Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidToken = errors.New("invalid token") ErrExpiredToken = errors.New("expired token") )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // HMACSecretKey is the secret key to authenticate HMAC endpoint // connection JWTs. HMACSecretKey string `json:"hmac_secret_key" yaml:"hmac_secret_key"` // RSAPublicKey is the public key to authenticate RSA endpoint // connection JWTs. RSAPublicKey string `json:"rsa_public_key" yaml:"rsa_public_key"` // ECDSAPublicKey is the public key to authenticate ECDSA endpoint // connection JWTs. ECDSAPublicKey string `json:"ecdsa_public_key" yaml:"ecdsa_public_key"` // Audience is the required 'aud' claim of the authenticated JWTs. // // If not given the 'aud' claim will be ignored. Audience string `json:"audience" yaml:"audience"` // Issuer is the required 'iss' claim of the authenticated JWTs. // // If not given the 'iss' claim will be ignored. Issuer string `json:"issuer" yaml:"issuer"` }
Config configures how to verify client JWT tokens.
func (*Config) Enabled ¶
Enabled returns whether authentication is enabled.
It is enabled when at least one verification key is configured.
func (*Config) Load ¶
func (c *Config) Load() (*LoadedConfig, error)
type JWTClaims ¶
type JWTClaims struct { jwt.RegisteredClaims Piko PikoClaims `json:"piko"` }
type JWTVerifier ¶
type JWTVerifier struct {
// contains filtered or unexported fields
}
JWTVerifier verifies client JWT tokens.
func NewJWTVerifier ¶
func NewJWTVerifier(conf *LoadedConfig) *JWTVerifier
type LoadedConfig ¶
type LoadedConfig struct { HMACSecretKey []byte RSAPublicKey *rsa.PublicKey ECDSAPublicKey *ecdsa.PublicKey Audience string Issuer string }
LoadedConfig is the same as Config except it parses the RSA and ECDSA keys.
type PikoClaims ¶
type PikoClaims struct {
Endpoints []string `json:"endpoints"`
}
type Token ¶
type Token struct { // Expiry contains the time the token expires, or zero if there is no // expiry. Expiry time.Time // Endpoints contains the list of endpoint IDs the connection is permitted // to access (either connect to or listen on). If empty then all endpoints // are allowed. Endpoints []string }
Token represents an authenticated Piko token.
func (*Token) EndpointPermitted ¶
EndpointPermitted returns whether the token it permitted to access the endpoint with the given ID.
If the token doesn't include any endpoints, it can access all endpoints.
Click to show internal directories.
Click to hide internal directories.