Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/matelang/jwt-go-aws-kms

AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library
https://github.com/matelang/jwt-go-aws-kms

aws golang jwt kms

Last synced: about 2 months ago
JSON representation

AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library

Awesome Lists containing this project

README

        

# AWS KMS adapter for golang-jwt/jwt-go library
This library provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library
[golang-jwt/jwt-go](https://github.com/golang-jwt/jwt).

It will *Sign* a JWT token using an asymmetric key stored in AWS KMS.

Verification can be done both using KMS *Verify* method or locally with a cached public key (default).

The minimum supported GoLang version is `1.20`, since `github.com/aws/aws-sdk-go-v2 v1.28.0` fails to build with anything older.

# Supported key types
| Signature Algorithm | JWT `alg` | Note |
|---------------------------|-----------|-----------------------------------|
| ECC_NIST_P256 | ES256 | |
| ECC_NIST_P384 | ES384 | |
| ECC_NIST_P521 | ES512 | |
| ECC_SECG_P256K1 | - | secp256k1 is not supported by JWT |
| RSASSA_PKCS1_V1_5_SHA_256 | RS256 | |
| RSASSA_PKCS1_V1_5_SHA_384 | RS384 | |
| RSASSA_PKCS1_V1_5_SHA_512 | RS512 | |
| RSASSA_PSS_SHA_256 | PS256 | |
| RSASSA_PSS_SHA_384 | PS384 | |
| RSASSA_PSS_SHA_512 | PS512 | |

# Usage example
See [example.go](./example/example.go)

## Special thanks
Shouting out to:

* [dgrijalva](https://github.com/dgrijalva)

for the easy to extend GoLang JWT Library

* [golang-jwt](https://github.com/golang-jwt)

for taking over the project from dgrijalva

* [Mikael Gidmark](https://stackoverflow.com/users/300598/mikael-gidmark)

AWS KMS ECC returns the signature in DER-encoded object as defined by ANS X9.62–2005 as
mentioned [here](https://stackoverflow.com/a/66205185/8195214)

* [codelittinc](https://github.com/codelittinc)

for their DER to (R,S) and (R,S) to DER methods
found [here](https://github.com/codelittinc/gobitauth/blob/master/sign.go#L70)

* [karalabe](https://github.com/karalabe)

for reviewing my code

* [gkelly](https://github.com/gkelly)

for various contributions especially around the library's unit testability