jwtauthextension

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

README

Authenticator - JWT

Status
Stability alpha
Distributions contrib
Issues Open issues Closed issues
Code Owners @aankur

Description

The JWT auth extensions implements a configauth.ServerAuthenticator, to be used in receivers inside the auth settings. The authenticator type has to be set to jwt. The incoming request is expected to have a Authorization header, with a value of Bearer <token>. The token is then validated using the configured secret setting. Currently, only HS256 is supported. We enrich the client context field Auth with the claims from the token. You can use this information in a processor like attributesprocessor to filter or enrich the data.

Usage

Simple With attributesprocessor 
extensions:
  jwt:
    # The secret used to validate the token
    secret: "secret"

receivers:
  otlp:
    protocols:
      grpc:
        # Add auth settings to the receiver
        auth:
          authenticator: jwt

processors:

exporters:
  logging:
    logLevel: debug

service:
  # Enable the extension
  extensions: [jwt]
  pipelines:
    traces:
      receivers: [otlp]
      processors: []
      exporters: [logging]

extensions:
  jwt:
    secret: "secret"

receivers:
  otlp:
    protocols:
      grpc:
        auth:
          authenticator: jwt

processors:
  # Extract the project id from the auth context
  attributes/from_auth_context:
    actions:
      - key: project.id
        from_context: auth.project_id
        action: insert

exporters:
  logging:
    logLevel: debug

service:
  extensions: [jwt]
  pipelines:
    traces:
      receivers: [otlp]
      # Apply the processor
      processors: [attributes/from_auth_context]
      exporters: [logging]

Configuration

The following settings are required:

  • secret (string): The secret used to validate the token. You can also use an environment variable ${ENV_VAR_NAME}.
  • attribute (string): The header name to look for auth data. Defaults to authorization.

Client support

OTEL clients can use the WithHeaders option to set the Authorization header.

client := otlptracehttp.NewClient(
    otlptracehttp.WithEndpoint(endpoint),
    otlptracehttp.WithHeaders(map[string]string{
        "Authorization": "Bearer <secret>",
    }),
)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewFactory 

func NewFactory() extension.Factory

NewFactory creates a factory for the OIDC Authenticator extension.

Types

type Config 

type Config struct {

	// The attribute (header name) to look for auth data. Optional, default value: "authorization".
	Attribute string `mapstructure:"attribute"`

	// The JWT secret to use for validation. Required.
	JWTSecret string `mapstructure:"secret"`
}

Config has the configuration for the OIDC Authenticator extension.

Source Files

View all Source files

Directories

Path Synopsis
internal
metadata

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.