Sign signs a token and returns it as a string.
(ctx context.Context, s SigningKeyProvider, claims Claims)
| 56 | |
| 57 | // Sign signs a token and returns it as a string. |
| 58 | func Sign(ctx context.Context, s SigningKeyProvider, claims Claims) (string, error) { |
| 59 | id, key, err := s.SigningKey(ctx) |
| 60 | if err != nil { |
| 61 | return "", xerrors.Errorf("get signing key: %w", err) |
| 62 | } |
| 63 | |
| 64 | signer, err := jose.NewSigner(jose.SigningKey{ |
| 65 | Algorithm: SigningAlgo, |
| 66 | Key: key, |
| 67 | }, &jose.SignerOptions{ |
| 68 | ExtraHeaders: map[jose.HeaderKey]interface{}{ |
| 69 | keyIDHeaderKey: id, |
| 70 | }, |
| 71 | }) |
| 72 | if err != nil { |
| 73 | return "", xerrors.Errorf("new signer: %w", err) |
| 74 | } |
| 75 | |
| 76 | payload, err := json.Marshal(claims) |
| 77 | if err != nil { |
| 78 | return "", xerrors.Errorf("marshal claims: %w", err) |
| 79 | } |
| 80 | |
| 81 | signed, err := signer.Sign(payload) |
| 82 | if err != nil { |
| 83 | return "", xerrors.Errorf("sign payload: %w", err) |
| 84 | } |
| 85 | |
| 86 | compact, err := signed.CompactSerialize() |
| 87 | if err != nil { |
| 88 | return "", xerrors.Errorf("compact serialize: %w", err) |
| 89 | } |
| 90 | |
| 91 | return compact, nil |
| 92 | } |
| 93 | |
| 94 | // VerifyOptions are options for verifying a JWT. |
| 95 | type VerifyOptions struct { |