validator

Documentation

Index

• Constants
• Variables
• type Option
  • func CacheExpiry(expiry time.Duration) Option
  • func CacheSize(maxCacheSize int) Option
  • func ClientID(clientID string) Option
  • func GraphGetter(clientID, clientSecret, tenantName string) Option
  • func GroupsClaim(group string) Option
  • func IssuerURL(issuerURL string) Option
  • func UsernameClaim(username string) Option
• type Validator
  • func New(options ...Option) (*Validator, error)
  • func (v *Validator) Validate(ctx context.Context, review *authenticationapi.TokenReview) (*authenticationapi.TokenReview, error)

Constants

const (
	// DefaultMaxCacheMemory is the default amount of memory (in MB) to allocate to the cache
	DefaultMaxCacheMemory = 1024
	// DefaultCacheDuration is the default life of a cache entry
	DefaultCacheDuration = 1 * time.Hour
	// DefaultIssuerURL is the default URL for Okta
	DefaultIssuerURL = "https://example.oktapreview.com"
	// DefaultUsernameClaim is the default claim used to obtain the username
	DefaultUsernameClaim = "email"
	// DefaultGroupsClaim is the default claim used to obtain the groups
	DefaultGroupsClaim = "groups"
)

Variables

var (
	// ErrorClaimNotFound indicates the given key was not found in the claims
	ErrorClaimNotFound = fmt.Errorf("Claim not found")
	// ErrorInvalidToken means we were unable to validate a given token
	ErrorInvalidToken = fmt.Errorf("Invalid token")
)

Types

type Option

type Option func(*Validator) error

Option represents an option for Validator. This returns an error in case we want to do more advanced option stuff in the future

func CacheExpiry

func CacheExpiry(expiry time.Duration) Option

CacheExpiry sets the max cache size

func CacheSize

func CacheSize(maxCacheSize int) Option

CacheSize sets the max cache size

func ClientID

func ClientID(clientID string) Option

ClientID sets the OIDC issuer URL

func GraphGetter

func GraphGetter(clientID, clientSecret, tenantName string) Option

GraphGetter takes a client ID and secret to log in to the MS Graph API for additional user information

func GroupsClaim

func GroupsClaim(group string) Option

GroupsClaim sets a group claim for a validator

func IssuerURL

func IssuerURL(issuerURL string) Option

IssuerURL sets the OIDC issuer URL

func UsernameClaim

func UsernameClaim(username string) Option

UsernameClaim sets a username claim for a validator

type Validator

type Validator struct {
	// contains filtered or unexported fields
}

Validator is used to validate an ID token and cache group responses

func New

func New(options ...Option) (*Validator, error)

New creates a new validator object

func (*Validator) Validate

func (v *Validator) Validate(ctx context.Context, review *authenticationapi.TokenReview) (*authenticationapi.TokenReview, error)

Validate takes a TokenReview request with the Token field set and validates the token. It returns a fully populated TokenReview request with all user information or an error if there was a validation error. This also requires a context to be passed (generally that of the request)