Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/matelang/jwt-go-aws-kms
AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library
https://github.com/matelang/jwt-go-aws-kms
aws golang jwt kms
Last synced: about 2 months ago
JSON representation
AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library
- Host: GitHub
- URL: https://github.com/matelang/jwt-go-aws-kms
- Owner: matelang
- License: mit
- Created: 2021-04-14T12:27:16.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-04-09T12:30:52.000Z (9 months ago)
- Last Synced: 2024-04-10T08:41:52.430Z (9 months ago)
- Topics: aws, golang, jwt, kms
- Language: Go
- Homepage:
- Size: 44.9 KB
- Stars: 28
- Watchers: 2
- Forks: 16
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# AWS KMS adapter for golang-jwt/jwt-go library
This library provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library
[golang-jwt/jwt-go](https://github.com/golang-jwt/jwt).It will *Sign* a JWT token using an asymmetric key stored in AWS KMS.
Verification can be done both using KMS *Verify* method or locally with a cached public key (default).
The minimum supported GoLang version is `1.20`, since `github.com/aws/aws-sdk-go-v2 v1.28.0` fails to build with anything older.
# Supported key types
| Signature Algorithm | JWT `alg` | Note |
|---------------------------|-----------|-----------------------------------|
| ECC_NIST_P256 | ES256 | |
| ECC_NIST_P384 | ES384 | |
| ECC_NIST_P521 | ES512 | |
| ECC_SECG_P256K1 | - | secp256k1 is not supported by JWT |
| RSASSA_PKCS1_V1_5_SHA_256 | RS256 | |
| RSASSA_PKCS1_V1_5_SHA_384 | RS384 | |
| RSASSA_PKCS1_V1_5_SHA_512 | RS512 | |
| RSASSA_PSS_SHA_256 | PS256 | |
| RSASSA_PSS_SHA_384 | PS384 | |
| RSASSA_PSS_SHA_512 | PS512 | |# Usage example
See [example.go](./example/example.go)## Special thanks
Shouting out to:* [dgrijalva](https://github.com/dgrijalva)
for the easy to extend GoLang JWT Library
* [golang-jwt](https://github.com/golang-jwt)
for taking over the project from dgrijalva
* [Mikael Gidmark](https://stackoverflow.com/users/300598/mikael-gidmark)
AWS KMS ECC returns the signature in DER-encoded object as defined by ANS X9.62–2005 as
mentioned [here](https://stackoverflow.com/a/66205185/8195214)* [codelittinc](https://github.com/codelittinc)
for their DER to (R,S) and (R,S) to DER methods
found [here](https://github.com/codelittinc/gobitauth/blob/master/sign.go#L70)* [karalabe](https://github.com/karalabe)
for reviewing my code
* [gkelly](https://github.com/gkelly)for various contributions especially around the library's unit testability