MCPcopy
hub / github.com/golang-jwt/jwt / Validator

Struct Validator

validator.go:36–72  ·  validator.go::Validator

Validator is the core of the new Validation API. It is automatically used by a [Parser] during parsing and can be modified with various parser options. The [NewValidator] function should be used to create an instance of this struct.

Source from the content-addressed store, hash-verified

34// The [NewValidator] function should be used to create an instance of this
35// struct.
36type Validator struct {
37 // leeway is an optional leeway that can be provided to account for clock skew.
38 leeway time.Duration
39
40 // timeFunc is used to supply the current time that is needed for
41 // validation. If unspecified, this defaults to time.Now.
42 timeFunc func() time.Time
43
44 // requireExp specifies whether the exp claim is required
45 requireExp bool
46
47 // requireNbf specifies whether the nbf claim is required
48 requireNbf bool
49
50 // verifyIat specifies whether the iat (Issued At) claim will be verified.
51 // According to https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 this
52 // only specifies the age of the token, but no validation check is
53 // necessary. However, if wanted, it can be checked if the iat is
54 // unrealistic, i.e., in the future.
55 verifyIat bool
56
57 // expectedAud contains the audience this token expects. Supplying an empty
58 // slice will disable aud checking.
59 expectedAud []string
60
61 // expectAllAud specifies whether all expected audiences must be present in
62 // the token. If false, only one of the expected audiences must be present.
63 expectAllAud bool
64
65 // expectedIss contains the issuer this token expects. Supplying an empty
66 // string will disable iss checking.
67 expectedIss string
68
69 // expectedSub contains the subject this token expects. Supplying an empty
70 // string will disable sub checking.
71 expectedSub string
72}
73
74// NewValidator can be used to create a stand-alone validator with the supplied
75// options. This validator can then be used to validate already parsed claims.

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected