Documentation ¶
Index ¶
- Constants
- func Contains(a []string, x string) bool
- type APICustomError
- type Authenticate
- type AuthenticationHandler
- type AuthenticationMiddleWare
- type Authorization
- type Claims
- type EnforcerConfig
- type EnforcerConfigPermission
- type JWT
- type Permission
- type PermissionClaim
- type Refresh
- type RequestModeEnum
Constants ¶
const (
// KeyRealm is used as realm key constant
KeyRealm = "realm"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type APICustomError ¶
type APICustomError struct { Code int `json:"code"` Message string `json:"message"` Result string `json:"result"` }
APICustomError holds message and statusCode for api errors
func (APICustomError) Error ¶
func (apiError APICustomError) Error() string
Error stringifies the APIError
type Authenticate ¶
type Authenticate struct { ClientID string `json:"clientID"` ClientSecret string `json:"clientSecret"` Realm string `json:"realm,omitempty"` Scope string `json:"scope,omitempty"` UserName *string `json:"username,omitempty"` Password *string `json:"password,omitempty"` }
Authenticate holds authentication information
type AuthenticationHandler ¶
type AuthenticationHandler interface { AuthenticateClient(Authenticate) (*JWT, error) AuthenticateUser(Authenticate) (*JWT, error) RefreshToken(Refresh) (*JWT, error) }
AuthenticationHandler is used to authenticate with the api
func NewAuthenticationHandler ¶
func NewAuthenticationHandler(ctx context.Context, gocloakClient *gocloak.GoCloak, realm *string) AuthenticationHandler
NewAuthenticationHandler instantiates a new AuthenticationHandler Setting realm is optional noinspection GoUnusedExportedFunction
type AuthenticationMiddleWare ¶
type AuthenticationMiddleWare interface { // DecodeAndValidateToken Decodes the token and checks if it is valid DecodeAndValidateToken(next echo.HandlerFunc) echo.HandlerFunc CheckToken(next echo.HandlerFunc) echo.HandlerFunc // CheckTokenCustomHeader The following 2 methods need higher permissions of the client in the realm CheckTokenCustomHeader(next echo.HandlerFunc) echo.HandlerFunc CheckScope(next echo.HandlerFunc) echo.HandlerFunc Protect(next echo.HandlerFunc) echo.HandlerFunc Enforcer(requestData *EnforcerConfig) echo.MiddlewareFunc }
AuthenticationMiddleWare is used to validate the JWT
func NewDirectGrantMiddleware ¶
func NewDirectGrantMiddleware(ctx context.Context, gocloak *gocloak.GoCloak, realm, clientID, clientSecret, allowedScope string, customHeaderName *string) AuthenticationMiddleWare
NewDirectGrantMiddleware instantiates a new AuthenticationMiddleWare when using the Keycloak Direct Grant aka Resource Owner Password Credentials Flow
see https://www.keycloak.org/docs/latest/securing_apps/index.html#_resource_owner_password_credentials_flow and https://tools.ietf.org/html/rfc6749#section-4.3 for more information about this flow noinspection GoUnusedExportedFunction
type Authorization ¶
type Authorization struct {
Permissions []Permission `json:"permissions,omitempty"`
}
type Claims ¶
type Claims struct { Typ string `json:"typ,omitempty"` Azp string `json:"azp,omitempty"` AuthTime int `json:"auth_time,omitempty"` SessionState string `json:"session_state,omitempty"` Acr string `json:"acr,omitempty"` AllowedOrigins []string `json:"allowed-origins,omitempty"` RealmAccess jwx.RealmAccess `json:"realm_access,omitempty"` ResourceAccess jwx.ResourceAccess `json:"resource_access,omitempty"` Scope string `json:"scope,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` Address jwx.Address `json:"address,omitempty"` Name string `json:"name,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` GivenName string `json:"given_name,omitempty"` FamilyName string `json:"family_name,omitempty"` Email string `json:"email,omitempty"` ClientID string `json:"clientId,omitempty"` ClientHost string `json:"clientHost,omitempty"` ClientIP string `json:"clientAddress,omitempty"` Authorization Authorization `json:"authorization,omitempty"` }
type EnforcerConfig ¶
type EnforcerConfig struct { Audience string Postfix string Prefix string Permissions []EnforcerConfigPermission ResponseMode *RequestModeEnum }
type JWT ¶
type JWT struct { AccessToken string `json:"accessToken"` ExpiresIn int `json:"expiresIn"` RefreshExpiresIn int `json:"refreshExpiresIn"` RefreshToken string `json:"refreshToken"` TokenType string `json:"tokenType"` NotBeforePolicy int `json:"notBeforePolicy"` SessionState string `json:"sessionState"` Scope string `json:"scope"` }
JWT is a JWT
type Permission ¶
type PermissionClaim ¶
type PermissionClaim struct { Id string // contains filtered or unexported fields }
type Refresh ¶
type Refresh struct { ClientID string `json:"clientID"` ClientSecret string `json:"clientSecret"` Realm string `json:"realm,omitempty"` RefreshToken string `json:"refreshToken,omitempty"` }
Refresh is used to refresh the JWT
type RequestModeEnum ¶
type RequestModeEnum string
const ( PermissionRequestMode RequestModeEnum = "permission" DecisionRequestMode RequestModeEnum = "decision" )