integration_test.go:993
↓ 3 callersMethodextractDPoPClaims
extractDPoPClaims extracts DPoP-specific claims from the JWT payload.
validator/dpop.go:143
↓ 3 callersFunctionnormalizePort
normalizePort normalizes the host by stripping default ports per RFC 3986 Section 6.2.3. This is required for DPoP HTU validation to avoid false misma
proxy.go:281
↓ 3 callersFunctionstringToJWXAlgorithm
stringToJWXAlgorithm converts our string algorithm to jwx's jwa.SignatureAlgorithm.
validator/validator.go:510
↓ 3 callersFunctiontimeToUnix
timeToUnix converts a time.Time to Unix timestamp, returning 0 for zero time.
validator/validator.go:547
↓ 2 callersFunctionGetDPoPContext
GetDPoPContext retrieves the DPoP context from the request context. Returns nil if no DPoP context exists (e.g., for Bearer tokens). This is a conven
dpop.go:58
↓ 2 callersFunctionHasClaims
HasClaims checks if claims exist in the context. Example: if jwtmiddleware.HasClaims(r.Context()) { claims, _ := jwtmiddleware.GetClaims[*vali
middleware.go:200
↓ 2 callersFunctionHasDPoPContext
HasDPoPContext checks if a DPoP context exists in the request context. Returns true for DPoP-bound tokens, false for Bearer tokens. This is a conveni
dpop.go:73
↓ 2 callersMethodValidateToken
(ctx context.Context, token string)
option.go:22
↓ 2 callersFunctionWithAPIGatewayProxy
WithAPIGatewayProxy configures trust for API gateways (AWS API Gateway, Kong, Traefik). Trusts X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Pr
proxy.go:123
↓ 2 callersFunctionWithDPoPIATLeeway
WithDPoPIATLeeway sets the clock skew allowance for DPoP proof iat claims. This allows DPoP proofs with iat timestamps slightly in the future due to c
option.go:225
↓ 2 callersFunctionWithDPoPProofOffset
WithDPoPProofOffset sets the maximum age for DPoP proofs. This determines how far in the past a DPoP proof's iat timestamp can be. Default: 300 secon
option.go:204
↓ 2 callersFunctionWithMultiIssuerHTTPClient
WithMultiIssuerHTTPClient sets a custom HTTP client for all per-issuer providers. If not specified, a default client with 30s timeout is used. Exampl
jwks/option.go:185
↓ 2 callersFunctionWithRFC7239Proxy
WithRFC7239Proxy configures trust for RFC 7239 Forwarded header. This is the most secure option if your proxy supports the structured Forwarded header
proxy.go:146
↓ 2 callersFunctionaddIssuerKeyConfig
addIssuerKeyConfig validates and stores a single issuer key configuration. Shared by WithIssuerKeyConfig and WithIssuerKeyConfigs.
jwks/option.go:321
↓ 2 callersFunctionconvertAuthScheme
convertAuthScheme converts middleware AuthScheme to core.AuthScheme
middleware.go:283
↓ 2 callersMethodevictLRU
evictLRU removes the least-recently-used provider from the cache. Must be called with write lock held.
jwks/multi_issuer_provider.go:279
↓ 2 callersMethodfetchWithCacheControl
fetchWithCacheControl fetches JWKS and extracts TTL from Cache-Control headers. Returns the JWKS set, the TTL (or 0 if not present), and any error.
jwks/provider.go:208
↓ 2 callersFunctiongenerateToken
generateToken creates a JWT token for testing
examples/grpc-example/server/main_integration_test.go:79
↓ 2 callersMethodgetDPoPMode
getDPoPMode returns the DPoP mode from the middleware. Returns the configured mode or DPoPAllowed as default.
middleware.go:386
↓ 2 callersMethodhandleBearerToken
handleBearerToken processes Bearer token validation logic. The authScheme parameter is used for logging purposes to distinguish between true Bearer to
core/dpop.go:340
↓ 2 callersMethodisExcluded
isExcluded checks if a gRPC method should skip JWT validation. It checks the static excluded methods set first, then the dynamic exclusion handler.
integrations/grpc/interceptor.go:173
↓ 2 callersFunctionisSymmetricAlgorithm
isSymmetricAlgorithm returns true if the algorithm is a symmetric (HMAC) algorithm.
jwks/option.go:350
↓ 2 callersMethodlogWarn
logWarn logs a warning message if the logger is configured.
core/dpop.go:566
↓ 2 callersFunctionnormalizeHost
normalizeHost returns the hostname:port with default ports stripped, so that "example.com" and "example.com:443" compare equal for HTTPS.
internal/oidc/oidc.go:165
↓ 2 callersFunctionparseCacheControl
parseCacheControl extracts max-age from Cache-Control header with security validation. Returns 0 if max-age is not present, invalid, or unreasonable.
jwks/provider.go:252
↓ 2 callersFunctionparseForwardedHeader
parseForwardedHeader parses RFC 7239 Forwarded header. Example: "for=192.0.2.60;proto=https;host=api.example.com" Returns extracted scheme and host.
proxy.go:249
↓ 2 callersFunctionsetupHandler
()
examples/http-dpop-trusted-proxy/main.go:97
↓ 2 callersFunctionsetupHandler
(issuer string, audience []string)
examples/http-jwks-example/main.go:38
↓ 2 callersMethodvalidateRequest
validateRequest extracts and validates the JWT from the context.
integrations/grpc/interceptor.go:184
↓ 1 callersMethodError
Error returns a string representation of the error.
error_handler.go:480
↓ 1 callersMethodGetATH
GetATH returns the access token hash (ath) from the DPoP proof, if present. Returns empty string if the ath claim is not included in the proof.
core/dpop.go:109
↓ 1 callersMethodGetConfirmationJKT
GetConfirmationJKT returns the jkt from the cnf claim, or empty string if not present.
core/dpop.go:122
↓ 1 callersMethodGetHTM
GetHTM returns the HTTP method (htm) from the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:49
↓ 1 callersMethodGetHTU
GetHTU returns the HTTP URI (htu) from the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:55
↓ 1 callersMethodGetIAT
GetIAT returns the issued-at timestamp (iat) from the DPoP proof.
core/dpop.go:105
↓ 1 callersMethodGetIAT
GetIAT returns the issued-at timestamp (iat) from the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:61
↓ 1 callersMethodGetJTI
GetJTI returns the unique identifier (jti) of the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:43
← previousnext →101–200 of 744, ranked by callers