auth

package

v0.1.0 Latest Latest Go to latest Published: Jun 16, 2022 License: GPL-3.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package auth provides authentication and authorization support.

View Source

const (
	RoleAdmin = "ADMIN"
	RoleUser  = "USER"
)

These are the expected values for Claims.Roles.

View Source

var ErrForbidden = errors.New("attempted action is not allowed")

ErrForbidden is returned when a auth issue is identified.

func SetClaims(ctx context.Context, claims Claims) context.Context

SetClaims stores the claims in the context.

type Auth struct {
	// contains filtered or unexported fields
}

Auth is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.

func New(activeKID string, keyLookup KeyLookup) (*Auth, error)

New creates an Auth to support authentication/authorization.

func (a *Auth) GenerateToken(claims Claims) (string, error)

GenerateToken generates a signed JWT token string representing the user Claims.

func (a *Auth) ValidateToken(tokenStr string) (Claims, error)

ValidateToken recreates the Claims that were used to generate a token. It verifies that the token was signed using our key.

type Claims struct {
	jwt.RegisteredClaims
	Roles []string `json:"roles"`
}

Claims represents the authorization claims transmitted via a JWT.

func GetClaims(ctx context.Context) (Claims, error)

GetClaims returns the claims from the context.

func (c Claims) Authorized(roles ...string) bool

Authorized returns true if the claims has at least one of the provided roles.

type KeyLookup interface {
	PrivateKey(kid string) (*rsa.PrivateKey, error)
	PublicKey(kid string) (*rsa.PublicKey, error)
}

KeyLookup declares a method set of behavior for looking up private and public keys for JWT use.