Sign creates a JWT with the claims and signs it with the given key.
(alg jose.SignatureAlgorithm, key interface{})
| 69 | |
| 70 | // Sign creates a JWT with the claims and signs it with the given key. |
| 71 | func (c *Claims) Sign(alg jose.SignatureAlgorithm, key interface{}) (string, error) { |
| 72 | kid, err := GenerateKeyID(key) |
| 73 | if err != nil { |
| 74 | return "", err |
| 75 | } |
| 76 | |
| 77 | so := new(jose.SignerOptions) |
| 78 | so.WithType("JWT") |
| 79 | so.WithHeader("kid", kid) |
| 80 | |
| 81 | // Used to override the kid too |
| 82 | for k, v := range c.ExtraHeaders { |
| 83 | so.WithHeader(jose.HeaderKey(k), v) |
| 84 | } |
| 85 | |
| 86 | signer, err := jose.NewSigner(jose.SigningKey{ |
| 87 | Algorithm: alg, |
| 88 | Key: key, |
| 89 | }, so) |
| 90 | if err != nil { |
| 91 | return "", errors.Wrapf(err, "error creating JWT signer") |
| 92 | } |
| 93 | |
| 94 | // Force aud to be a string |
| 95 | if len(c.Audience) == 1 { |
| 96 | c.Set("aud", c.Audience[0]) |
| 97 | } |
| 98 | |
| 99 | raw, err := jose.Signed(signer).Claims(c.Claims).Claims(c.ExtraClaims).CompactSerialize() |
| 100 | if err != nil { |
| 101 | return "", errors.Wrapf(err, "error serializing JWT") |
| 102 | } |
| 103 | return raw, nil |
| 104 | } |
| 105 | |
| 106 | // NewClaims returns the default claims with the given options added. |
| 107 | func NewClaims(opts ...Options) (*Claims, error) { |