Validate validates the given claims. It will also perform any custom validation if claims implements the [ClaimsValidator] interface. Note: It will NOT perform any *signature verification* on the token that contains the claims and expects that the [Claim] was already successfully verified.
(claims Claims)
| 93 | // contains the claims and expects that the [Claim] was already successfully |
| 94 | // verified. |
| 95 | func (v *Validator) Validate(claims Claims) error { |
| 96 | var ( |
| 97 | now time.Time |
| 98 | errs = make([]error, 0, 6) |
| 99 | err error |
| 100 | ) |
| 101 | |
| 102 | // Check, if we have a time func |
| 103 | if v.timeFunc != nil { |
| 104 | now = v.timeFunc() |
| 105 | } else { |
| 106 | now = time.Now() |
| 107 | } |
| 108 | |
| 109 | // We always need to check the expiration time, but usage of the claim |
| 110 | // itself is OPTIONAL by default. requireExp overrides this behavior |
| 111 | // and makes the exp claim mandatory. |
| 112 | if err = v.verifyExpiresAt(claims, now, v.requireExp); err != nil { |
| 113 | errs = append(errs, err) |
| 114 | } |
| 115 | |
| 116 | // We always need to check not-before, but usage of the claim itself is |
| 117 | // OPTIONAL by default. requireNbf overrides this behavior and makes |
| 118 | // the nbf claim mandatory. |
| 119 | if err = v.verifyNotBefore(claims, now, v.requireNbf); err != nil { |
| 120 | errs = append(errs, err) |
| 121 | } |
| 122 | |
| 123 | // Check issued-at if the option is enabled |
| 124 | if v.verifyIat { |
| 125 | if err = v.verifyIssuedAt(claims, now, false); err != nil { |
| 126 | errs = append(errs, err) |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | // If we have an expected audience, we also require the audience claim |
| 131 | if len(v.expectedAud) > 0 { |
| 132 | if err = v.verifyAudience(claims, v.expectedAud, v.expectAllAud); err != nil { |
| 133 | errs = append(errs, err) |
| 134 | } |
| 135 | } |
| 136 | |
| 137 | // If we have an expected issuer, we also require the issuer claim |
| 138 | if v.expectedIss != "" { |
| 139 | if err = v.verifyIssuer(claims, v.expectedIss, true); err != nil { |
| 140 | errs = append(errs, err) |
| 141 | } |
| 142 | } |
| 143 | |
| 144 | // If we have an expected subject, we also require the subject claim |
| 145 | if v.expectedSub != "" { |
| 146 | if err = v.verifySubject(claims, v.expectedSub, true); err != nil { |
| 147 | errs = append(errs, err) |
| 148 | } |
| 149 | } |
| 150 | |
| 151 | // Finally, we want to give the claim itself some possibility to do some |
| 152 | // additional custom validation based on a custom Validate function. |