Documentation
¶
Index ¶
- type Auth
- type AuthApi
- type AuthConfig
- type AuthInfo
- func (auth *AuthInfo) FromClaims(claims jwt.MapClaims)
- func (auth *AuthInfo) FromDNSName(dnsName string)
- func (auth *AuthInfo) FromDNSNames(dnsNames []string)
- func (auth *AuthInfo) Merge(other *AuthInfo) error
- func (auth *AuthInfo) Validate() error
- func (auth *AuthInfo) ValidateAudience(audience string) bool
- func (auth *AuthInfo) ValidateResource(resource string) bool
- func (auth *AuthInfo) ValidateResources(resources []string) ([]string, bool)
- func (auth *AuthInfo) ValidateScope(scope string) bool
- func (auth *AuthInfo) ValidateScopes(scopes []string) ([]string, bool)
- type ClientCertFunc
- type CtxKey
- type JwtAuth
- type JwtAuthConfig
- type JwtTokenFunc
- type JwtVerifyKey
- type MtlsAuth
- type MtlsAuthConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
Authes []AuthApi
}
func NewAuth ¶
func NewAuth(config *AuthConfig) *Auth
type AuthConfig ¶
type AuthConfig struct {
Jwt JwtAuthConfig `embed:"" prefix:"jwt-" help:"JWT auth config"`
Mtls MtlsAuthConfig `embed:"" prefix:"mtls-" help:"MTLS auth config"`
}
type AuthInfo ¶
type AuthInfo struct {
Subject string
Audiences []string
ScopeEnabled bool
Scopes []string
ResourceEnabled bool
Resources []string
Uuid string
}
func (*AuthInfo) FromClaims ¶
func (auth *AuthInfo) FromClaims(claims jwt.MapClaims)
func (*AuthInfo) FromDNSName ¶
func (*AuthInfo) FromDNSNames ¶
func (*AuthInfo) ValidateAudience ¶
func (*AuthInfo) ValidateResource ¶
func (*AuthInfo) ValidateResources ¶
func (*AuthInfo) ValidateScope ¶
type ClientCertFunc ¶
type ClientCertFunc func(ctx context.Context) (*x509.Certificate, error)
type JwtAuth ¶
type JwtAuth struct {
Config *JwtAuthConfig
TokenFunc JwtTokenFunc
}
func NewJwtAuth ¶
func NewJwtAuth(config *JwtAuthConfig, tokenFunc JwtTokenFunc) *JwtAuth
type JwtAuthConfig ¶
type JwtAuthConfig struct {
Enabled bool `default:"false"`
Audience string `help:"The client name registered in the JWT provider"`
JwtVerifyKey `embed:"" prefix:"verify-key-" validate:"required_if=Enabled true"`
}
type JwtVerifyKey ¶
type JwtVerifyKey struct {
Types []string `enum:"ES256,ES384,ES512,EdDSA" help:"The type of the key to use for verification"`
Files []string `validate:"samelen=Types" type:"file" help:"The path to the key file to use for verification"`
// contains filtered or unexported fields
}
func (*JwtVerifyKey) LoadVerifyKey ¶
func (k *JwtVerifyKey) LoadVerifyKey(token *jwt.Token) (interface{}, error)
func (*JwtVerifyKey) ResetKey ¶
func (k *JwtVerifyKey) ResetKey()
type MtlsAuth ¶
type MtlsAuth struct {
Config *MtlsAuthConfig
ClientCertFunc ClientCertFunc
}
func NewMtlsAuth ¶
func NewMtlsAuth(config *MtlsAuthConfig, clientCertFunc ClientCertFunc) *MtlsAuth
type MtlsAuthConfig ¶
type MtlsAuthConfig struct {
Enabled bool `negatable:"true" help:"Enable mutual tls auth"`
// TrustedCA string `name:"trusted-ca" validate:"required_if=Enabled true,omitempty,file" help:"Path to the server trusted ca certs"`
BaseDomain string `help:"The base domain of client cert"`
ScopeEnabled bool `negatable:"true" help:"Should we load scopes from client cert"`
ResourceEnabled bool `negatable:"true" help:"Should we load resources from client cert"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.