MCPcopy
hub / github.com/golang-jwt/jwt / Validate

Method Validate

validator.go:95–165  ·  view source on GitHub ↗

Validate validates the given claims. It will also perform any custom validation if claims implements the [ClaimsValidator] interface. Note: It will NOT perform any *signature verification* on the token that contains the claims and expects that the [Claim] was already successfully verified.

(claims Claims)

Source from the content-addressed store, hash-verified

93// contains the claims and expects that the [Claim] was already successfully
94// verified.
95func (v *Validator) Validate(claims Claims) error {
96 var (
97 now time.Time
98 errs = make([]error, 0, 6)
99 err error
100 )
101
102 // Check, if we have a time func
103 if v.timeFunc != nil {
104 now = v.timeFunc()
105 } else {
106 now = time.Now()
107 }
108
109 // We always need to check the expiration time, but usage of the claim
110 // itself is OPTIONAL by default. requireExp overrides this behavior
111 // and makes the exp claim mandatory.
112 if err = v.verifyExpiresAt(claims, now, v.requireExp); err != nil {
113 errs = append(errs, err)
114 }
115
116 // We always need to check not-before, but usage of the claim itself is
117 // OPTIONAL by default. requireNbf overrides this behavior and makes
118 // the nbf claim mandatory.
119 if err = v.verifyNotBefore(claims, now, v.requireNbf); err != nil {
120 errs = append(errs, err)
121 }
122
123 // Check issued-at if the option is enabled
124 if v.verifyIat {
125 if err = v.verifyIssuedAt(claims, now, false); err != nil {
126 errs = append(errs, err)
127 }
128 }
129
130 // If we have an expected audience, we also require the audience claim
131 if len(v.expectedAud) > 0 {
132 if err = v.verifyAudience(claims, v.expectedAud, v.expectAllAud); err != nil {
133 errs = append(errs, err)
134 }
135 }
136
137 // If we have an expected issuer, we also require the issuer claim
138 if v.expectedIss != "" {
139 if err = v.verifyIssuer(claims, v.expectedIss, true); err != nil {
140 errs = append(errs, err)
141 }
142 }
143
144 // If we have an expected subject, we also require the subject claim
145 if v.expectedSub != "" {
146 if err = v.verifySubject(claims, v.expectedSub, true); err != nil {
147 errs = append(errs, err)
148 }
149 }
150
151 // Finally, we want to give the claim itself some possibility to do some
152 // additional custom validation based on a custom Validate function.

Callers 2

Test_Validator_ValidateFunction · 0.95
TestVerifyAudFunction · 0.95

Calls 8

verifyExpiresAtMethod · 0.95
verifyNotBeforeMethod · 0.95
verifyIssuedAtMethod · 0.95
verifyAudienceMethod · 0.95
verifyIssuerMethod · 0.95
verifySubjectMethod · 0.95
joinErrorsFunction · 0.85
ValidateMethod · 0.65

Tested by 2

Test_Validator_ValidateFunction · 0.76
TestVerifyAudFunction · 0.76