// ComputeDetachedSignature takes content and token details and computes a detached // JWS signature. This is described in Appendix F of RFC 7515. Basically, this // is a regular JWS with the content part of the signature elided. func ComputeDetachedSignature(content, tokenID, tokenSecret string) (string, error) { … } // stripContent will remove the content part of a compact JWS // // The `go-jose` library doesn't support generating signatures with "detached" // content. To make up for this we take the full compact signature, break it // apart and put it back together without the content section. func stripContent(fullSig string) (string, error) { … } // DetachedTokenIsValid checks whether a given detached JWS-encoded token matches JWS output of the given content and token func DetachedTokenIsValid(detachedToken, content, tokenID, tokenSecret string) bool { … }