auth

package

v1.3.5 Latest Latest Go to latest Published: Dec 20, 2019 License: Apache-2.0 Imports: 15 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/NYTimes/gizmo

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetAuthorizationToken(r *http.Request) (string, error)
type ClaimSetter
type ClaimsDecoderFunc
type JSONKey
type JSONKeyResponse
type PublicKeySet
- func NewPublicKeySetFromJSON(payload []byte, ttl time.Duration) (PublicKeySet, error)
- func NewPublicKeySetFromURL(hc *http.Client, url string, defaultTTL time.Duration) (PublicKeySet, error)
- func (ks PublicKeySet) Expired() bool
- func (ks PublicKeySet) GetKey(id string) (*rsa.PublicKey, error)
type PublicKeySource
- func NewReusePublicKeySource(ks PublicKeySet, src PublicKeySource) PublicKeySource
type Verifier
- func NewVerifier(ks PublicKeySource, df ClaimsDecoderFunc, vf VerifyFunc) *Verifier
type VerifyFunc

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrBadCreds = errors.New("bad credentials")

ErrBadCreds will always be wrapped when a user's credentials are unexpected. This is so that we can distinguish between a client error from a server error

View Source

var TimeNow = func() time.Time { return time.Now() }

TimeNow is used internally to determine the current time. It has been abstracted to this global function as a mechanism to help with testing.

Functions ¶

func GetAuthorizationToken ¶ added in v1.3.0

func GetAuthorizationToken(r *http.Request) (string, error)

GetAuthorizationToken will pull the Authorization header from the given request and attempt to retrieve the token within it.

Types ¶

type ClaimSetter ¶

type ClaimSetter interface {
	BaseClaims() *jws.ClaimSet
}

ClaimSetter is an interface for all incoming claims to implement. This ensures the basic format used by the `jws` package.

type ClaimsDecoderFunc ¶

type ClaimsDecoderFunc func(context.Context, []byte) (ClaimSetter, error)

ClaimsDecoderFunc will expect to convert a JSON payload into the appropriate claims type.

type JSONKey ¶

type JSONKey struct {
	Kty string `json:"kty"`
	Alg string `json:"alg"`
	Use string `json:"use"`
	Kid string `json:"kid"`
	N   string `json:"n"`
	E   string `json:"e"`
}

JSONKey represents a public or private key in JWK format.

type JSONKeyResponse ¶

type JSONKeyResponse struct {
	Keys []*JSONKey `json:"keys"`
}

JSONKeyResponse represents a JWK Set object.

type PublicKeySet ¶

type PublicKeySet struct {
	Expiry time.Time
	Keys   map[string]*rsa.PublicKey
}

PublicKeySet contains a set of keys acquired from a JWKS that has an expiration.

func NewPublicKeySetFromJSON ¶

func NewPublicKeySetFromJSON(payload []byte, ttl time.Duration) (PublicKeySet, error)

NewPublicKeySetFromJSON will accept a JSON payload in the format of the JSONKeyResponse and parse it into a PublicKeySet.

func NewPublicKeySetFromURL ¶

func NewPublicKeySetFromURL(hc *http.Client, url string, defaultTTL time.Duration) (PublicKeySet, error)

NewPublicKeySetFromURL will attempt to fetch a JWKS from the given URL and parse it into a PublicKeySet. The endpoint the URL points to must return the same format as the JSONKeyResponse struct.

func (PublicKeySet) Expired ¶

func (ks PublicKeySet) Expired() bool

Expired will return true if the current key set is expire according to its Expiry field.

func (PublicKeySet) GetKey ¶

func (ks PublicKeySet) GetKey(id string) (*rsa.PublicKey, error)

GetKey will look for the given key ID in the key set and return it, if it exists.

type PublicKeySource ¶

type PublicKeySource interface {
	Get(context.Context) (PublicKeySet, error)
}

PublicKeySource is to be used by servers who need to acquire public key sets for verifying inbound request's JWTs.

func NewReusePublicKeySource ¶

func NewReusePublicKeySource(ks PublicKeySet, src PublicKeySource) PublicKeySource

NewReusePublicKeySource is a wrapper around PublicKeySources to only fetch a new key set once the current key cache has expired.

type Verifier ¶

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier is a generic tool for verifying JWT tokens.

func NewVerifier ¶

func NewVerifier(ks PublicKeySource, df ClaimsDecoderFunc, vf VerifyFunc) *Verifier

NewVerifier returns a genric Verifier that will use the given funcs and key source.

func (Verifier) Verify ¶

func (c Verifier) Verify(ctx context.Context, token string) (bool, error)

Verify will accept an opaque JWT token, decode it and verify it.

func (Verifier) VerifyInboundKitContext ¶

func (c Verifier) VerifyInboundKitContext(ctx context.Context) (bool, error)

VerifyInboundKitContext is meant to be used within a go-kit stack that has populated the context with common headers, specficially kit/transport/http.ContextKeyRequestAuthorization.

func (Verifier) VerifyRequest ¶ added in v1.2.6

func (c Verifier) VerifyRequest(r *http.Request) (bool, error)

VerifyRequest will pull the token from the "Authorization" header of the inbound request then decode and verify it.

type VerifyFunc ¶

type VerifyFunc func(context.Context, interface{}) bool

VerifyFunc will be called by the Verify if all other checks on the token pass. Developers should use this to encapsulate any business logic involved with token verification.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
gcp

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL