package_name: jwt output: jwt/options_gen.go interfaces: - name: GlobalOption comment: | GlobalOption describes an Option that can be passed to `Settings()`. - name: EncryptOption comment: | EncryptOption describes an Option that can be passed to (jwt.Serializer).Encrypt - name: ParseOption methods: - parseOption - readFileOption comment: | ParseOption describes an Option that can be passed to `jwt.Parse()`. ParseOption also implements ReadFileOption, therefore it may be safely pass them to `jwt.ReadFile()` - name: SignOption comment: | SignOption describes an Option that can be passed to `jwt.Sign()` or (jwt.Serializer).Sign - name: SignParseOption methods: - signOption - parseOption - readFileOption comment: | SignParseOption describes an Option that can be passed to both `jwt.Sign()` or `jwt.Parse()` - name: SignEncryptParseOption methods: - parseOption - encryptOption - readFileOption - signOption comment: | SignEncryptParseOption describes an Option that can be passed to both `jwt.Sign()` or `jwt.Parse()` - name: ValidateOption methods: - parseOption - readFileOption - validateOption comment: | ValidateOption describes an Option that can be passed to Validate(). ValidateOption also implements ParseOption, therefore it may be safely passed to `Parse()` (and thus `jwt.ReadFile()`) - name: ReadFileOption comment: | ReadFileOption is a type of `Option` that can be passed to `jws.ReadFile` - name: GlobalValidateOption methods: - globalOption - parseOption - readFileOption - validateOption comment: | GlobalValidateOption describes an Option that can be passed to `jwt.Settings()` and `jwt.Validate()` options: - ident: AcceptableSkew interface: ValidateOption argument_type: time.Duration comment: | WithAcceptableSkew specifies the duration in which exp, iat and nbf claims may differ by. This value should be positive - ident: Truncation interface: GlobalValidateOption argument_type: time.Duration comment: | WithTruncation specifies the amount that should be used when truncating time values used during time-based validation routines, and by default this is disabled. In v2 of this library, time values were truncated down to second accuracy, i.e. 1.0000001 seconds is truncated to 1 second. To restore this behavior, set this value to `time.Second` Since v3, this option can be passed to `jwt.Settings()` to set the truncation value globally, as well as per invocation of `jwt.Validate()` - ident: Clock interface: ValidateOption argument_type: Clock comment: | WithClock specifies the `Clock` to be used when verifying exp, iat and nbf claims. - ident: Context interface: ValidateOption argument_type: context.Context comment: | WithContext allows you to specify a context.Context object to be used with `jwt.Validate()` option. Please be aware that in the next major release of this library, `jwt.Validate()`'s signature will change to include an explicit `context.Context` object. - ident: ResetValidators interface: ValidateOption argument_type: bool comment: | WithResetValidators specifies that the default validators should be reset before applying the custom validators. By default `jwt.Validate()` checks for the validity of JWT by checking `exp`, `nbf`, and `iat`, even when you specify more validators through other options. You SHOULD NOT use this option unless you know exactly what you are doing, as this will pose significant security issues when used incorrectly. Using this option with the value `true` will remove all default checks, and will expect you to specify validators as options. This is useful when you want to skip the default validators and only use specific validators, such as for https://openid.net/specs/openid-connect-rpinitiated-1_0.html, where the token could be accepted even if the token is expired. If you set this option to true and you do not specify any validators, `jwt.Validate()` will return an error. The default value is `false` (`iat`, `exp`, and `nbf` are automatically checked). - ident: FlattenAudience interface: GlobalOption argument_type: bool comment: | WithFlattenAudience specifies the the `jwt.FlattenAudience` option on every token defaults to enabled. You can still disable this on a per-object basis using the `jwt.Options().Disable(jwt.FlattenAudience)` method call. See the documentation for `jwt.TokenOptionSet`, `(jwt.Token).Options`, and `jwt.FlattenAudience` for more details - ident: FormKey interface: ParseOption argument_type: string comment: | WithFormKey is used to specify header keys to search for tokens. While the type system allows this option to be passed to jwt.Parse() directly, doing so will have no effect. Only use it for HTTP request parsing functions - ident: HeaderKey interface: ParseOption argument_type: string comment: | WithHeaderKey is used to specify header keys to search for tokens. While the type system allows this option to be passed to `jwt.Parse()` directly, doing so will have no effect. Only use it for HTTP request parsing functions - ident: Cookie interface: ParseOption argument_type: '**http.Cookie' comment: | WithCookie is used to specify a variable to store the cookie used when `jwt.ParseCookie()` is called. This allows you to inspect the cookie for additional information after a successful parsing of the JWT token stored in the cookie. While the type system allows this option to be passed to `jwt.Parse()` directly, doing so will have no effect. Only use it for HTTP request parsing functions - ident: CookieKey interface: ParseOption argument_type: string comment: | WithCookieKey is used to specify cookie keys to search for tokens. While the type system allows this option to be passed to `jwt.Parse()` directly, doing so will have no effect. Only use it for HTTP request parsing functions - ident: Token interface: ParseOption argument_type: Token comment: | WithToken specifies the token instance in which the resulting JWT is stored when parsing JWT tokens - ident: Validate interface: ParseOption argument_type: bool comment: | WithValidate is passed to `Parse()` method to denote that the validation of the JWT token should be performed (or not) after a successful parsing of the incoming payload. This option is enabled by default. If you would like disable validation, you must use `jwt.WithValidate(false)` or use `jwt.ParseInsecure()` - ident: Verify interface: ParseOption argument_type: bool comment: | WithVerify is passed to `Parse()` method to denote that the signature verification should be performed after a successful deserialization of the incoming payload. This option is enabled by default. If you do not provide any verification key sources, `jwt.Parse()` would return an error. If you would like to only parse the JWT payload and not verify it, you must use `jwt.WithVerify(false)` or use `jwt.ParseInsecure()` - ident: KeyProvider interface: ParseOption argument_type: jws.KeyProvider comment: | WithKeyProvider allows users to specify an object to provide keys to sign/verify tokens using arbitrary code. Please read the documentation for `jws.KeyProvider` in the `jws` package for details on how this works. - ident: Pedantic interface: ParseOption argument_type: bool comment: | WithPedantic enables pedantic mode for parsing JWTs. Currently this only applies to checking for the correct `typ` and/or `cty` when necessary. - ident: EncryptOption interface: EncryptOption argument_type: jwe.EncryptOption comment: | WithEncryptOption provides an escape hatch for cases where extra options to `(jws.Serializer).Encrypt()` must be specified when using `jwt.Sign()`. Normally you do not need to use this. - ident: SignOption interface: SignOption argument_type: jws.SignOption comment: | WithSignOption provides an escape hatch for cases where extra options to `jws.Sign()` must be specified when using `jwt.Sign()`. Normally you do not need to use this. - ident: Validator interface: ValidateOption argument_type: Validator comment: | WithValidator validates the token with the given Validator. For example, in order to validate tokens that are only valid during August, you would write validator := jwt.ValidatorFunc(func(_ context.Context, t jwt.Token) error { if time.Now().Month() != 8 { return fmt.Errorf(`tokens are only valid during August!`) } return nil }) err := jwt.Validate(token, jwt.WithValidator(validator)) - ident: FS interface: ReadFileOption argument_type: fs.FS comment: | WithFS specifies the source `fs.FS` object to read the file from. - ident: NumericDateParsePrecision interface: GlobalOption argument_type: int comment: | WithNumericDateParsePrecision sets the precision up to which the library uses to parse fractional dates found in the numeric date fields. Default is 0 (second, no fractions), max is 9 (nanosecond) - ident: NumericDateFormatPrecision interface: GlobalOption argument_type: int comment: | WithNumericDateFormatPrecision sets the precision up to which the library uses to format fractional dates found in the numeric date fields. Default is 0 (second, no fractions), max is 9 (nanosecond) - ident: NumericDateParsePedantic interface: GlobalOption argument_type: bool comment: | WithNumericDateParsePedantic specifies if the parser should behave in a pedantic manner when parsing numeric dates. Normally this library attempts to interpret timestamps as a numeric value representing number of seconds (with an optional fractional part), but if that fails it tries to parse using a RFC3339 parser. This allows us to parse payloads from non-conforming servers. However, when you set WithNumericDateParePedantic to `true`, the RFC3339 parser is not tried, and we expect a numeric value strictly - ident: Base64Encoder interface: SignParseOption argument_type: jws.Base64Encoder comment: | WithBase64Encoder specifies the base64 encoder to use for signing tokens and verifying JWS signatures.