Documentation ¶
Index ¶
- type Auth
- type AuthApi
- type AuthConfig
- type AuthInfo
- func (auth *AuthInfo) FromClaims(claims jwt.MapClaims)
- func (auth *AuthInfo) FromDNSName(dnsName string)
- func (auth *AuthInfo) FromDNSNames(dnsNames []string)
- func (auth *AuthInfo) Merge(other *AuthInfo) error
- func (auth *AuthInfo) Validate() error
- func (auth *AuthInfo) ValidateAudience(audience string) bool
- func (auth *AuthInfo) ValidateResource(resource string) bool
- func (auth *AuthInfo) ValidateResources(resources []string) ([]string, bool)
- func (auth *AuthInfo) ValidateScope(scope string) bool
- func (auth *AuthInfo) ValidateScopes(scopes []string) ([]string, bool)
- type ClientCertFunc
- type CtxKey
- type JwtAuth
- type JwtAuthConfig
- type JwtTokenFunc
- type JwtVerifyKey
- type MtlsAuth
- type MtlsAuthConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
Authes []AuthApi
}
func NewAuth ¶
func NewAuth(config *AuthConfig) *Auth
type AuthConfig ¶
type AuthConfig struct { Jwt JwtAuthConfig `embed:"" prefix:"jwt-" help:"JWT auth config"` Mtls MtlsAuthConfig `embed:"" prefix:"mtls-" help:"MTLS auth config"` }
type AuthInfo ¶
type AuthInfo struct { Subject string Audiences []string ScopeEnabled bool Scopes []string ResourceEnabled bool Resources []string Uuid string }
func (*AuthInfo) FromClaims ¶
func (auth *AuthInfo) FromClaims(claims jwt.MapClaims)
func (*AuthInfo) FromDNSName ¶
func (*AuthInfo) FromDNSNames ¶
func (*AuthInfo) ValidateAudience ¶
func (*AuthInfo) ValidateResource ¶
func (*AuthInfo) ValidateResources ¶
func (*AuthInfo) ValidateScope ¶
type ClientCertFunc ¶
type ClientCertFunc func(ctx context.Context) (*x509.Certificate, error)
type JwtAuth ¶
type JwtAuth struct { Config *JwtAuthConfig TokenFunc JwtTokenFunc }
func NewJwtAuth ¶
func NewJwtAuth(config *JwtAuthConfig, tokenFunc JwtTokenFunc) *JwtAuth
type JwtAuthConfig ¶
type JwtAuthConfig struct { Enabled bool `default:"false"` Audience string `help:"The client name registered in the JWT provider"` JwtVerifyKey `embed:"" prefix:"verify-key-" validate:"required_if=Enabled true"` }
type JwtVerifyKey ¶
type JwtVerifyKey struct { Types []string `enum:"ES256,ES384,ES512,EdDSA" help:"The type of the key to use for verification"` Files []string `validate:"samelen=Types" type:"file" help:"The path to the key file to use for verification"` // contains filtered or unexported fields }
func (*JwtVerifyKey) LoadVerifyKey ¶
func (k *JwtVerifyKey) LoadVerifyKey(token *jwt.Token) (interface{}, error)
func (*JwtVerifyKey) ResetKey ¶
func (k *JwtVerifyKey) ResetKey()
type MtlsAuth ¶
type MtlsAuth struct { Config *MtlsAuthConfig ClientCertFunc ClientCertFunc }
func NewMtlsAuth ¶
func NewMtlsAuth(config *MtlsAuthConfig, clientCertFunc ClientCertFunc) *MtlsAuth
type MtlsAuthConfig ¶
type MtlsAuthConfig struct { Enabled bool `negatable:"true" help:"Enable mutual tls auth"` // TrustedCA string `name:"trusted-ca" validate:"required_if=Enabled true,omitempty,file" help:"Path to the server trusted ca certs"` BaseDomain string `help:"The base domain of client cert"` ScopeEnabled bool `negatable:"true" help:"Should we load scopes from client cert"` ResourceEnabled bool `negatable:"true" help:"Should we load resources from client cert"` }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.