Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IntrospectFunc ¶ added in v0.4.0
IntrospectFunc signature for a function to call to introspect
type Introspector ¶ added in v0.4.0
type Introspector interface { /* VerifyToken verify a given token @param ctxt context.Context - the operating context @param token string - the original token @param expire int64 - when the token expires @param timestamp time.Time - the current timestamp @return whether token is valid */ VerifyToken(ctxt context.Context, token string, expire int64, timestamp time.Time) (bool, error) }
Introspector perform introspection on given token
func DefineIntrospector ¶ added in v0.4.0
func DefineIntrospector(cache TokenCache, introspectCB IntrospectFunc) Introspector
DefineIntrospector defines a new introspector object
@param cache TokenCache - token cache @param introspectCB IntrospectFunc - callback function to use to perform introspection @return new introspector
type OIDSigningJWK ¶
type OIDSigningJWK struct { Algorithm string `json:"alg"` Exponent string `json:"e"` Modulus string `json:"n"` ID string `json:"kid"` Type string `json:"kty"` Use string `json:"use"` }
OIDSigningJWK the public key used by the OpenID issuer to sign tokens
type OpenIDIssuerClient ¶
type OpenIDIssuerClient interface { /* AssociatedPublicKey fetches the associated public based on "kid" value of a JWT token @param token *jwt.Token - the JWT token to find the public key for @return public key material */ AssociatedPublicKey(token *jwt.Token) (interface{}, error) /* ParseJWT parses a string into a JWT token object. @param raw string - the original JWT string @param claimStore jwt.Claims - the object to store the claims in @return the parsed JWT token object */ ParseJWT(raw string, claimStore jwt.Claims) (*jwt.Token, error) /* CanIntrospect whether the client can perform introspection @return whether the client can perform introspection */ CanIntrospect() bool /* IntrospectToken perform introspection for a token @param ctxt context.Context - the operating context @param token string - the token to introspect @return whether token is still valid */ IntrospectToken(ctxt context.Context, token string) (bool, error) }
OpenIDIssuerClient a client to interact with an OpenID issuer
func DefineOpenIDClient ¶
func DefineOpenIDClient( idpConfig common.OpenIDIssuerConfig, httpClient *http.Client, ) (OpenIDIssuerClient, error)
DefineOpenIDClient defines a new OpenID issuer client
@param idpConfig common.OpenIDIssuerConfig - OpenID issuer parameters @param httpClient *http.Client - the HTTP client to use to communicate with the OpenID issuer @return new client instance
type OpenIDIssuerConfig ¶
type OpenIDIssuerConfig struct { Issuer string `json:"issuer"` AuthorizationEP string `json:"authorization_endpoint"` TokenEP string `json:"token_endpoint"` IntrospectionEP string `json:"introspection_endpoint"` TokenIntrospectionEP string `json:"token_introspection_endpoint"` UserinfoEP string `json:"userinfo_endpoint"` EndSessionEP string `json:"end_session_endpoint"` JwksURI string `json:"jwks_uri"` ClientRegistrationEP string `json:"registration_endpoint"` RevocationEP string `json:"revocation_endpoint"` TokenEPAuthMethods []string `json:"token_endpoint_auth_methods_supported"` ClaimsSupported []string `json:"claims_supported"` }
OpenIDIssuerConfig holds the OpenID issuer's API info.
This is typically read from http://{{ OpenID issuer }}/.well-known/openid-configuration.
The current structure is mainly based around the response from KeyCloak
type TokenCache ¶ added in v0.4.0
type TokenCache interface { /* RecordToken cache a new token @param ctxt context.Context - the operating context @param token string - the original token @param expire int64 - when the token expires @param timestamp time.Time - the current timestamp @return whether caching was successful */ RecordToken(ctxt context.Context, token string, expire int64, timestamp time.Time) error /* RecordToken remote a token from cache @param ctxt context.Context - the operating context @param token string - the original token @return whether delete was successful */ RemoveToken(ctxt context.Context, token string) error /* ValidTokenInCache check whether this token is already cached and valid. If the token is present, but requires re-validation, this function will remove the token from cache and indicate no valid token is cached. @param ctxt context.Context - the operating context @param token string - the original token @param timestamp time.Time - the current timestamp @return whether it is present and valid */ ValidTokenInCache(ctxt context.Context, token string, timestamp time.Time) (bool, error) /* RemoveExpiredFromCache remove all expired tokens from cache @param ctxt context.Context - the operating context @param timestamp time.Time - the current timestamp @return whether successful */ RemoveExpiredFromCache(ctxt context.Context, timestamp time.Time) error /* ClearCache remove all entries from cache @param ctxt context.Context - the operating context */ ClearCache(ctxt context.Context) }
TokenCache cache for recording and fetching tokens encountered
func DefineTokenCache ¶ added in v0.4.0
func DefineTokenCache(refreshInt time.Duration) TokenCache
DefineTokenCache defines a new token cache object
@param refreshInt time.Duration - a token must to be re-validated after this duration @return new cache instance