github.com/ethereum/go-ethereum@v1.16.1/node/jwt_auth.go (about) 1 // Copyright 2022 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package node 18 19 import ( 20 "fmt" 21 "net/http" 22 "time" 23 24 "github.com/ethereum/go-ethereum/rpc" 25 "github.com/golang-jwt/jwt/v4" 26 ) 27 28 // NewJWTAuth creates an rpc client authentication provider that uses JWT. The 29 // secret MUST be 32 bytes (256 bits) as defined by the Engine-API authentication spec. 30 // 31 // See https://github.com/ethereum/execution-apis/blob/main/src/engine/authentication.md 32 // for more details about this authentication scheme. 33 func NewJWTAuth(jwtsecret [32]byte) rpc.HTTPAuth { 34 return func(h http.Header) error { 35 token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ 36 "iat": &jwt.NumericDate{Time: time.Now()}, 37 }) 38 s, err := token.SignedString(jwtsecret[:]) 39 if err != nil { 40 return fmt.Errorf("failed to create JWT token: %w", err) 41 } 42 h.Set("Authorization", "Bearer "+s) 43 return nil 44 } 45 }