Documentation ¶
Overview ¶
Package auth provides authentication and authorization support.
Index ¶
Constants ¶
const ( RoleAdmin = "ADMIN" RoleUser = "USER" )
These are the expected values for Claims.Roles.
const Key ctxKey = 1
Key is used to store/retrieve a Claims value from a context.Context.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.
func New ¶
func New(algorithm string, lookup PublicKeyLookup, keys Keys) (*Auth, error)
New creates an *Authenticator for use.
func (*Auth) AddKey ¶
func (a *Auth) AddKey(privateKey *rsa.PrivateKey, kid string)
AddKey adds a private key and combination kid id to our local store.
func (*Auth) GenerateToken ¶
GenerateToken generates a signed JWT token string representing the user Claims.
type Claims ¶
type Claims struct { jwt.StandardClaims Roles []string `json:"roles"` }
Claims represents the authorization claims transmitted via a JWT.
func (Claims) Authorized ¶
Authorized returns true if the claims has at least one of the provided roles.
type PublicKeyLookup ¶
PublicKeyLookup defines the signature of a function to lookup public keys.
In a production system, a key id (KID) is used to retrieve the correct public key to parse a JWT for auth and claims. A key lookup function is provided to perform the task of retrieving a KID for a given public key.
A key lookup function is required for creating an Authenticator.
* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by KID.
* KID to public key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.