map_claims.go

Documentation: github.com/golang-jwt/jwt

     1  package jwt
     2  
     3  import (
     4  	"encoding/json"
     5  	"errors"
     6  	// "fmt"
     7  )
     8  
     9  // Claims type that uses the map[string]interface{} for JSON decoding
    10  // This is the default claims type if you don't supply one
    11  type MapClaims map[string]interface{}
    12  
    13  // VerifyAudience Compares the aud claim against cmp.
    14  // If required is false, this method will return true if the value matches or is unset
    15  func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
    16  	var aud []string
    17  	switch v := m["aud"].(type) {
    18  	case string:
    19  		aud = append(aud, v)
    20  	case []string:
    21  		aud = v
    22  	case []interface{}:
    23  		for _, a := range v {
    24  			vs, ok := a.(string)
    25  			if !ok {
    26  				return false
    27  			}
    28  			aud = append(aud, vs)
    29  		}
    30  	}
    31  	return verifyAud(aud, cmp, req)
    32  }
    33  
    34  // Compares the exp claim against cmp.
    35  // If required is false, this method will return true if the value matches or is unset
    36  func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
    37  	exp, ok := m["exp"]
    38  	if !ok {
    39  		return !req
    40  	}
    41  	switch expType := exp.(type) {
    42  	case float64:
    43  		return verifyExp(int64(expType), cmp, req)
    44  	case json.Number:
    45  		v, _ := expType.Int64()
    46  		return verifyExp(v, cmp, req)
    47  	}
    48  	return false
    49  }
    50  
    51  // Compares the iat claim against cmp.
    52  // If required is false, this method will return true if the value matches or is unset
    53  func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
    54  	iat, ok := m["iat"]
    55  	if !ok {
    56  		return !req
    57  	}
    58  	switch iatType := iat.(type) {
    59  	case float64:
    60  		return verifyIat(int64(iatType), cmp, req)
    61  	case json.Number:
    62  		v, _ := iatType.Int64()
    63  		return verifyIat(v, cmp, req)
    64  	}
    65  	return false
    66  }
    67  
    68  // Compares the iss claim against cmp.
    69  // If required is false, this method will return true if the value matches or is unset
    70  func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
    71  	iss, _ := m["iss"].(string)
    72  	return verifyIss(iss, cmp, req)
    73  }
    74  
    75  // Compares the nbf claim against cmp.
    76  // If required is false, this method will return true if the value matches or is unset
    77  func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
    78  	nbf, ok := m["nbf"]
    79  	if !ok {
    80  		return !req
    81  	}
    82  	switch nbfType := nbf.(type) {
    83  	case float64:
    84  		return verifyNbf(int64(nbfType), cmp, req)
    85  	case json.Number:
    86  		v, _ := nbfType.Int64()
    87  		return verifyNbf(v, cmp, req)
    88  	}
    89  	return false
    90  }
    91  
    92  // Validates time based claims "exp, iat, nbf".
    93  // There is no accounting for clock skew.
    94  // As well, if any of the above claims are not in the token, it will still
    95  // be considered a valid claim.
    96  func (m MapClaims) Valid() error {
    97  	vErr := new(ValidationError)
    98  	now := TimeFunc().Unix()
    99  
   100  	if !m.VerifyExpiresAt(now, false) {
   101  		vErr.Inner = errors.New("Token is expired")
   102  		vErr.Errors |= ValidationErrorExpired
   103  	}
   104  
   105  	if !m.VerifyIssuedAt(now, false) {
   106  		vErr.Inner = errors.New("Token used before issued")
   107  		vErr.Errors |= ValidationErrorIssuedAt
   108  	}
   109  
   110  	if !m.VerifyNotBefore(now, false) {
   111  		vErr.Inner = errors.New("Token is not valid yet")
   112  		vErr.Errors |= ValidationErrorNotValidYet
   113  	}
   114  
   115  	if vErr.valid() {
   116  		return nil
   117  	}
   118  
   119  	return vErr
   120  }
   121
View as plain text