Documentation ¶
Overview ¶
This file contains code taken from github.com/team-carepay/traefik-jwt-plugin We would like to simply use github.com/go-jose/go-jose/v3 for the JWKS instead but traefik's yaegi interpreter messes up the unmarshalling.
Index ¶
- func FetchJWKS(url string) (map[string]interface{}, error)
- func JWKThumbprint(jwk JSONWebKey) string
- func New(_ context.Context, next http.Handler, config *Config, name string) (http.Handler, error)
- func SetupSecret(secret string) (interface{}, error)
- type Config
- type JSONWebKey
- type JSONWebKeySet
- type JWTPlugin
- func (plugin *JWTPlugin) GetKey(token *jwt.Token) (interface{}, error)
- func (plugin *JWTPlugin) IsValidIssuer(issuer string) bool
- func (plugin *JWTPlugin) ServeHTTP(response http.ResponseWriter, request *http.Request)
- func (plugin *JWTPlugin) Validate(request *http.Request, variables *TemplateVariables) (int, error)
- func (plugin *JWTPlugin) ValidateClaim(claim string, claims jwt.MapClaims, requirements []Requirement, ...) bool
- type Requirement
- type TemplateRequirement
- type TemplateVariables
- type ValueRequirement
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func JWKThumbprint ¶
func JWKThumbprint(jwk JSONWebKey) string
JWKThumbprint creates a JWK thumbprint out of pub as specified in https://tools.ietf.org/html/rfc7638.
func SetupSecret ¶
Types ¶
type Config ¶
type Config struct { ValidMethods []string Issuers []string Secret string `json:"secret,omitempty"` Require map[string]interface{} `json:"require,omitempty"` Optional bool `json:"optional,omitempty"` RedirectForbidden string `json:"redirectForbidden,omitempty"` CookieName string `json:"cookieName,omitempty"` HeaderName string `json:"headerName,omitempty"` ParameterName string `json:"parameterName,omitempty"` HeaderMap map[string]string `json:"headerMap,omitempty"` ForwardToken bool `json:"forwardToken,omitempty"` Freshness int64 `json:"freshness,omitempty"` }
Config is the configuration for the plugin.
func CreateConfig ¶
func CreateConfig() *Config
CreateConfig creates the default plugin configuration.
type JSONWebKey ¶
type JSONWebKey struct { Kid string `json:"kid"` Kty string `json:"kty"` Alg string `json:"alg"` Use string `json:"use"` X5c []string `json:"x5c"` X5t string `json:"x5t"` N string `json:"n"` E string `json:"e"` K string `json:"k,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` D string `json:"d,omitempty"` P string `json:"p,omitempty"` Q string `json:"q,omitempty"` Dp string `json:"dp,omitempty"` Dq string `json:"dq,omitempty"` Qi string `json:"qi,omitempty"` Crv string `json:"crv,omitempty"` }
JSONWebKey is a JSON web key returned by the JWKS request.
type JSONWebKeySet ¶
type JSONWebKeySet struct {
Keys []JSONWebKey `json:"keys"`
}
JSONWebKeySet represents a set of JSON web keys.
type JWTPlugin ¶
type JWTPlugin struct {
// contains filtered or unexported fields
}
JWTPlugin is a traefik middleware plugin that authorizes access based on JWT tokens.
func (*JWTPlugin) GetKey ¶
GetKey gets the key for the given key ID from the plugin's key cache. If the key isn't present and the iss is valid according to the plugin's configuration, all keys for the iss are fetched and the key is looked up again.
func (*JWTPlugin) IsValidIssuer ¶
IsValidIssuer returns true if the issuer is allowed by the Issers configuration.
func (*JWTPlugin) ServeHTTP ¶
func (plugin *JWTPlugin) ServeHTTP(response http.ResponseWriter, request *http.Request)
ServeHTTP is the middleware entry point.
func (*JWTPlugin) Validate ¶
Validate validates the request and returns the HTTP status code or an error if the request is not valid. It also sets any headers that should be forwarded to the backend.
func (*JWTPlugin) ValidateClaim ¶
func (plugin *JWTPlugin) ValidateClaim(claim string, claims jwt.MapClaims, requirements []Requirement, variables *TemplateVariables) bool
ValidateClaim
type Requirement ¶
type Requirement interface {
Validate(value interface{}, variables *TemplateVariables) bool
}
Requirement is a requirement for a claim.
type TemplateRequirement ¶
type TemplateRequirement struct {
// contains filtered or unexported fields
}
TemplateRequirement is a dynamic requirement for a claim that uses a template that needs interpolating per request.
func (TemplateRequirement) Validate ¶
func (requirement TemplateRequirement) Validate(value interface{}, variables *TemplateVariables) bool
Validate interpolates the requirement template with the given variables and then delegates to ValueRequirement.
type TemplateVariables ¶
TemplateVariables are the per-request variables passed to Go templates for interpolation, such as the require and redirect templates.
type ValueRequirement ¶
type ValueRequirement struct {
// contains filtered or unexported fields
}
ValueRequirement is a requirement for a claim that is a known value.
func (ValueRequirement) Validate ¶
func (requirement ValueRequirement) Validate(value interface{}, variables *TemplateVariables) bool
Validate checks value against the requirement, calling ourself recursively for object and array values. variables is required in the interface and passed on recusrively by ultimately ignored bu ValueRequirement having been already interpolated by TemplateRequirement
func (ValueRequirement) ValidateNested ¶
func (requirement ValueRequirement) ValidateNested(value interface{}) bool
ValidateNested checks value against the nested requirement