Skip to content

Latest commit

 

History

History
214 lines (199 loc) · 5.87 KB

README.md

File metadata and controls

214 lines (199 loc) · 5.87 KB

jwt-go-auth

This Go module generates JWTs using RSA encryption, tailored to specific services and purposes as defined in a policy file. It dynamically adjusts token claims based on the policy, including permissions and conditions for the token's use, then signs it with a private RSA key. The token's expiration is set according to the specified duration.

The function structure is:

GenerateToken(policyPath string, serviceName string, purpose string, keyPath string, expirationInHours time.Duration)

The key should be an RSA private key and the JSON structure of the policy should be:

{
  "services": [
    {
      "service1": {
        "purpose1": {
          "allowed":
          {
            "field1": [
              "string"
            ],
            "field2": [
              "string"
            ],
            "field3": [
              "string"
            ]
          },
          "generalized":
          {
            "field1": [
              "string",
              "parameter if necessary"
            ],
            "field2": [
              "string",
              "parameter if necessary"
            ],
            "field3": [
              "string",
              "parameter if necessary"
            ]
          },
          "noised":
          {
            "field1": [
              "string",
              "parameter if necessary"
            ],
            "field2": [
              "string",
              "parameter if necessary"

            ],
            "field3": [
              "string",
              "parameter if necessary"
            ]
          },
          "reduced":
          {
            "field1": [
              "string",
              "parameter if necessary"
            ],
            "field2": [
              "string",
              "parameter if necessary"
            ],
            "field3": [
              "string",
              "parameter if necessary"
            ]
          }
        },
        "purpose2": {
          ...
        }
      },
      "service2": {
        ...
      },
      ...
  ]
}

Example: You can find an example here.

Citation

To cite the preprint version of the paper to appear in the Proceedings of the 24th International Conference on Web Engineering (ICWE 2024), use the following BibTeX entry:

@InProceedings{loechel2024hookin,
      author={Louis Loechel and Siar-Remzi Akbayin and Elias Grünewald and Jannis Kiesel and Inga Strelnikova and Thomas Janke and Frank Pallas},
      editor={Stefanidis, Kostas and Systa, Kari and Matera, Maristella and Heil, Sebastian and Kondylakis, Haridimos and Quintarelli, Elisa},
      title={{Hook-in Privacy Techniques for gRPC-based Microservice Communication}}, 
      year={2024},
      publisher="Springer Nature Switzerland",
      address="Cham",
      note={to appear in the Proceedings of the 24th International Conference on Web Engineering (ICWE 2024)},
      eprint={2404.05598},
      archivePrefix={arXiv},
      primaryClass={cs.CR},
}

Usage

To use this module run:

go get -u github.com/Siar-Akbayin/[email protected]

and add this import statement to your Go file:

import ("github.com/Siar-Akbayin/jwt-go-auth")

Testing

The test.go file contains a test for the GenerateToken function. It uses the policy.json file and the private key provided in this repo. The provided test generates the following token:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJwb2xpY3kiOnsiYWxsb3dlZCI6e30sImdlbmVyYWxpemVkIjp7ImNpdHkiOlsic3RyaW5nIiwiMiJdLCJjcmVkaXRfY2FyZF9jdnYiOlsiaW50IiwiMyJdLCJjcmVkaXRfY2FyZF9leHBpcmF0aW9uX3llYXIiOlsiaW50IiwiMTAiXSwiY3JlZGl0X2NhcmRfbnVtYmVyIjpbInN0cmluZyIsIjUiXSwiemlwX2NvZGUiOlsiaW50IiwiOCJdfSwibm9pc2VkIjp7ImFnZSI6WyJpbnQiLCJMYXBsYWNlIl0sImNyZWRpdF9jYXJkX2V4cGlyYXRpb25fbW9udGgiOlsiaW50IiwiTGFwbGFjZSJdLCJzdHJlZXRfbmFtZSI6WyJzdHJpbmciLCJMYXBsYWNlIl0sInN0cmVldF9udW1iZXIiOlsiaW50IiwiTGFwbGFjZSJdfSwicmVkdWNlZCI6eyJjb3VudHJ5IjpbInN0cmluZyIsIjMiXSwiZW1haWwiOlsic3RyaW5nIiwiNCJdLCJuYW1lIjpbInN0cmluZyIsIjQiXSwicGhvbmUiOlsic3RyaW5nIiwiMyJdfX0sImlzcyI6InRva2VuR2VuZXJhdG9yIiwiZXhwIjoxNzA3NDgzNzg4fQ.H-m005YL06s5ZcMeyhda9EX20tjzZv1RSpC7W32EPA-MplKGT7bmU4n8Kwntfr-yGi9Xv8vhqqDjjBUjhuHiKs9kzeBwhsDhzsB2j-W5C1V6NWsrCEZFcw0_w35jGVv1EhTC02qcPoPbfthzM2_6rWmcJX1IDeQDQu4ZwdUOWdYU3i4nw6HwDJIfUbNSdr9bPQ0RX50HT4xWuKX2KaG7OAYcn_i2tawmaJ7gcMDsNZFiO8DuyzeuoPePafMumDQbArDNL0_PdwWCqZddQbFtUl8M0auQDUBnFJlIC75afC09aH3JdjhMWU-hIoz8m26v-2T57Zr0P705thEJWoh1IA

The content can be decoded using a JWT decoder, such as jwt.io.

In this case it looks like this: HEADER

{
  "alg": "RS256",
  "typ": "JWT"
}

PAYLOAD

{
  "policy": {
    "allowed": {},
    "generalized": {
      "city": [
        "string",
        "2"
      ],
      "credit_card_cvv": [
        "int",
        "3"
      ],
      "credit_card_expiration_year": [
        "int",
        "10"
      ],
      "credit_card_number": [
        "string",
        "5"
      ],
      "zip_code": [
        "int",
        "8"
      ]
    },
    "noised": {
      "age": [
        "int",
        "Laplace"
      ],
      "credit_card_expiration_month": [
        "int",
        "Laplace"
      ],
      "street_name": [
        "string",
        "Laplace"
      ],
      "street_number": [
        "int",
        "Laplace"
      ]
    },
    "reduced": {
      "country": [
        "string",
        "3"
      ],
      "email": [
        "string",
        "4"
      ],
      "name": [
        "string",
        "4"
      ],
      "phone": [
        "string",
        "3"
      ]
    }
  },
  "iss": "tokenGenerator",
  "exp": 1707483788
}

Furthermore, you can verify the signature by copying the public key from the public.pem file and the private key from the key.pem file and pasting them into the "Verify Signature" section of the jwt.io website.