toby3d/auth
toby3d
/
auth
1
0
Fork 0
Code Actions Packages Releases Activity
auth/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml

168 lines
6.4 KiB
YAML
Raw Blame History

package_name: jws
output: jws/options_gen.go
interfaces:
- name: CompactOption
comment: |
CompactOption describes options that can be passed to `jws.Compact`
- name: VerifyOption
comment: |
VerifyOption describes options that can be passed to `jws.Verify`
- name: SignOption
comment: |
SignOption describes options that can be passed to `jws.Sign`
- name: SignVerifyOption
methods:
- signOption
- verifyOption
comment: |
SignVerifyOption describes options that can be passed to either `jws.Verify` or `jws.Sign`
- name: WithJSONSuboption
concrete_type: withJSONSuboption
comment: |
JSONSuboption describes suboptions that can be passed to `jws.WithJSON()` option
- name: WithKeySuboption
comment: |
WithKeySuboption describes option types that can be passed to the `jws.WithKey()`
option.
- name: WithKeySetSuboption
comment: |
WithKeySetSuboption is a suboption passed to the `jws.WithKeySet()` option
- name: ParseOption
methods:
- readFileOption
comment: |
ReadFileOption is a type of `Option` that can be passed to `jwe.Parse`
- name: ReadFileOption
comment: |
ReadFileOption is a type of `Option` that can be passed to `jws.ReadFile`
options:
- ident: Key
skip_option: true
- ident: Serialization
skip_option: true
- ident: Serialization
option_name: WithCompact
interface: SignOption
constant_value: fmtCompact
comment: |
WithCompact specifies that the result of `jws.Sign()` is serialized in
compact format.
By default `jws.Sign()` will opt to use compact format, so you usually
do not need to specify this option other than to be explicit about it
- ident: Detached
interface: CompactOption
argument_type: bool
comment: |
WithDetached specifies that the `jws.Message` should be serialized in
JWS compact serialization with detached payload. The resulting octet
sequence will not contain the payload section.
- ident: DetachedPayload
interface: SignVerifyOption
argument_type: '[]byte'
comment: |
WithDetachedPayload can be used to both sign or verify a JWS message with a
detached payload.
When this option is used for `jws.Sign()`, the first parameter (normally the payload)
must be set to `nil`.
If you have to verify using this option, you should know exactly how and why this works.
- ident: Message
interface: VerifyOption
argument_type: '*Message'
comment: |
WithMessage can be passed to Verify() to obtain the jws.Message upon
a successful verification.
- ident: KeyUsed
interface: VerifyOption
argument_type: 'interface{}'
comment: |
WithKeyUsed allows you to specify the `jws.Verify()` function to
return the key used for verification. This may be useful when
you specify multiple key sources or if you pass a `jwk.Set`
and you want to know which key was successful at verifying the
signature.
`v` must be a pointer to an empty `interface{}`. Do not use
`jwk.Key` here unless you are 100% sure that all keys that you
have provided are instances of `jwk.Key` (remember that the
jwx API allows users to specify a raw key such as *rsa.PublicKey)
- ident: InferAlgorithmFromKey
interface: WithKeySetSuboption
argument_type: bool
comment: |
WithInferAlgorithmFromKey specifies whether the JWS signing algorithm name
should be inferred by looking at the provided key, in case the JWS
message or the key does not have a proper `alg` header.
Compared to providing explicit `alg` from the key this is slower, and
verification may fail to verify if some how our heuristics are wrong
or outdated.
Also, automatic detection of signature verification methods are always
more vulnerable for potential attack vectors.
It is highly recommended that you fix your key to contain a proper `alg`
header field instead of resorting to using this option, but sometimes
it just needs to happen.
- ident: UseDefault
interface: WithKeySetSuboption
argument_type: bool
comment: |
WithUseDefault specifies that if and only if a jwk.Key contains
exactly one jwk.Key, that tkey should be used.
(I think this should be removed)
- ident: RequireKid
interface: WithKeySetSuboption
argument_type: bool
comment: |
WithRequiredKid specifies whether the keys in the jwk.Set should
only be matched if the target JWS message's Key ID and the Key ID
in the given key matches.
- ident: MultipleKeysPerKeyID
interface: WithKeySetSuboption
argument_type: bool
comment: |
WithMultipleKeysPerKeyID specifies if we should expect multiple keys
to match against a key ID. By default it is assumed that key IDs are
unique, i.e. for a given key ID, the key set only contains a single
key that has the matching ID. When this option is set to true,
multiple keys that match the same key ID in the set can be tried.
- ident: Pretty
interface: WithJSONSuboption
argument_type: bool
comment: |
WithPretty specifies whether the JSON output should be formatted and
indented
- ident: KeyProvider
interface: VerifyOption
argument_type: KeyProvider
- ident: Context
interface: VerifyOption
argument_type: context.Context
- ident: ProtectedHeaders
interface: WithKeySuboption
argument_type: Headers
comment: |
WithProtected is used with `jws.WithKey()` option when used with `jws.Sign()`
to specify a protected header to be attached to the JWS signature.
It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
- ident: PublicHeaders
interface: WithKeySuboption
argument_type: Headers
comment: |
WithPublic is used with `jws.WithKey()` option when used with `jws.Sign()`
to specify a public header to be attached to the JWS signature.
It has no effect if used when `jws.WithKey()` is passed to `jws.Verify()`
`jws.Sign()` will result in an error if `jws.WithPublic()` is used
and the serialization format is compact serialization.
- ident: FS
interface: ReadFileOption
argument_type: fs.FS
comment: |
WithFS specifies the source `fs.FS` object to read the file from.
View Git Blame Copy Permalink