1package jwt 2 3import ( 4 "encoding/json" 5 "errors" 6 // "fmt" 7) 8 9// Claims type that uses the map[string]interface{} for JSON decoding 10// This is the default claims type if you don't supply one 11type MapClaims map[string]interface{} 12 13// Compares the aud claim against cmp. 14// If required is false, this method will return true if the value matches or is unset 15func (m MapClaims) VerifyAudience(cmp string, req bool) bool { 16 aud, _ := m["aud"].(string) 17 return verifyAud(aud, cmp, req) 18} 19 20// Compares the exp claim against cmp. 21// If required is false, this method will return true if the value matches or is unset 22func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool { 23 switch exp := m["exp"].(type) { 24 case float64: 25 return verifyExp(int64(exp), cmp, req) 26 case json.Number: 27 v, _ := exp.Int64() 28 return verifyExp(v, cmp, req) 29 } 30 return req == false 31} 32 33// Compares the iat claim against cmp. 34// If required is false, this method will return true if the value matches or is unset 35func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool { 36 switch iat := m["iat"].(type) { 37 case float64: 38 return verifyIat(int64(iat), cmp, req) 39 case json.Number: 40 v, _ := iat.Int64() 41 return verifyIat(v, cmp, req) 42 } 43 return req == false 44} 45 46// Compares the iss claim against cmp. 47// If required is false, this method will return true if the value matches or is unset 48func (m MapClaims) VerifyIssuer(cmp string, req bool) bool { 49 iss, _ := m["iss"].(string) 50 return verifyIss(iss, cmp, req) 51} 52 53// Compares the nbf claim against cmp. 54// If required is false, this method will return true if the value matches or is unset 55func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool { 56 switch nbf := m["nbf"].(type) { 57 case float64: 58 return verifyNbf(int64(nbf), cmp, req) 59 case json.Number: 60 v, _ := nbf.Int64() 61 return verifyNbf(v, cmp, req) 62 } 63 return req == false 64} 65 66// Validates time based claims "exp, iat, nbf". 67// There is no accounting for clock skew. 68// As well, if any of the above claims are not in the token, it will still 69// be considered a valid claim. 70func (m MapClaims) Valid() error { 71 vErr := new(ValidationError) 72 now := TimeFunc().Unix() 73 74 if m.VerifyExpiresAt(now, false) == false { 75 vErr.Inner = errors.New("Token is expired") 76 vErr.Errors |= ValidationErrorExpired 77 } 78 79 if m.VerifyIssuedAt(now, false) == false { 80 vErr.Inner = errors.New("Token used before issued") 81 vErr.Errors |= ValidationErrorIssuedAt 82 } 83 84 if m.VerifyNotBefore(now, false) == false { 85 vErr.Inner = errors.New("Token is not valid yet") 86 vErr.Errors |= ValidationErrorNotValidYet 87 } 88 89 if vErr.valid() { 90 return nil 91 } 92 93 return vErr 94} 95