Documentation ¶
Index ¶
- func FromAuthHeader(r *http.Request) (string, error)
- func GetClaims(r *http.Request, logger logger.LoggerInterface) (claims map[string]interface{}, err error)
- func OnError(w http.ResponseWriter, r *http.Request, err string)
- type AuthMiddleware
- type AuthMiddlewareOptions
- type OauthHandler
- type TokenExtractor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FromAuthHeader ¶
FromAuthHeader is a "TokenExtractor" that takes a give request and extracts the JWT token from the Authorization header.
Types ¶
type AuthMiddleware ¶
type AuthMiddleware struct { Options AuthMiddlewareOptions // contains filtered or unexported fields }
func NewAuthMiddleware ¶
func NewAuthMiddleware(logger logger.LoggerInterface, options ...AuthMiddlewareOptions) *AuthMiddleware
New constructs a new Secure instance with supplied options.
func (*AuthMiddleware) CheckJWT ¶
func (m *AuthMiddleware) CheckJWT(w http.ResponseWriter, r *http.Request) error
type AuthMiddlewareOptions ¶
type AuthMiddlewareOptions struct { // The function that will return the Key to validate the JWT. // It can be either a shared secret or a public key. // Default value: nil ValidationKeyGetter jwt.Keyfunc // The name of the property in the request where the user information // from the JWT will be stored. // Default value: "user" UserProperty string // The function that will be called when there's an error validating the token // Default value: ErrorHandler errorHandler // A boolean indicating if the credentials are required or not // Default value: false CredentialsOptional bool // A function that extracts the token from the request // Default: FromAuthHeader (i.e., from Authorization header as bearer token) Extractor TokenExtractor // Debug flag turns on debugging output // Default: false Debug bool // When set, all requests with the OPTIONS method will use authentication // Default: false EnableAuthOnOptions bool // When set, the middelware verifies that tokens are signed with the specific signing algorithm // If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks // Important to avoid securlty issues described here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ // Default: nil SigningMethod jwt.SigningMethod }
Options is a struct for specifying configuration options for the middleware.
type OauthHandler ¶
type OauthHandler struct {
// contains filtered or unexported fields
}
type TokenExtractor ¶
TokenExtractor is a function that takes a request as input and returns either a token or an error. An error should only be returned if an attempt to specify a token was found, but the information was somehow incorrectly formed. In the case where a token is simply not present, this should not be treated as an error. An empty string should be returned in that case.
Click to show internal directories.
Click to hide internal directories.