Code
Hub
Workspaces
Following
Trending
Connect
MCP
copy
Index your code
hub
/
github.com/auth0/go-jwt-middleware
/ functions
Functions
744 in github.com/auth0/go-jwt-middleware
⨍
Functions
744
◇
Types & classes
102
↓ 7 callers
Method
extractConfirmationClaim
extractConfirmationClaim extracts the cnf (confirmation) claim from the token string. This claim is used for DPoP (Demonstrating Proof-of-Possession)
validator/validator.go:427
↓ 7 callers
Method
hasAnyTrustedHeaders
hasAnyTrustedHeaders returns true if any header trust flags are enabled
proxy.go:46
↓ 6 callers
Function
HasClaims
HasClaims checks if claims exist in the context without retrieving them.
core/context.go:56
↓ 6 callers
Function
HasDPoPContext
HasDPoPContext checks if a DPoP context exists in the context. Returns true for DPoP-bound tokens, false for Bearer tokens. Example usage: if core.
core/context.go:101
↓ 6 callers
Function
IssuerFromContext
IssuerFromContext extracts the issuer from the context. This is useful for JWKS providers that need to route requests based on the issuer. Note: The
validator/validator.go:37
↓ 6 callers
Function
MultiTokenExtractor
MultiTokenExtractor returns a TokenExtractor that runs multiple TokenExtractors and takes the one that does not return an empty token. If a TokenExtra
extractor.go:133
↓ 6 callers
Function
WithCustomClient
WithCustomClient sets a custom HTTP client for the Provider. If not specified, a default client with 30s timeout is used.
jwks/option.go:50
↓ 6 callers
Function
WithCustomJWKSURI
WithCustomJWKSURI sets a custom JWKS URI for the Provider. When set, the Provider will fetch JWKS directly from this URI, skipping the OIDC discovery
jwks/option.go:38
↓ 6 callers
Function
WithExcludedMethods
WithExcludedMethods excludes specific gRPC methods from JWT validation. Methods should be provided in the format: "/package.Service/Method" For more
integrations/grpc/option.go:153
↓ 6 callers
Function
WithMultiIssuerCacheTTL
WithMultiIssuerCacheTTL sets the cache refresh interval for all per-issuer providers. If not specified, defaults to 15 minutes. The TTL determines th
jwks/option.go:160
↓ 6 callers
Function
WithRegisteredClaimsValidator
WithRegisteredClaimsValidator sets a validation function that runs against the registered claims (iss, sub, aud, exp, nbf, iat, jti) after standard va
validator/option.go:261
↓ 6 callers
Function
WithValidateOnOptions
WithValidateOnOptions sets whether OPTIONS requests should have their JWT validated. Default: true (OPTIONS requests are validated)
option.go:69
↓ 6 callers
Function
assertErrorResponse
assertErrorResponse asserts the HTTP status, JSON error body, and WWW-Authenticate header.
examples/http-example/main_integration_test.go:64
↓ 6 callers
Function
buildSymmetricKeySet
buildSymmetricKeySet creates a jwk.Set containing a symmetric key with the specified algorithm and optional key ID. This allows symmetric keys to be h
jwks/multi_issuer_provider.go:405
↓ 6 callers
Function
calculateJKT
calculateJKT computes the JWK thumbprint using SHA-256 per RFC 7638. The thumbprint is base64url-encoded without padding.
validator/dpop.go:167
↓ 6 callers
Method
generateToken
(t *testing.T, subject, name string)
examples/http-multi-issuer-redis-example/main_integration_test.go:72
↓ 6 callers
Function
setupApp
Try it out with: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnby1qd3QtbWlkZGxld2FyZS1leGFtcGxlIiwiYXVkIjoiYXVkaWVuY2UtZXhhbXBsZSIsInN1YiI6IjEyMzQ
examples/iris-example/main.go:43
↓ 5 callers
Function
CookieTokenExtractor
CookieTokenExtractor builds a TokenExtractor that takes a request and extracts the token from the cookie using the passed in cookieName. Note: Cookies
extractor.go:87
↓ 5 callers
Method
HealthCheck
Health check (no authentication required)
examples/grpc-example/proto/greeter_grpc.pb.go:28
↓ 5 callers
Method
String
()
examples/grpc-example/proto/greeter.pb.go:90
↓ 5 callers
Function
WithCredentialsOptional
WithCredentialsOptional allows requests without JWT tokens to proceed. When set to true, requests without tokens will not return an error, but the con
integrations/grpc/option.go:89
↓ 5 callers
Function
WithIssuerKeyConfigs
WithIssuerKeyConfigs configures symmetric keys for multiple issuers at once. This is the batch equivalent of WithIssuerKeyConfig, following the same p
jwks/option.go:305
↓ 5 callers
Function
algToJWX
algToJWX maps validator.SignatureAlgorithm to jwa.SignatureAlgorithm for symmetric algorithms. This is a local helper to avoid importing the validator
jwks/multi_issuer_provider.go:435
↓ 5 callers
Function
createBearerToken
============================================================================= Helper Functions =======================================================
examples/http-dpop-example/main_integration_test.go:1399
↓ 5 callers
Function
createDPoPBoundToken
(jkt []byte, sub, scope string)
examples/http-dpop-disabled/main_integration_test.go:815
↓ 5 callers
Method
extractCustomClaims
extractCustomClaims extracts and validates custom claims from the token string. SDK-agnostic approach: Manually decodes JWT payload for maximum portab
validator/validator.go:391
↓ 5 callers
Function
generateTestToken
generateTestToken creates a test JWT token with the given issuer, audience, and signing key. The token expires in 1 hour to prevent expiration issues
validator/validator_test.go:1146
↓ 5 callers
Method
generateToken
(t *testing.T, subject, name string)
examples/http-multi-issuer-example/main_integration_test.go:70
↓ 5 callers
Method
validateAudience
validateAudience checks if the token audiences contain at least one expected audience.
validator/validator.go:491
↓ 4 callers
Function
DPoPHeaderExtractor
DPoPHeaderExtractor extracts the DPoP proof from the "DPoP" HTTP header. Returns empty string if the header is not present (which is valid for Bearer
dpop.go:31
↓ 4 callers
Function
DefaultErrorHandler
DefaultErrorHandler is the default error handler implementation. It provides structured error responses with appropriate HTTP status codes and RFC 675
error_handler.go:102
↓ 4 callers
Function
WithCache
WithCache sets a custom Cache implementation for the CachingProvider. This allows users to provide their own caching strategy (e.g., Redis-backed cach
jwks/option.go:107
↓ 4 callers
Function
WithErrorHandler
WithErrorHandler sets the handler called when errors occur during JWT validation. See the ErrorHandler type for more information. Default: DefaultErr
option.go:80
↓ 4 callers
Function
WithErrorHandler
WithErrorHandler sets a custom error handler function. Default is DefaultErrorHandler which maps errors to gRPC status codes.
integrations/grpc/option.go:131
↓ 4 callers
Function
WithExclusionHandler
WithExclusionHandler sets a function that dynamically determines whether a gRPC method should be excluded from JWT validation. The handler receives th
integrations/grpc/option.go:180
↓ 4 callers
Function
WithMultiIssuerCache
WithMultiIssuerCache sets a custom Cache implementation for all per-issuer providers. This allows users to provide their own caching strategy (e.g., R
jwks/option.go:210
↓ 4 callers
Function
WithStandardProxy
WithStandardProxy configures trust for standard reverse proxies (Nginx, Apache, HAProxy). Trusts X-Forwarded-Proto and X-Forwarded-Host headers. Use t
proxy.go:98
↓ 4 callers
Function
WithTokenExtractor
WithTokenExtractor sets a custom token extractor function. Default is MetadataTokenExtractor which extracts from "authorization" metadata.
integrations/grpc/option.go:119
↓ 4 callers
Function
buildBareWWWAuthenticateHeaders
buildBareWWWAuthenticateHeaders builds bare WWW-Authenticate headers without error codes. Per RFC 6750 Section 3.1, when a request lacks authenticatio
error_handler.go:440
↓ 4 callers
Function
buildTestToken
buildTestToken builds a signed HS256 JWT with the given claims.
examples/http-example/main_integration_test.go:26
↓ 4 callers
Function
file_proto_greeter_proto_rawDescGZIP
()
examples/grpc-example/proto/greeter.pb.go:252
↓ 4 callers
Function
getLeftmost
getLeftmost extracts the leftmost value from a comma-separated header. This handles multiple proxies: "value1, value2, value3" -> "value1" The leftmos
proxy.go:238
↓ 4 callers
Method
parseToken
parseToken parses and performs basic validation on the token. Abstraction point: This method wraps the underlying JWT library's parsing.
validator/validator.go:271
↓ 4 callers
Function
setupRouter
Try it out with: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnby1qd3QtbWlkZGxld2FyZS1leGFtcGxlIiwiYXVkIjoiYXVkaWVuY2UtZXhhbXBsZSIsInN1YiI6IjEyMzQ
examples/gin-example/main.go:43
↓ 4 callers
Function
setupRouter
Try it out with: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnby1qd3QtbWlkZGxld2FyZS1leGFtcGxlIiwiYXVkIjoiYXVkaWVuY2UtZXhhbXBsZSIsInN1YiI6IjEyMzQ
examples/echo-example/main.go:43
↓ 4 callers
Method
validateIssuer
validateIssuer checks if the token issuer matches one of the expected issuers.
validator/validator.go:453
↓ 3 callers
Method
Context
()
integrations/grpc/interceptor_test.go:828
↓ 3 callers
Method
Error
Error implements the error interface.
core/errors.go:41
↓ 3 callers
Method
GetConfirmationJKT
GetConfirmationJKT returns the jkt from the cnf claim, or empty string if not present. This method implements the core.TokenClaims interface.
validator/claims.go:49
↓ 3 callers
Method
GetHTM
GetHTM returns the HTTP method (htm) from the DPoP proof.
core/dpop.go:99
↓ 3 callers
Method
GetHTU
GetHTU returns the HTTP URI (htu) from the DPoP proof.
core/dpop.go:102
↓ 3 callers
Method
HasConfirmation
HasConfirmation returns true if the token has a cnf claim. This method implements the core.TokenClaims interface.
validator/claims.go:58
↓ 3 callers
Function
ParameterTokenExtractor
ParameterTokenExtractor returns a TokenExtractor that extracts the token from the specified query string parameter. Note: Query parameters do not carr
extractor.go:114
↓ 3 callers
Method
Stats
Stats returns observability information about all managed issuers. This includes both OIDC providers (dynamically cached) and symmetric issuers (stati
jwks/multi_issuer_provider.go:366
↓ 3 callers
Method
ValidateDPoPProof
(ctx context.Context, proofString string)
core/core.go:17
↓ 3 callers
Method
Warn
(msg string, args ...any)
integrations/grpc/option.go:20
↓ 3 callers
Function
WithDPoPIATLeeway
WithDPoPIATLeeway sets the clock skew allowance for future iat claims in DPoP proofs. This allows DPoP proofs with iat timestamps slightly in the futu
core/option.go:167
↓ 3 callers
Function
WithDPoPProofOffset
WithDPoPProofOffset sets the maximum age offset for DPoP proofs. This determines how far in the past a DPoP proof's iat timestamp can be. Default: 30
core/option.go:146
↓ 3 callers
Function
buildDPoPWWWAuthenticateHeaders
buildDPoPWWWAuthenticateHeaders builds WWW-Authenticate headers for DPoP-specific errors.
error_handler.go:411
↓ 3 callers
Function
createBearerToken
Helper functions
examples/http-dpop-disabled/main_integration_test.go:789
↓ 3 callers
Function
createBearerToken
Helper functions
examples/http-dpop-required/main_integration_test.go:949
↓ 3 callers
Function
createDPoPProofWithAccessTokenAndTime
createDPoPProofWithAccessTokenAndTime creates a DPoP proof with ATH claim and specified timestamp
examples/http-dpop-example/main_integration_test.go:1445
↓ 3 callers
Function
createDPoPProofWithOptions
createDPoPProofWithOptions creates a DPoP proof with configurable algorithm and timestamp
examples/http-dpop-required/main_integration_test.go:993
↓ 3 callers
Method
extractDPoPClaims
extractDPoPClaims extracts DPoP-specific claims from the JWT payload.
validator/dpop.go:143
↓ 3 callers
Function
normalizePort
normalizePort normalizes the host by stripping default ports per RFC 3986 Section 6.2.3. This is required for DPoP HTU validation to avoid false misma
proxy.go:281
↓ 3 callers
Function
stringToJWXAlgorithm
stringToJWXAlgorithm converts our string algorithm to jwx's jwa.SignatureAlgorithm.
validator/validator.go:510
↓ 3 callers
Function
timeToUnix
timeToUnix converts a time.Time to Unix timestamp, returning 0 for zero time.
validator/validator.go:547
↓ 2 callers
Function
GetDPoPContext
GetDPoPContext retrieves the DPoP context from the request context. Returns nil if no DPoP context exists (e.g., for Bearer tokens). This is a conven
dpop.go:58
↓ 2 callers
Function
HasClaims
HasClaims checks if claims exist in the context. Example: if jwtmiddleware.HasClaims(r.Context()) { claims, _ := jwtmiddleware.GetClaims[*vali
middleware.go:200
↓ 2 callers
Function
HasDPoPContext
HasDPoPContext checks if a DPoP context exists in the request context. Returns true for DPoP-bound tokens, false for Bearer tokens. This is a conveni
dpop.go:73
↓ 2 callers
Method
ValidateToken
(ctx context.Context, token string)
option.go:22
↓ 2 callers
Function
WithAPIGatewayProxy
WithAPIGatewayProxy configures trust for API gateways (AWS API Gateway, Kong, Traefik). Trusts X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Pr
proxy.go:123
↓ 2 callers
Function
WithDPoPIATLeeway
WithDPoPIATLeeway sets the clock skew allowance for DPoP proof iat claims. This allows DPoP proofs with iat timestamps slightly in the future due to c
option.go:225
↓ 2 callers
Function
WithDPoPProofOffset
WithDPoPProofOffset sets the maximum age for DPoP proofs. This determines how far in the past a DPoP proof's iat timestamp can be. Default: 300 secon
option.go:204
↓ 2 callers
Function
WithMultiIssuerHTTPClient
WithMultiIssuerHTTPClient sets a custom HTTP client for all per-issuer providers. If not specified, a default client with 30s timeout is used. Exampl
jwks/option.go:185
↓ 2 callers
Function
WithRFC7239Proxy
WithRFC7239Proxy configures trust for RFC 7239 Forwarded header. This is the most secure option if your proxy supports the structured Forwarded header
proxy.go:146
↓ 2 callers
Function
addIssuerKeyConfig
addIssuerKeyConfig validates and stores a single issuer key configuration. Shared by WithIssuerKeyConfig and WithIssuerKeyConfigs.
jwks/option.go:321
↓ 2 callers
Function
convertAuthScheme
convertAuthScheme converts middleware AuthScheme to core.AuthScheme
middleware.go:283
↓ 2 callers
Method
evictLRU
evictLRU removes the least-recently-used provider from the cache. Must be called with write lock held.
jwks/multi_issuer_provider.go:279
↓ 2 callers
Method
fetchWithCacheControl
fetchWithCacheControl fetches JWKS and extracts TTL from Cache-Control headers. Returns the JWKS set, the TTL (or 0 if not present), and any error.
jwks/provider.go:208
↓ 2 callers
Function
generateToken
generateToken creates a JWT token for testing
examples/grpc-example/server/main_integration_test.go:79
↓ 2 callers
Method
getDPoPMode
getDPoPMode returns the DPoP mode from the middleware. Returns the configured mode or DPoPAllowed as default.
middleware.go:386
↓ 2 callers
Method
handleBearerToken
handleBearerToken processes Bearer token validation logic. The authScheme parameter is used for logging purposes to distinguish between true Bearer to
core/dpop.go:340
↓ 2 callers
Method
isExcluded
isExcluded checks if a gRPC method should skip JWT validation. It checks the static excluded methods set first, then the dynamic exclusion handler.
integrations/grpc/interceptor.go:173
↓ 2 callers
Function
isSymmetricAlgorithm
isSymmetricAlgorithm returns true if the algorithm is a symmetric (HMAC) algorithm.
jwks/option.go:350
↓ 2 callers
Method
logWarn
logWarn logs a warning message if the logger is configured.
core/dpop.go:566
↓ 2 callers
Function
normalizeHost
normalizeHost returns the hostname:port with default ports stripped, so that "example.com" and "example.com:443" compare equal for HTTPS.
internal/oidc/oidc.go:165
↓ 2 callers
Function
parseCacheControl
parseCacheControl extracts max-age from Cache-Control header with security validation. Returns 0 if max-age is not present, invalid, or unreasonable.
jwks/provider.go:252
↓ 2 callers
Function
parseForwardedHeader
parseForwardedHeader parses RFC 7239 Forwarded header. Example: "for=192.0.2.60;proto=https;host=api.example.com" Returns extracted scheme and host.
proxy.go:249
↓ 2 callers
Function
setupHandler
()
examples/http-dpop-trusted-proxy/main.go:97
↓ 2 callers
Function
setupHandler
(issuer string, audience []string)
examples/http-jwks-example/main.go:38
↓ 2 callers
Method
validateRequest
validateRequest extracts and validates the JWT from the context.
integrations/grpc/interceptor.go:184
↓ 1 callers
Method
Error
Error returns a string representation of the error.
error_handler.go:480
↓ 1 callers
Method
GetATH
GetATH returns the access token hash (ath) from the DPoP proof, if present. Returns empty string if the ath claim is not included in the proof.
core/dpop.go:109
↓ 1 callers
Method
GetConfirmationJKT
GetConfirmationJKT returns the jkt from the cnf claim, or empty string if not present.
core/dpop.go:122
↓ 1 callers
Method
GetHTM
GetHTM returns the HTTP method (htm) from the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:49
↓ 1 callers
Method
GetHTU
GetHTU returns the HTTP URI (htu) from the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:55
↓ 1 callers
Method
GetIAT
GetIAT returns the issued-at timestamp (iat) from the DPoP proof.
core/dpop.go:105
↓ 1 callers
Method
GetIAT
GetIAT returns the issued-at timestamp (iat) from the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:61
↓ 1 callers
Method
GetJTI
GetJTI returns the unique identifier (jti) of the DPoP proof. This method implements the core.DPoPProofClaims interface.
validator/dpop_claims.go:43
← previous
next →
101–200 of 744, ranked by callers