auth

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 23, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

README

Auth - Authentication and Authorization service

Auth service provides authentication features as an API for managing authentication keys as well as administering groups of entities - things and users.

Authentication

User service is using Auth service gRPC API to obtain login token or password reset token. Authentication key consists of the following fields:

  • ID - key ID
  • Type - one of the three types described below
  • IssuerID - an ID of the Magistrala User who issued the key
  • Subject - user ID for which the key is issued
  • IssuedAt - the timestamp when the key is issued
  • ExpiresAt - the timestamp after which the key is invalid

There are four types of authentication keys:

  • Access key - keys issued to the user upon login request
  • Refresh key - keys used to generate new access keys
  • Recovery key - password recovery key
  • API key - keys issued upon the user request
  • Invitation key - keys used to invite new users

Authentication keys are represented and distributed by the corresponding JWT.

User keys are issued when user logs in. Each user request (other than registration and login) contains user key that is used to authenticate the user.

API keys are similar to the User keys. The main difference is that API keys have configurable expiration time. If no time is set, the key will never expire. For that reason, API keys are the only key type that can be revoked. This also means that, despite being used as a JWT, it requires a query to the database to validate the API key. The user with API key can perform all the same actions as the user with login key (can act on behalf of the user for Thing, Channel, or user profile management), except issuing new API keys.

Recovery key is the password recovery key. It's short-lived token used for password recovery process.

For in-depth explanation of the aforementioned scenarios, as well as thorough understanding of Magistrala, please check out the official documentation.

The following actions are supported:

  • create (all key types)
  • verify (all key types)
  • obtain (API keys only)
  • revoke (API keys only)

Domains

Domains are used to group users and things. Each domain has a unique alias that is used to identify the domain. Domains are used to group users and their entities.

Domain consists of the following fields:

  • ID - UUID uniquely representing domain
  • Name - name of the domain
  • Tags - array of tags
  • Metadata - Arbitrary, object-encoded domain's data
  • Alias - unique alias of the domain
  • CreatedAt - timestamp at which the domain is created
  • UpdatedAt - timestamp at which the domain is updated
  • UpdatedBy - user that updated the domain
  • CreatedBy - user that created the domain
  • Status - domain status

Configuration

The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.

Variable Description Default
MG_AUTH_LOG_LEVEL Log level for the Auth service (debug, info, warn, error) info
MG_AUTH_DB_HOST Database host address localhost
MG_AUTH_DB_PORT Database host port 5432
MG_AUTH_DB_USER Database user magistrala
MG_AUTH_DB_PASSWORD Database password magistrala
MG_AUTH_DB_NAME Name of the database used by the service auth
MG_AUTH_DB_SSL_MODE Database connection SSL mode (disable, require, verify-ca, verify-full) disable
MG_AUTH_DB_SSL_CERT Path to the PEM encoded certificate file ""
MG_AUTH_DB_SSL_KEY Path to the PEM encoded key file ""
MG_AUTH_DB_SSL_ROOT_CERT Path to the PEM encoded root certificate file ""
MG_AUTH_HTTP_HOST Auth service HTTP host ""
MG_AUTH_HTTP_PORT Auth service HTTP port 8189
MG_AUTH_HTTP_SERVER_CERT Path to the PEM encoded HTTP server certificate file ""
MG_AUTH_HTTP_SERVER_KEY Path to the PEM encoded HTTP server key file ""
MG_AUTH_GRPC_HOST Auth service gRPC host ""
MG_AUTH_GRPC_PORT Auth service gRPC port 8181
MG_AUTH_GRPC_SERVER_CERT Path to the PEM encoded gRPC server certificate file ""
MG_AUTH_GRPC_SERVER_KEY Path to the PEM encoded gRPC server key file ""
MG_AUTH_GRPC_SERVER_CA_CERTS Path to the PEM encoded gRPC server CA certificate file ""
MG_AUTH_GRPC_CLIENT_CA_CERTS Path to the PEM encoded gRPC client CA certificate file ""
MG_AUTH_SECRET_KEY String used for signing tokens secret
MG_AUTH_ACCESS_TOKEN_DURATION The access token expiration period 8h
MG_AUTH_REFRESH_TOKEN_DURATION The refresh token expiration period 24h
MG_AUTH_INVITATION_DURATION The invitation token expiration period 168h
MG_SPICEDB_HOST SpiceDB host address localhost
MG_SPICEDB_PORT SpiceDB host port 50051
MG_SPICEDB_PRE_SHARED_KEY SpiceDB pre-shared key 12345678
MG_SPICEDB_SCHEMA_FILE Path to SpiceDB schema file ./docker/spicedb/schema.zed
MG_JAEGER_URL Jaeger server URL http://jaeger:14268/api/traces
MG_JAEGER_TRACE_RATIO Jaeger sampling ratio 1.0
MG_SEND_TELEMETRY Send telemetry to magistrala call home server true
MG_AUTH_ADAPTER_INSTANCE_ID Adapter instance ID ""

Deployment

The service itself is distributed as Docker container. Check the auth service section in docker-compose file to see how service is deployed.

Running this service outside of container requires working instance of the postgres database, SpiceDB, and Jaeger server. To start the service outside of the container, execute the following shell script:

# download the latest version of the service
git clone https://github.com/andychao217/magistrala

cd magistrala

# compile the service
make auth

# copy binary to bin
make install

# set the environment variables and run the service
MG_AUTH_LOG_LEVEL=info \
MG_AUTH_DB_HOST=localhost \
MG_AUTH_DB_PORT=5432 \
MG_AUTH_DB_USER=magistrala \
MG_AUTH_DB_PASSWORD=magistrala \
MG_AUTH_DB_NAME=auth \
MG_AUTH_DB_SSL_MODE=disable \
MG_AUTH_DB_SSL_CERT="" \
MG_AUTH_DB_SSL_KEY="" \
MG_AUTH_DB_SSL_ROOT_CERT="" \
MG_AUTH_HTTP_HOST=localhost \
MG_AUTH_HTTP_PORT=8189 \
MG_AUTH_HTTP_SERVER_CERT="" \
MG_AUTH_HTTP_SERVER_KEY="" \
MG_AUTH_GRPC_HOST=localhost \
MG_AUTH_GRPC_PORT=8181 \
MG_AUTH_GRPC_SERVER_CERT="" \
MG_AUTH_GRPC_SERVER_KEY="" \
MG_AUTH_GRPC_SERVER_CA_CERTS="" \
MG_AUTH_GRPC_CLIENT_CA_CERTS="" \
MG_AUTH_SECRET_KEY=secret \
MG_AUTH_ACCESS_TOKEN_DURATION=8h \
MG_AUTH_REFRESH_TOKEN_DURATION=24h \
MG_AUTH_INVITATION_DURATION=168h \
MG_SPICEDB_HOST=localhost \
MG_SPICEDB_PORT=50051 \
MG_SPICEDB_PRE_SHARED_KEY=12345678 \
MG_SPICEDB_SCHEMA_FILE=./docker/spicedb/schema.zed \
MG_JAEGER_URL=http://localhost:14268/api/traces \
MG_JAEGER_TRACE_RATIO=1.0 \
MG_SEND_TELEMETRY=true \
MG_AUTH_ADAPTER_INSTANCE_ID="" \
$GOBIN/magistrala-auth

Setting MG_AUTH_HTTP_SERVER_CERT and MG_AUTH_HTTP_SERVER_KEY will enable TLS against the service. The service expects a file in PEM format for both the certificate and the key. Setting MG_AUTH_GRPC_SERVER_CERT and MG_AUTH_GRPC_SERVER_KEY will enable TLS against the service. The service expects a file in PEM format for both the certificate and the key. Setting MG_AUTH_GRPC_SERVER_CA_CERTS will enable TLS against the service trusting only those CAs that are provided. The service expects a file in PEM format of trusted CAs. Setting MG_AUTH_GRPC_CLIENT_CA_CERTS will enable TLS against the service trusting only those CAs that are provided. The service expects a file in PEM format of trusted CAs.

Usage

For more information about service capabilities and its usage, please check out the API documentation.

Documentation

Index

Constants

View Source 
const (
	Disabled = "disabled"
	Enabled  = "enabled"
	Freezed  = "freezed"
	All      = "all"
	Unknown  = "unknown"
)

String representation of the possible status values.

View Source 
const (
	TokenKind      = "token"
	GroupsKind     = "groups"
	NewGroupKind   = "new_group"
	ChannelsKind   = "channels"
	NewChannelKind = "new_channel"
	ThingsKind     = "things"
	NewThingKind   = "new_thing"
	UsersKind      = "users"
	DomainsKind    = "domains"
	PlatformKind   = "platform"
)
View Source 
const (
	GroupType    = "group"
	ThingType    = "thing"
	UserType     = "user"
	DomainType   = "domain"
	PlatformType = "platform"
)
View Source 
const (
	AdministratorRelation = "administrator"
	EditorRelation        = "editor"
	ViewerRelation        = "viewer"
	MemberRelation        = "member"
	DomainRelation        = "domain"
	ParentGroupRelation   = "parent_group"
	RoleGroupRelation     = "role_group"
	GroupRelation         = "group"
	PlatformRelation      = "platform"
)
View Source 
const (
	AdminPermission      = "admin"
	DeletePermission     = "delete"
	EditPermission       = "edit"
	ViewPermission       = "view"
	MembershipPermission = "membership"
	SharePermission      = "share"
	PublishPermission    = "publish"
	SubscribePermission  = "subscribe"
)
View Source 
const MagistralaObject = "magistrala"

Variables

View Source 
var (
	// ErrInvalidKeyIssuedAt indicates that the Key is being used before it's issued.
	ErrInvalidKeyIssuedAt = errors.New("invalid issue time")

	// ErrKeyExpired indicates that the Key is expired.
	ErrKeyExpired = errors.New("use of expired key")

	// ErrAPIKeyExpired indicates that the Key is expired
	// and that the key type is API key.
	ErrAPIKeyExpired = errors.New("use of expired API key")
)
View Source 
var (
	// ErrExpiry indicates that the token is expired.
	ErrExpiry = errors.New("token is expired")
)
View Source 
var ErrStatusAlreadyAssigned = errors.New("status already assigned")

ErrStatusAlreadyAssigned indicated that the client or group has already been assigned the status.

Functions

func DecodeDomainUserID 

func DecodeDomainUserID(domainUserID string) (string, string)

func EncodeDomainUserID 

func EncodeDomainUserID(domainID, userID string) string

func SwitchToPermission 

func SwitchToPermission(relation string) string

Switch the relative permission for the relation.

Types

type Authn 

type Authn interface {
	// Issue issues a new Key, returning its token value alongside.
	Issue(ctx context.Context, token string, key Key) (Token, error)

	// Revoke removes the Key with the provided id that is
	// issued by the user identified by the provided key.
	Revoke(ctx context.Context, token, id string) error

	// RetrieveKey retrieves data for the Key identified by the provided
	// ID, that is issued by the user identified by the provided key.
	RetrieveKey(ctx context.Context, token, id string) (Key, error)

	// Identify validates token token. If token is valid, content
	// is returned. If token is invalid, or invocation failed for some
	// other reason, non-nil error value is returned in response.
	Identify(ctx context.Context, token string) (Key, error)
}

Authn specifies an API that must be fullfiled by the domain service implementation, and all of its decorators (e.g. logging & metrics). Token is a string value of the actual Key and is used to authenticate an Auth service request.

type Authz 

type Authz interface {
	// Authorize checks authorization of the given `subject`. Basically,
	// Authorize verifies that Is `subject` allowed to `relation` on
	// `object`. Authorize returns a non-nil error if the subject has
	// no relation on the object (which simply means the operation is
	// denied).
	Authorize(ctx context.Context, pr PolicyReq) error

	// AddPolicy creates a policy for the given subject, so that, after
	// AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil
	// error in case of failures.
	AddPolicy(ctx context.Context, pr PolicyReq) error

	// AddPolicies adds new policies for given subjects. This method is
	// only allowed to use as an admin.
	AddPolicies(ctx context.Context, prs []PolicyReq) error

	// DeletePolicy removes a policy.
	DeletePolicy(ctx context.Context, pr PolicyReq) error

	// DeletePolicies deletes policies for given subjects. This method is
	// only allowed to use as an admin.
	DeletePolicies(ctx context.Context, prs []PolicyReq) error

	// ListObjects lists policies based on the given PolicyReq structure.
	ListObjects(ctx context.Context, pr PolicyReq, nextPageToken string, limit uint64) (PolicyPage, error)

	// ListAllObjects lists all policies based on the given PolicyReq structure.
	ListAllObjects(ctx context.Context, pr PolicyReq) (PolicyPage, error)

	// CountPolicies count policies based on the given PolicyReq structure.
	CountObjects(ctx context.Context, pr PolicyReq) (uint64, error)

	// ListSubjects lists subjects based on the given PolicyReq structure.
	ListSubjects(ctx context.Context, pr PolicyReq, nextPageToken string, limit uint64) (PolicyPage, error)

	// ListAllSubjects lists all subjects based on the given PolicyReq structure.
	ListAllSubjects(ctx context.Context, pr PolicyReq) (PolicyPage, error)

	// CountSubjects count policies based on the given PolicyReq structure.
	CountSubjects(ctx context.Context, pr PolicyReq) (uint64, error)

	// ListPermissions lists permission betweeen given subject and object .
	ListPermissions(ctx context.Context, pr PolicyReq, filterPermission []string) (Permissions, error)

	// DeleteEntityPolicies deletes all policies for the given entity.
	DeleteEntityPolicies(ctx context.Context, entityType, id string) error
}

Authz represents a authorization service. It exposes functionalities through `auth` to perform authorization.

type Channel 

type Channel struct {
	ID        string `json:"id"`
	OwnerID   string `json:"owner_id"`
	Name      string `json:"name"`
	CreatedAt string `json:"created_at"`
	UpdatedAt string `json:"updated_at"`
	Status    string `json:"status"`
}

type Credentials 

type Credentials struct {
	Identity string `json:"identity"`
}

Credentials 结构体表示credentials对象

type Domain 

type Domain struct {
	ID         string           `json:"id"`
	Name       string           `json:"name"`
	Metadata   clients.Metadata `json:"metadata,omitempty"`
	Tags       []string         `json:"tags,omitempty"`
	Alias      string           `json:"alias,omitempty"`
	Status     Status           `json:"status"`
	Permission string           `json:"permission,omitempty"`
	CreatedBy  string           `json:"created_by,omitempty"`
	CreatedAt  time.Time        `json:"created_at"`
	UpdatedBy  string           `json:"updated_by,omitempty"`
	UpdatedAt  time.Time        `json:"updated_at,omitempty"`
}

type DomainReq 

type DomainReq struct {
	Name     *string           `json:"name,omitempty"`
	Metadata *clients.Metadata `json:"metadata,omitempty"`
	Tags     *[]string         `json:"tags,omitempty"`
	Alias    *string           `json:"alias,omitempty"`
	Status   *Status           `json:"status,omitempty"`
}

type Domains 

type Domains interface {
	CreateDomain(ctx context.Context, token string, d Domain) (Domain, error)
	RetrieveDomain(ctx context.Context, token string, id string) (Domain, error)
	RetrieveDomainPermissions(ctx context.Context, token string, id string) (Permissions, error)
	UpdateDomain(ctx context.Context, token string, id string, d DomainReq) (Domain, error)
	ChangeDomainStatus(ctx context.Context, token string, id string, d DomainReq) (Domain, error)
	ListDomains(ctx context.Context, token string, page Page) (DomainsPage, error)
	AssignUsers(ctx context.Context, token string, id string, userIds []string, relation string) error
	UnassignUsers(ctx context.Context, token string, id string, userIds []string, relation string) error
	ListUserDomains(ctx context.Context, token string, userID string, page Page) (DomainsPage, error)
}

type DomainsPage 

type DomainsPage struct {
	Total   uint64   `json:"total"`
	Offset  uint64   `json:"offset"`
	Limit   uint64   `json:"limit"`
	Domains []Domain `json:"domains"`
}

func (DomainsPage) MarshalJSON 

func (page DomainsPage) MarshalJSON() ([]byte, error)

type DomainsRepository 

type DomainsRepository interface {
	// Save creates db insert transaction for the given domain.
	Save(ctx context.Context, d Domain) (Domain, error)

	// RetrieveByID retrieves Domain by its unique ID.
	RetrieveByID(ctx context.Context, id string) (Domain, error)

	// RetrievePermissions retrieves domain permissions.
	RetrievePermissions(ctx context.Context, subject, id string) ([]string, error)

	// RetrieveAllByIDs retrieves for given Domain IDs .
	RetrieveAllByIDs(ctx context.Context, pm Page) (DomainsPage, error)

	// Update updates the client name and metadata.
	Update(ctx context.Context, id string, userID string, d DomainReq) (Domain, error)

	// Delete
	Delete(ctx context.Context, id string) error

	// SavePolicies save policies in domains database
	SavePolicies(ctx context.Context, pcs ...Policy) error

	// DeletePolicies delete policies from domains database
	DeletePolicies(ctx context.Context, pcs ...Policy) error

	// ListDomains list all the domains
	ListDomains(ctx context.Context, pm Page) (DomainsPage, error)

	// CheckPolicy check policy in domains database.
	CheckPolicy(ctx context.Context, pc Policy) error

	// DeleteUserPolicies deletes user policies from domains database.
	DeleteUserPolicies(ctx context.Context, id string) (err error)
}

DomainsRepository specifies Domain persistence API.

type Key 

type Key struct {
	ID        string    `json:"id,omitempty"`
	Type      KeyType   `json:"type,omitempty"`
	Issuer    string    `json:"issuer,omitempty"`
	Subject   string    `json:"subject,omitempty"` // user ID
	User      string    `json:"user,omitempty"`
	Domain    string    `json:"domain,omitempty"` // domain user ID
	IssuedAt  time.Time `json:"issued_at,omitempty"`
	ExpiresAt time.Time `json:"expires_at,omitempty"`
}

Key represents API key.

func (Key) Expired 

func (key Key) Expired() bool

Expired verifies if the key is expired.

func (Key) String 

func (key Key) String() string

type KeyRepository 

type KeyRepository interface {
	// Save persists the Key. A non-nil error is returned to indicate
	// operation failure
	Save(ctx context.Context, key Key) (id string, err error)

	// Retrieve retrieves Key by its unique identifier.
	Retrieve(ctx context.Context, issuer string, id string) (key Key, err error)

	// Remove removes Key with provided ID.
	Remove(ctx context.Context, issuer string, id string) error
}

KeyRepository specifies Key persistence API.

type KeyType 

type KeyType uint32
const (
	// AccessKey is temporary User key received on successful login.
	AccessKey KeyType = iota
	// RefreshKey is a temporary User key used to generate a new access key.
	RefreshKey
	// RecoveryKey represents a key for resseting password.
	RecoveryKey
	// APIKey enables the one to act on behalf of the user.
	APIKey
	// InvitationKey is a key for inviting new users.
	InvitationKey
)

func (KeyType) String 

func (kt KeyType) String() string

type Page 

type Page struct {
	Total      uint64           `json:"total"`
	Offset     uint64           `json:"offset"`
	Limit      uint64           `json:"limit"`
	Name       string           `json:"name,omitempty"`
	Order      string           `json:"-"`
	Dir        string           `json:"-"`
	Metadata   clients.Metadata `json:"metadata,omitempty"`
	Tag        string           `json:"tag,omitempty"`
	Permission string           `json:"permission,omitempty"`
	Status     Status           `json:"status,omitempty"`
	ID         string           `json:"id,omitempty"`
	IDs        []string         `json:"-"`
	Identity   string           `json:"identity,omitempty"`
	SubjectID  string           `json:"-"`
}

type Permissions 

type Permissions []string

type Policy 

type Policy struct {
	SubjectType     string `json:"subject_type,omitempty"`
	SubjectID       string `json:"subject_id,omitempty"`
	SubjectRelation string `json:"subject_relation,omitempty"`
	Relation        string `json:"relation,omitempty"`
	ObjectType      string `json:"object_type,omitempty"`
	ObjectID        string `json:"object_id,omitempty"`
}

type PolicyAgent 

type PolicyAgent interface {
	// CheckPolicy checks if the subject has a relation on the object.
	// It returns a non-nil error if the subject has no relation on
	// the object (which simply means the operation is denied).
	CheckPolicy(ctx context.Context, pr PolicyReq) error

	// AddPolicy creates a policy for the given subject, so that, after
	// AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil
	// error in case of failures.
	AddPolicy(ctx context.Context, pr PolicyReq) error

	// AddPolicies creates a Bulk Policies  for the given request
	AddPolicies(ctx context.Context, prs []PolicyReq) error

	// DeletePolicy removes a policy.
	DeletePolicy(ctx context.Context, pr PolicyReq) error

	// DeletePolicy removes a policy.
	DeletePolicies(ctx context.Context, pr []PolicyReq) error

	// RetrieveObjects
	RetrieveObjects(ctx context.Context, pr PolicyReq, nextPageToken string, limit uint64) ([]PolicyRes, string, error)

	// RetrieveAllObjects
	RetrieveAllObjects(ctx context.Context, pr PolicyReq) ([]PolicyRes, error)

	// RetrieveAllObjectsCount
	RetrieveAllObjectsCount(ctx context.Context, pr PolicyReq) (uint64, error)

	// RetrieveSubjects
	RetrieveSubjects(ctx context.Context, pr PolicyReq, nextPageToken string, limit uint64) ([]PolicyRes, string, error)

	// RetrieveAllSubjects
	RetrieveAllSubjects(ctx context.Context, pr PolicyReq) ([]PolicyRes, error)

	// RetrieveAllSubjectsCount
	RetrieveAllSubjectsCount(ctx context.Context, pr PolicyReq) (uint64, error)

	// (ctx context.Context, pr PolicyReq, filterPermissions []string) ([]PolicyReq, error)
	RetrievePermissions(ctx context.Context, pr PolicyReq, filterPermission []string) (Permissions, error)
}

PolicyAgent facilitates the communication to authorization services and implements Authz functionalities for certain authorization services (e.g. ORY Keto).

type PolicyPage 

type PolicyPage struct {
	Policies      []string
	NextPageToken string
}

type PolicyReq 

type PolicyReq struct {
	// Domain contains the domain ID.
	Domain string `json:"domain,omitempty"`

	// Subject contains the subject ID or Token.
	Subject string `json:"subject"`

	// SubjectType contains the subject type. Supported subject types are
	// platform, group, domain, thing, users.
	SubjectType string `json:"subject_type"`

	// SubjectKind contains the subject kind. Supported subject kinds are
	// token, users, platform, things, channels, groups, domain.
	SubjectKind string `json:"subject_kind"`

	// SubjectRelation contains subject relations.
	SubjectRelation string `json:"subject_relation,omitempty"`

	// Object contains the object ID.
	Object string `json:"object"`

	// ObjectKind contains the object kind. Supported object kinds are
	// users, platform, things, channels, groups, domain.
	ObjectKind string `json:"object_kind"`

	// ObjectType contains the object type. Supported object types are
	// platform, group, domain, thing, users.
	ObjectType string `json:"object_type"`

	// Relation contains the relation. Supported relations are administrator, editor, viewer, member,parent_group,group,domain.
	Relation string `json:"relation,omitempty"`

	// Permission contains the permission. Supported permissions are admin, delete, edit, share, view, membership,
	// admin_only, edit_only, viewer_only, membership_only, ext_admin, ext_edit, ext_view
	Permission string `json:"permission,omitempty"`
}

PolicyReq represents an argument struct for making policy-related function calls. It is used to pass information required for policy evaluation and enforcement.

func (PolicyReq) String 

func (pr PolicyReq) String() string

type PolicyRes 

type PolicyRes struct {
	Namespace       string
	Subject         string
	SubjectType     string
	SubjectRelation string
	Object          string
	ObjectType      string
	Relation        string
	Permission      string
}

type Service 

type Service interface {
	Authn
	Authz
	Domains
}

func New 

func New(keys KeyRepository, domains DomainsRepository, idp magistrala.IDProvider, tokenizer Tokenizer, policyAgent PolicyAgent, loginDuration, refreshDuration, invitationDuration time.Duration) Service

New instantiates the auth service implementation.

type Status 

type Status uint8

Status represents Domain status. 

const (
	// EnabledStatus represents enabled Domain.
	EnabledStatus Status = iota
	// DisabledStatus represents disabled Domain.
	DisabledStatus
	// FreezeStatus represents domain is in freezed state.
	FreezeStatus

	// AllStatus is used for querying purposes to list Domains irrespective
	// of their status - enabled, disabled, freezed, deleting. It is never stored in the
	// database as the actual domain status and should always be the larger than freeze status
	// value in this enumeration.
	AllStatus
)

Possible Domain status values.

func ToStatus 

func ToStatus(status string) (Status, error)

ToStatus converts string value to a valid Domain status.

func (Status) MarshalJSON 

func (s Status) MarshalJSON() ([]byte, error)

Custom Marshaller for Domains status.

func (Status) String 

func (s Status) String() string

String converts client/group status to string literal.

func (*Status) UnmarshalJSON 

func (s *Status) UnmarshalJSON(data []byte) error

Custom Unmarshaler for Domains status.

type Token 

type Token struct {
	AccessToken  string // AccessToken contains the security credentials for a login session and identifies the client.
	RefreshToken string // RefreshToken is a credential artifact that OAuth can use to get a new access token without client interaction.
	AccessType   string // AccessType is the specific type of access token issued. It can be Bearer, Client or Basic.
}

type TokenResponseBody 

type TokenResponseBody struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	AccessType   string `json:"access_type"`
}

type Tokenizer 

type Tokenizer interface {
	// Issue converts API Key to its string representation.
	Issue(key Key) (token string, err error)

	// Parse extracts API Key data from string token.
	Parse(token string) (key Key, err error)
}

Tokenizer specifies API for encoding and decoding between string and Key.

type UserInfoResponseBody 

type UserInfoResponseBody struct {
	ID          string                 `json:"id"`
	Name        string                 `json:"name"`
	Credentials Credentials            `json:"credentials"`
	Metadata    map[string]interface{} `json:"metadata"`
	CreatedAt   time.Time              `json:"created_at"`
	UpdatedAt   time.Time              `json:"updated_at"`
	UpdatedBy   string                 `json:"updated_by"`
	Status      string                 `json:"status"`
}

UserInfo 结构体表示整个JSON对象

Source Files

View all Source files

Directories

Path Synopsis
api
Package api contains implementation of Auth service HTTP API.
 Package api contains implementation of Auth service HTTP API.
grpc
Package grpc contains implementation of Auth service gRPC API.
 Package grpc contains implementation of Auth service gRPC API.
http
http/domains
http/keys
Package postgres contains Key repository implementations using PostgreSQL as the underlying database.
 Package postgres contains Key repository implementations using PostgreSQL as the underlying database.
Package tracing provides tracing instrumentation for Magistrala Users service.
 Package tracing provides tracing instrumentation for Magistrala Users service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.