jwt

func Parse ¶

func Parse(key ed25519.PrivateKey, tokenString string, issuer string) (jwt.MapClaims, error)

func ParseES256 ¶ added in v0.3.2

func ParseES256(key *ecdsa.PublicKey, tokenString, issuer, audience string) (jwt.MapClaims, error)

ParseES256 parses and validates a JWT signed with ES256 (ECDSA P-256) algorithm. This is required for Apple Sign In which mandates ES256. issuer and audience are typically validated, while subject is optional (pass empty string to skip).

func ParseEdDSA ¶ added in v0.2.0

func ParseEdDSA(key ed25519.PrivateKey, tokenString string, issuer string) (jwt.MapClaims, error)

func ParseHS256 ¶ added in v0.2.0

func ParseHS256(secret []byte, tokenString string, issuer string) (jwt.MapClaims, error)

func Sign ¶

func Sign(key ed25519.PrivateKey, claims map[string]any, issuer string, d time.Duration) (string, error)

Sign using EdDSA

func SignES256 ¶ added in v0.3.2

func SignES256(
	key *ecdsa.PrivateKey, issuer, audience, subject string, d time.Duration, claims map[string]any,
) (string, error)

SignES256 signs a JWT using ES256 (ECDSA P-256) algorithm. This is required for Apple Sign In which mandates ES256. Pass empty string for issuer, audience, or subject to omit them from the token.

func SignEdDSA ¶ added in v0.2.0

func SignEdDSA(key ed25519.PrivateKey, claims map[string]any, issuer string, d time.Duration) (string, error)

SignEdDSA (Edwards-curve Digital Signature Algorithm, typically Ed25519) is an excellent, modern choice for JWT signing—arguably safer and more efficient than both HS256 and traditional RSA/ECDSA.

func SignHS256 ¶ added in v0.2.0

func SignHS256(secret []byte, claims map[string]any, issuer string, d time.Duration) (string, error)