jwt

package

v0.1.1 Latest Latest Go to latest Published: Jan 27, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coral-mesh/coral-crypto

Links

Open Source Insights

Documentation ¶

Overview ¶

Package jwt provides JWT token creation and validation for Coral discovery.

Index ¶

Constants
func CreateReferralTicketStatic(privateKey ed25519.PrivateKey, keyID string, ...) (string, int64, error)
func VerifySignatureStatic(tokenString, jwksJSON string) (bool, error)
type BootstrapClaims
type JWK
type JWKS
type ReferralClaims
type Signer
- func NewSigner(cfg SigningConfig) *Signer
- func (s *Signer) CreateReferralTicket(reefID, colonyID, agentID, intent string) (string, int64, error)
- func (s *Signer) CreateReferralTicketWithTTL(reefID, colonyID, agentID, intent string, ttl time.Duration) (string, int64, error)
type SigningConfig
type Validator
- func NewValidator(jwks *JWKS) (*Validator, error)
- func NewValidatorFromJSON(jwksJSON string) (*Validator, error)

Constants ¶

View Source

const DefaultAudience = "coral-colony"

DefaultAudience is the default token audience for colony tokens.

View Source

const DefaultIssuer = "coral-discovery"

DefaultIssuer is the default token issuer for discovery tokens.

View Source

const LegacyAudience = "colony-step-ca"

LegacyAudience is the legacy audience name for backwards compatibility.

View Source

const LegacyIssuer = "reef-control"

LegacyIssuer is the legacy issuer name for backwards compatibility.

Variables ¶

This section is empty.

Functions ¶

func CreateReferralTicketStatic ¶

func CreateReferralTicketStatic(
	privateKey ed25519.PrivateKey,
	keyID string,
	reefID, colonyID, agentID, intent string,
	ttlSeconds int,
	issuer, audience string,
) (string, int64, error)

CreateReferralTicketStatic creates a referral ticket using static parameters. This is the primary function for creating tokens, useful for Wasm compilation.

func VerifySignatureStatic ¶

func VerifySignatureStatic(tokenString, jwksJSON string) (bool, error)

VerifySignatureStatic verifies a JWT signature using a JWKS JSON string. This is the primary function for verification, useful for Wasm compilation.

Types ¶

type BootstrapClaims ¶

type BootstrapClaims struct {
	ReefID   string `json:"reef_id"`
	ColonyID string `json:"colony_id"`
	AgentID  string `json:"agent_id"`
	Intent   string `json:"intent"`
	jwt.RegisteredClaims
}

BootstrapClaims contains JWT claims for bootstrap tokens.

type JWK ¶

type JWK struct {
	KID string `json:"kid"`
	KTY string `json:"kty"` // "OKP"
	CRV string `json:"crv"` // "Ed25519"
	X   string `json:"x"`   // Base64URL encoded public key
	USE string `json:"use"` // "sig"
	ALG string `json:"alg"` // "EdDSA"
}

JWK represents a JSON Web Key.

type JWKS ¶

type JWKS struct {
	Keys []JWK `json:"keys"`
}

JWKS represents a JSON Web Key Set.

type ReferralClaims ¶

type ReferralClaims struct {
	ReefID   string `json:"reef_id"`
	ColonyID string `json:"colony_id"`
	AgentID  string `json:"agent_id"`
	Intent   string `json:"intent"`
	jwt.RegisteredClaims
}

ReferralClaims contains JWT claims for referral tickets (RFD 049).

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer creates signed JWT tokens.

func NewSigner ¶

func NewSigner(cfg SigningConfig) *Signer

NewSigner creates a new token signer.

func (*Signer) CreateReferralTicket ¶

func (s *Signer) CreateReferralTicket(reefID, colonyID, agentID, intent string) (string, int64, error)

CreateReferralTicket creates a new stateless referral ticket JWT. Returns the signed token string and the expiration timestamp (Unix seconds).

func (*Signer) CreateReferralTicketWithTTL ¶

func (s *Signer) CreateReferralTicketWithTTL(reefID, colonyID, agentID, intent string, ttl time.Duration) (string, int64, error)

CreateReferralTicketWithTTL creates a referral ticket with a custom TTL.

type SigningConfig ¶

type SigningConfig struct {
	// PrivateKey is the Ed25519 private key for signing.
	PrivateKey ed25519.PrivateKey

	// KeyID is the key identifier for the JWT header.
	KeyID string

	// Issuer is the token issuer claim.
	Issuer string

	// Audience is the token audience claim.
	Audience string

	// DefaultTTL is the default token time-to-live.
	DefaultTTL time.Duration
}

SigningConfig contains configuration for token signing.

type Validator ¶

type Validator struct {
	// contains filtered or unexported fields
}

Validator validates JWT tokens using a JWKS.

func NewValidator ¶

func NewValidator(jwks *JWKS) (*Validator, error)

NewValidator creates a new token validator from a JWKS.

func NewValidatorFromJSON ¶

func NewValidatorFromJSON(jwksJSON string) (*Validator, error)

NewValidatorFromJSON creates a validator from a JWKS JSON string.

func (*Validator) GetKeyFunc ¶

func (v *Validator) GetKeyFunc() jwt.Keyfunc

GetKeyFunc returns a jwt.Keyfunc for use with jwt.Parse.

func (*Validator) ValidateReferralTicket ¶

func (v *Validator) ValidateReferralTicket(tokenString string) (*ReferralClaims, error)

ValidateReferralTicket validates a referral ticket JWT. This is a stateless validation per RFD 049 using JWKS.

func (*Validator) VerifySignature ¶

func (v *Validator) VerifySignature(tokenString string) bool

VerifySignature verifies a JWT signature against the JWKS. Returns true if the signature is valid, false otherwise.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL