auth

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2024 License: MIT Imports: 36 Imported by: 6

README

Authz module

This repository provides all necessary pieces for FOXDEN/CHESS authentication and authorization. It covers kerberos and JWT tokens, it provides necessary middleware for gin framework, etc.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var OAuthProviders map[string]Provider

OAuthProviders contains maps of all participated providers

Functions

func BearerToken added in v0.1.0

func BearerToken(r *http.Request) string

Helper function to extract bearer token from http request

func CodeChallenge added in v0.3.9

func CodeChallenge(verifier string) string

CodeChallenge generates code challenge from the code verifier (SHA256 + base64 URL encoding)

func CodeVerifier added in v0.3.9

func CodeVerifier() string

CodeVerifier generates a random code verifier of 43-128 characters

func FacebookCallBack added in v0.0.3

func FacebookCallBack(ctx *gin.Context, endpoint string, verbose int)

FacebookCallBack provides gin handler for facebook callback to given endpoint

func FacebookOauthLogin added in v0.0.3

func FacebookOauthLogin(ctx *gin.Context, verbose int)

FacebookOauthLogin provides gin handler for facebook oauth login

func GithubCallBack added in v0.0.3

func GithubCallBack(ctx *gin.Context, endpoint string, verbose int)

GithubCallBack provides gin handler for github callback to given endpoint

func GithubOauthLogin added in v0.0.3

func GithubOauthLogin(ctx *gin.Context, verbose int)

GithubOauthLogin provides gin handler for github oauth login

func GoogleCallBack added in v0.0.3

func GoogleCallBack(ctx *gin.Context, endpoint string, verbose int)

GoogleCallBack provides gin handler for google callback to given endpoint

func GoogleOauthLogin added in v0.0.3

func GoogleOauthLogin(ctx *gin.Context, verbose int)

GoogleOauthLogin provides gin handler for google oauth login

func Init

func Init(providers []string, verbose int)

Init initializes map of OAuth providers

func JWTAccessToken added in v0.0.2

func JWTAccessToken(secretKey string, expiresAt int64, customClaims CustomClaims) (string, error)

JWTAccessToken generates JWT access token with custom claims https://blog.canopas.com/jwt-in-golang-how-to-implement-token-based-authentication-298c89a26ffd

func RandomBytes added in v0.3.6

func RandomBytes(size int, seed int64) []byte

RandomBytes generates random bytes from given size and seed

func RandomString added in v0.3.6

func RandomString(size int, seed int64) string

RandomString generates random string using given seed and size

func ReadSecret added in v0.3.6

func ReadSecret(r string) string

ReadSecret provides unified way to read secret either from provided file or a string, and fall back to a default value if string is empty

func RequestToken added in v0.0.1

func RequestToken(r *http.Request) string

RequestToken gets token from http request

func ScopeTokenMiddleware added in v0.0.2

func ScopeTokenMiddleware(scope, clientId string, verbose int) gin.HandlerFunc

ScopeTokenMiddleware provides token validation with specific scope

func UserCredentials added in v0.0.1

func UserCredentials(r *http.Request) (string, error)

UserCredentials inspect http request and return user credentials from its token

Types

type Certs

type Certs struct {
	Keys []Keys
}

Certs represents structure of JWKS uri

type Claims

type Claims struct {
	jwt.RegisteredClaims
	CustomClaims CustomClaims `json:"custom_claims"`
}

Claims defines our JWT claims

func TokenClaims added in v0.0.1

func TokenClaims(accessToken, clientId string) (*Claims, error)

TokenClaims returns token claims

type CustomClaims added in v0.0.2

type CustomClaims struct {
	User        string   `json:"user"`
	Scope       string   `json:"scope"`
	Kind        string   `json:"kind"`
	Roles       []string `json:"roles"`
	Application string   `json:"application"`
}

CustomClaims defines application specific claims

func (*CustomClaims) String added in v0.0.2

func (c *CustomClaims) String() string

String provides string representations of Custom claims

type Kerberos added in v0.0.1

type Kerberos struct {
	User   string
	Scope  string
	Ticket []byte
}

Kerberos defines kerberos structure we use

func (*Kerberos) Credentials added in v0.0.1

func (k *Kerberos) Credentials() (*credentials.Credentials, error)

helper function to check user credentials for POST requests

type Keys

type Keys struct {
	Kid     string   `json:"kid"`
	Kty     string   `json:"kty"`
	Alg     string   `json:"alg"`
	Use     string   `json:"use"`
	N       string   `json:"n"`
	E       string   `json:"e"`
	X5c     []string `json:"x5c"`
	X5y     string   `json:"x5y"`
	Xt5S256 string   `json:"x5t#S256"`
}

JWKSKeys struct represent structure of JWKS Keys

type OpenIDConfiguration

type OpenIDConfiguration struct {
	Issuer                string   `json:"issuer"`
	AuthorizationEndpoint string   `json:"authorization_endpoint"`
	TokenEndpoint         string   `json:"token_endpoint"`
	IntrospectionEndpoint string   `json:"introspection_endpoint"`
	UserInfoEndpoint      string   `json:"userinfo_endpoint"`
	EndSessionEndpoint    string   `json:"end_session_endpoint"`
	JWKSUri               string   `json:"jwks_uri"`
	ClaimsSupported       []string `json:"claims_supported"`
	ScopeSupported        []string `json:"scopes_supported"`
	RevocationEndpoint    string   `json:"revocation_endpoint"`
}

OpenIDConfiguration holds configuration for OpenID Provider

type Provider

type Provider struct {
	URL           string              // provider url
	Configuration OpenIDConfiguration // provider OpenID configuration
	PublicKeys    []publicKey         // Public keys of the provider
	JWKSBody      []byte              // jwks body content of the provider
}

Provider holds all information about given provider

func (*Provider) Init

func (p *Provider) Init(purl string, verbose int) error

Init function initialize provider configuration

func (*Provider) String

func (p *Provider) String() string

String provides string representation of provider

type Token

type Token struct {
	AccessToken string `json:"access_token"`
	Expires     int64  `json:"expires_in"`
	Scope       string `json:"scope"`
	TokenType   string `json:"token_type"`
}

Token represents access token structure

func (*Token) Validate

func (t *Token) Validate(clientId string) error

Validate performs token validation

type TokenAttributes

type TokenAttributes struct {
	Subject      string `json:"sub"`           // token subject
	Audiences    string `json:"aud"`           // token audience
	Issuer       string `json:"iss"`           // token issuer
	UserName     string `json:"username"`      // user name
	Active       bool   `json:"active"`        // is token active or not
	SessionState string `json:"session_state"` // session state fields
	ClientID     string `json:"clientId"`      // client id
	Email        string `json:"email"`         // client email address
	Scope        string `json:"scope"`         // scope of the token
	Expiration   int64  `json:"exp"`           // token expiration
	ClientHost   string `json:"clientHost"`    // client host
}

TokenAttributes contains structure of access token attributes

func InspectToken

func InspectToken(provider Provider, token string, verbose int) (TokenAttributes, error)

InspectToken extracts token attributes

func InspectTokenProviders

func InspectTokenProviders(token string, providers []string, verbose int) (TokenAttributes, error)

InspectTokenProviders inspects token against all participated providers and return TokenAttributes

type TokenInfo

type TokenInfo struct {
	AccessToken   string `json:"access_token"`       // access token
	AccessExpire  int64  `json:"expires_in"`         // access token expiration
	RefreshToken  string `json:"refresh_token"`      // refresh token
	RefreshExpire int64  `json:"refresh_expires_in"` // refresh token expireation
	IDToken       string `json:"id_token"`           // id token
}

TokenInfo contains information about all tokens

func (*TokenInfo) String

func (t *TokenInfo) String() string

String convert TokenInfo into html snippet

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL