Documentation ¶
Index ¶
- type Processor
- func (p *Processor) AddOrUpdateService(name string, apis *urisearch.APICache, handler usertokens.Verifier, ...)
- func (p *Processor) Callback(name string, w http.ResponseWriter, r *http.Request)
- func (p *Processor) Check(name, method, uri string, claims []string) (bool, bool)
- func (p *Processor) DecodeAporetoClaims(name, aporetoToken string, publicKey string) (string, []string)
- func (p *Processor) DecodeUserClaims(name, userToken string, certs []*x509.Certificate, r *http.Request) ([]string, bool, error)
- func (p *Processor) RedirectURI(name string, originURL string) string
- func (p *Processor) RemoveService(name string)
- func (p *Processor) UpdateRequestHeaders(name string, r *http.Request, claims []string)
- func (p *Processor) UpdateSecrets(s secrets.Secrets, trustedCertificate *x509.Certificate)
- func (p *Processor) UpdateServiceAPIs(name string, apis *urisearch.APICache) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Processor ¶
Processor holds all the local data of the authorization engine. A processor can handle authorization for multiple services. The goal is to authenticate a request based on both service and user credentials.
func NewProcessor ¶
func NewProcessor(s secrets.Secrets, trustedCertificate *x509.Certificate) *Processor
NewProcessor creates an auth processor with PKI user tokens. The caller must provide a valid secrets structure and an optional list of trustedCertificates that can be used to validate tokens. If the list is empty, the CA from the secrets will be used for token validation.
func (*Processor) AddOrUpdateService ¶
func (p *Processor) AddOrUpdateService(name string, apis *urisearch.APICache, handler usertokens.Verifier, mappings map[string]string)
AddOrUpdateService adds or replaces a service in the authorization db.
func (*Processor) Callback ¶
Callback is function called by and IDP auth provider will exchange the provided authorization code with a JWT token. This closes the Oauth loop.
func (*Processor) Check ¶
Check is the main method that will search API cache and validate whether the call should be allowed. It returns two values. If the access is allowed, and whether the access public or not. This allows callers to decide what to do when there is a failure, and potentially issue a redirect.
func (*Processor) DecodeAporetoClaims ¶
func (p *Processor) DecodeAporetoClaims(name, aporetoToken string, publicKey string) (string, []string)
DecodeAporetoClaims decodes the Aporeto claims
func (*Processor) DecodeUserClaims ¶
func (p *Processor) DecodeUserClaims(name, userToken string, certs []*x509.Certificate, r *http.Request) ([]string, bool, error)
DecodeUserClaims decodes the user claims with the user authorization method.
func (*Processor) RedirectURI ¶
RedirectURI returns the redirect URI in order to start the authentication dance.
func (*Processor) RemoveService ¶
RemoveService removes a service from the authorization db
func (*Processor) UpdateRequestHeaders ¶
UpdateRequestHeaders will update the request headers based on the user claims and the corresponding mappings.
func (*Processor) UpdateSecrets ¶
func (p *Processor) UpdateSecrets(s secrets.Secrets, trustedCertificate *x509.Certificate)
UpdateSecrets will update the Aporeto secrets for the validation of the Aporeto tokens.