auth

package

v0.6.2 Latest Latest Go to latest Published: Aug 15, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andydunstall/piko

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Config
type JWTClaims
type JWTVerifier
- func NewJWTVerifier(conf *LoadedConfig) *JWTVerifier
- func (v *JWTVerifier) Verify(tokenString string) (*Token, error)
type LoadedConfig
type PikoClaims
type Token
- func (t *Token) EndpointPermitted(endpointID string) bool
type Verifier

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidToken = errors.New("invalid token")
	ErrExpiredToken = errors.New("expired token")
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// HMACSecretKey is the secret key to authenticate HMAC endpoint
	// connection JWTs.
	HMACSecretKey string `json:"hmac_secret_key" yaml:"hmac_secret_key"`

	// RSAPublicKey is the public key to authenticate RSA endpoint
	// connection JWTs.
	RSAPublicKey string `json:"rsa_public_key" yaml:"rsa_public_key"`

	// ECDSAPublicKey is the public key to authenticate ECDSA endpoint
	// connection JWTs.
	ECDSAPublicKey string `json:"ecdsa_public_key" yaml:"ecdsa_public_key"`

	// Audience is the required 'aud' claim of the authenticated JWTs.
	//
	// If not given the 'aud' claim will be ignored.
	Audience string `json:"audience" yaml:"audience"`

	// Issuer is the required 'iss' claim of the authenticated JWTs.
	//
	// If not given the 'iss' claim will be ignored.
	Issuer string `json:"issuer" yaml:"issuer"`
}

Config configures how to verify client JWT tokens.

func (*Config) Enabled ¶

func (c *Config) Enabled() bool

Enabled returns whether authentication is enabled.

It is enabled when at least one verification key is configured.

func (*Config) Load ¶

func (c *Config) Load() (*LoadedConfig, error)

func (*Config) RegisterFlags ¶

func (c *Config) RegisterFlags(fs *pflag.FlagSet, prefix string)

type JWTClaims ¶

type JWTClaims struct {
	jwt.RegisteredClaims
	Piko PikoClaims `json:"piko"`
}

type JWTVerifier ¶

type JWTVerifier struct {
	// contains filtered or unexported fields
}

JWTVerifier verifies client JWT tokens.

func NewJWTVerifier ¶

func NewJWTVerifier(conf *LoadedConfig) *JWTVerifier

func (*JWTVerifier) Verify ¶

func (v *JWTVerifier) Verify(tokenString string) (*Token, error)

type LoadedConfig ¶

type LoadedConfig struct {
	HMACSecretKey  []byte
	RSAPublicKey   *rsa.PublicKey
	ECDSAPublicKey *ecdsa.PublicKey
	Audience       string
	Issuer         string
}

LoadedConfig is the same as Config except it parses the RSA and ECDSA keys.

type PikoClaims ¶

type PikoClaims struct {
	Endpoints []string `json:"endpoints"`
}

type Token ¶

type Token struct {
	// Expiry contains the time the token expires, or zero if there is no
	// expiry.
	Expiry time.Time

	// Endpoints contains the list of endpoint IDs the connection is permitted
	// to access (either connect to or listen on). If empty then all endpoints
	// are allowed.
	Endpoints []string
}

Token represents an authenticated Piko token.

func (*Token) EndpointPermitted ¶

func (t *Token) EndpointPermitted(endpointID string) bool

EndpointPermitted returns whether the token it permitted to access the endpoint with the given ID.

If the token doesn't include any endpoints, it can access all endpoints.

type Verifier ¶

type Verifier interface {
	Verify(token string) (*Token, error)
}

Verifier verifies client tokens.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL