1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
package examples_test
import (
"fmt"
"github.com/lestrrat-go/jwx/v2/jwa"
"github.com/lestrrat-go/jwx/v2/jwk"
"github.com/lestrrat-go/jwx/v2/jws"
"github.com/lestrrat-go/jwx/v2/jwt"
)
func Example_jws_use_header() {
key, err := jwk.FromRaw([]byte(`abracadabra`))
if err != nil {
fmt.Printf(`failed to create new symmetric key: %s`, err)
return
}
key.Set(jws.KeyIDKey, `secret-key`)
tok, err := jwt.NewBuilder().
Issuer(`github.com/lestrrat-go/jwx`).
Build()
if err != nil {
fmt.Printf(`failed to build token: %s`, err)
return
}
signed, err := jwt.Sign(tok, jwt.WithKey(jwa.HS256, key))
if err != nil {
fmt.Printf(`failed to sign token: %s`, err)
return
}
msg, err := jws.Parse(signed)
if err != nil {
fmt.Printf(`failed to parse serialized JWT: %s`, err)
return
}
// While JWT enveloped with JWS in compact format only has 1 signature,
// a generic JWS message may have multiple signatures. Therefore, we
// need to access the first element
fmt.Printf("%q\n", msg.Signatures()[0].ProtectedHeaders().KeyID())
// OUTPUT:
// "secret-key"
}
|
