Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/matelang/jwt-go-aws-kms

AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library
https://github.com/matelang/jwt-go-aws-kms

aws golang jwt kms

Last synced: 16 days ago
JSON representation

AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library

Host: GitHub
URL: https://github.com/matelang/jwt-go-aws-kms
Owner: matelang
License: mit
Created: 2021-04-14T12:27:16.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-04-09T12:30:52.000Z (7 months ago)
Last Synced: 2024-04-10T08:41:52.430Z (7 months ago)
Topics: aws, golang, jwt, kms
Language: Go
Homepage:
Size: 44.9 KB
Stars: 28
Watchers: 2
Forks: 16
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # AWS KMS adapter for golang-jwt/jwt-go library

This library provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library

[golang-jwt/jwt-go](https://github.com/golang-jwt/jwt).

It will *Sign* a JWT token using an asymmetric key stored in AWS KMS.

Verification can be done both using KMS *Verify* method or locally with a cached public key (default).

The minimum supported GoLang version is `1.20`, since `github.com/aws/aws-sdk-go-v2 v1.28.0` fails to build with anything older.

# Supported key types

| Signature Algorithm       | JWT `alg` | Note                              |

|---------------------------|-----------|-----------------------------------|

| ECC_NIST_P256             | ES256     |                                   |

| ECC_NIST_P384             | ES384     |                                   |

| ECC_NIST_P521             | ES512     |                                   |

| ECC_SECG_P256K1           | -         | secp256k1 is not supported by JWT |

| RSASSA_PKCS1_V1_5_SHA_256 | RS256     |                                   |

| RSASSA_PKCS1_V1_5_SHA_384 | RS384     |                                   |

| RSASSA_PKCS1_V1_5_SHA_512 | RS512     |                                   |

| RSASSA_PSS_SHA_256        | PS256     |                                   |

| RSASSA_PSS_SHA_384        | PS384     |                                   |

| RSASSA_PSS_SHA_512        | PS512     |                                   |

# Usage example

See [example.go](./example/example.go)

## Special thanks

Shouting out to:

* [dgrijalva](https://github.com/dgrijalva)

  for the easy to extend GoLang JWT Library

* [golang-jwt](https://github.com/golang-jwt)

  for taking over the project from dgrijalva

* [Mikael Gidmark](https://stackoverflow.com/users/300598/mikael-gidmark)

  AWS KMS ECC returns the signature in DER-encoded object as defined by ANS X9.62–2005 as

  mentioned [here](https://stackoverflow.com/a/66205185/8195214)

* [codelittinc](https://github.com/codelittinc)

  for their DER to (R,S) and (R,S) to DER methods

  found [here](https://github.com/codelittinc/gobitauth/blob/master/sign.go#L70)

* [karalabe](https://github.com/karalabe)

  for reviewing my code

  

* [gkelly](https://github.com/gkelly)

  for various contributions especially around the library's unit testability