@@ -826,6 +826,69 @@ To use it, import the sub-package for the object you want to operate on.
826826| [ ` github.com/jwx-go/jwxfilter/v4/openidfilter ` ] ( https://github.com/jwx-go/jwxfilter/tree/develop/v4/openidfilter ) | ` openid.Token ` (OpenID Connect Core 1.0 claims) |
827827
828828<!-- INCLUDE(examples/jwt_filter_basic_example_test.go) -->
829+ ``` go
830+ package examples_test
831+
832+ import (
833+ " fmt"
834+ " time"
835+
836+ " github.com/jwx-go/jwxfilter/v4/jwtfilter"
837+ " github.com/lestrrat-go/jwx/v4/jwt"
838+ )
839+
840+ func Example_jwt_filter_basic_claims () {
841+ // Create a token with standard and custom claims.
842+ token , err := jwt.NewBuilder ().
843+ Issuer (" github.com/lestrrat-go/jwx" ).
844+ Subject (" jwt_filter_example" ).
845+ Audience ([]string {" developers" , " users" }).
846+ IssuedAt (time.Unix (1234567890 , 0 )).
847+ Expiration (time.Unix (1234567890 +3600 , 0 )).
848+ Claim (" customClaim" , " customValue" ).
849+ Claim (" applicationRole" , " admin" ).
850+ Claim (" department" , " engineering" ).
851+ Build ()
852+ if err != nil {
853+ fmt.Printf (" failed to build token: %s \n " , err)
854+ return
855+ }
856+
857+ // Filters live in the companion module github.com/jwx-go/jwxfilter/v4.
858+ // They were moved out of core in v4 because sign / verify / parse do
859+ // not depend on them. jwtfilter.ByName builds a filter that matches
860+ // the specified claim names; the returned jwxfilter.Filter[jwt.Token]
861+ // has Filter(token) and Reject(token) methods.
862+ customFilter := jwtfilter.ByName (" customClaim" , " applicationRole" , " department" )
863+
864+ // Filter returns a fresh token containing only the matching claims.
865+ if _ , err := customFilter.Filter (token); err != nil {
866+ fmt.Printf (" failed to filter custom claims: %s \n " , err)
867+ return
868+ }
869+ // Reject returns a fresh token with the matching claims removed.
870+ if _ , err := customFilter.Reject (token); err != nil {
871+ fmt.Printf (" failed to reject custom claims: %s \n " , err)
872+ return
873+ }
874+
875+ // jwtfilter.Standard() is a preset filter targeting the seven RFC 7519
876+ // claims (aud, exp, iat, iss, jti, nbf, sub). Filter keeps only them;
877+ // Reject keeps only non-standard (custom) claims.
878+ if _, err = jwtfilter.Standard ().Filter (token); err != nil {
879+ fmt.Printf (" failed to filter standard claims: %s \n " , err)
880+ return
881+ }
882+
883+ if _, err = jwtfilter.Standard ().Reject (token); err != nil {
884+ fmt.Printf (" failed to reject standard claims: %s \n " , err)
885+ return
886+ }
887+
888+ // OUTPUT:
889+ }
890+ ```
891+ source: [ examples/jwt_filter_basic_example_test.go] ( https://github.com/jwx-go/examples/blob/v4/jwt_filter_basic_example_test.go )
829892<!-- END INCLUDE -->
830893
831894See the [ module README] ( https://github.com/jwx-go/jwxfilter ) for the full list of filter constructors and the ` AsMap ` helper, and [ ` examples/ ` ] ( https://github.com/jwx-go/examples ) for ` jws ` / ` jwe ` / ` jwk ` counterparts (` jws_filter_basic_example_test.go ` , ` jwe_filter_basic_example_test.go ` , ` jwk_filter_basic_example_test.go ` ).
0 commit comments