authorize

Documentation

Index

• func IsRequestAuthorized(req *http.Request, a Authorizer, headerName string) error
• type Authorizer
  • func New(ctx context.Context, config Config) (Authorizer, error)
• type Condition
  • func AND(conditions ...Condition) Condition
  • func Contains(perms string) Condition
  • func OR(conditions ...Condition) Condition
• type Config

Functions

func IsRequestAuthorized

func IsRequestAuthorized(req *http.Request, a Authorizer, headerName string) error

Types

type Authorizer

type Authorizer interface {
	// Returns nil if token gives authority for the user.
	IsAuthorized(ctx context.Context, token string) error
}

func New

func New(ctx context.Context, config Config) (Authorizer, error)

type Condition

type Condition func(tokenPerms []string) bool

Condition is just bool condition for whitelisting token perms.

func AND

func AND(conditions ...Condition) Condition

AND is an array of conditions with logic AND. If no condition is passed it returns false.

func Contains

func Contains(perms string) Condition

Contains is an condition that returns true token perms contains given permission.

func OR

func OR(conditions ...Condition) Condition

OR is an array of conditions with logic OR. If no condition is passed it returns false.

type Config

type Config struct {
	// OIDC issuer url.
	Provider string
	// Expected Audience of the token. For a majority of the cases this is expected to be
	// the ID of the client that initialized the login flow. It may occasionally differ if
	// the provider supports the authorizing party (azp) claim.
	ClientID string
	// Claim name that contains user permissions (sometimes called 'group')
	PermsClaim string

	// Permission condition that will authorize token.
	PermCondition Condition
}

Config is an authorize configuration. TODO(bplotka): Add proper unmarshaller/marshaller for that data struct.