WithValidity validates boundary inputs and sets the 'nbf' (NotBefore) and 'exp' (expiration) options.
(notBefore, expiration time.Time)
| 146 | // WithValidity validates boundary inputs and sets the 'nbf' (NotBefore) and |
| 147 | // 'exp' (expiration) options. |
| 148 | func WithValidity(notBefore, expiration time.Time) Options { |
| 149 | return func(c *Claims) error { |
| 150 | now := time.Now().UTC() |
| 151 | if expiration.Before(notBefore) { |
| 152 | return errors.Errorf("nbf < exp: nbf=%v, exp=%v", notBefore, expiration) |
| 153 | } |
| 154 | requestedDelay := notBefore.Sub(now) |
| 155 | if requestedDelay > MaxValidityDelay { |
| 156 | return errors.Errorf("requested validity delay is too long: 'requested validity delay'=%v, 'max validity delay'=%v", requestedDelay, MaxValidityDelay) |
| 157 | } |
| 158 | requestedValidity := expiration.Sub(notBefore) |
| 159 | if requestedValidity < MinValidity { |
| 160 | return errors.Errorf("requested token validity is too short: 'requested token validity'=%v, 'minimum token validity'=%v", requestedValidity, MinValidity) |
| 161 | } else if requestedValidity > MaxValidity { |
| 162 | return errors.Errorf("requested token validity is too long: 'requested token validity'=%v, 'maximum token validity'=%v", requestedValidity, MaxValidity) |
| 163 | } |
| 164 | c.NotBefore = jose.NewNumericDate(notBefore) |
| 165 | c.Expiry = jose.NewNumericDate(expiration) |
| 166 | return nil |
| 167 | } |
| 168 | } |
| 169 | |
| 170 | // WithIssuer returns an Options function that sets the issuer to use in the |
| 171 | // token claims. If Issuer is not used the default issuer will be used. |
no outgoing calls
searching dependent graphs…