Documentation ¶
Index ¶
- Constants
- Variables
- func AuthMiddleware(ps *ArmoryCloudPrincipalService) func(handler http.Handler) http.Handler
- func DangerouslyWriteUnverifiedPrincipalToContext(c context.Context, principal *ArmoryCloudPrincipal) context.Context
- func ExtractBearerToken(r *http.Request) (string, error)
- func GinAuthMiddleware(ps *ArmoryCloudPrincipalService, allowWithoutAuthList []string) gin.HandlerFunc
- func WithPrincipal(ctx context.Context, principal ArmoryCloudPrincipal) context.Context
- type ArmoryCloudPrincipal
- type ArmoryCloudPrincipalService
- func (a *ArmoryCloudPrincipalService) ExtractAndVerifyPrincipalFromTokenBytes(token []byte) (*ArmoryCloudPrincipal, error)
- func (a *ArmoryCloudPrincipalService) ExtractAndVerifyPrincipalFromTokenString(token string) (*ArmoryCloudPrincipal, error)
- func (a *ArmoryCloudPrincipalService) VerifyPrincipalAndSetContext(tokenOrRawHeader string, c *gin.Context) error
- type Configuration
- type JWT
- type JwtFetcher
- type JwtToken
- type PrincipalType
Constants ¶
const (
ArmoryCloudPrincipalClaimNamespace = "https://cloud.armory.io/principal"
)
Variables ¶
var (
)Functions ¶
func AuthMiddleware ¶
func AuthMiddleware(ps *ArmoryCloudPrincipalService) func(handler http.Handler) http.Handler
AuthMiddleware Deprecated: this depreciated in favor of using the authn middleware bundled in the server package that returns a serr.Error
func DangerouslyWriteUnverifiedPrincipalToContext ¶ added in v1.15.0
func DangerouslyWriteUnverifiedPrincipalToContext(c context.Context, principal *ArmoryCloudPrincipal) context.Context
DangerouslyWriteUnverifiedPrincipalToContext is exposed for easily injecting stub principals into context for testing
func GinAuthMiddleware ¶
func GinAuthMiddleware(ps *ArmoryCloudPrincipalService, allowWithoutAuthList []string) gin.HandlerFunc
GinAuthMiddleware Deprecated: this depreciated in favor of using the authn middleware bundled in the server package that returns a serr.Error
func WithPrincipal ¶
func WithPrincipal(ctx context.Context, principal ArmoryCloudPrincipal) context.Context
Types ¶
type ArmoryCloudPrincipal ¶
type ArmoryCloudPrincipal struct { // PrincipalType The type of principal, user or machine Type PrincipalType `json:"type"` // Name This is the principals name For user types this is will the users email address For machine types this will be the identifier of the OIDC application that represents the machine Name string `json:"name"` // OrgId The guid for the organization the principal is a member of OrgId string `json:"orgId"` // OrgName The human-readable name of the organization OrgName string `json:"orgName"` // EnvId The guid for the environment (aka tenant) that this principal is authorized for EnvId string `json:"envId"` // ArmoryAdmin A flag to determine if the principal is an armory admin principal and can do dangerous x-org and or x-env actions. ArmoryAdmin bool `json:"armoryAdmin"` // Subject The "sub" (subject) claim identifies the principal that is the subject of the JWT. The "sub" value is a case-sensitive string containing a StringOrURI value. Subject string `json:"sub"` /// Issuer The "iss" (issuer) claim identifies the principal that issued the JWT. Issuer string `json:"iss"` // AuthorizedParty OPTIONAL. Authorized party - the party to which the ID Token was issued. If present, it MUST contain the OAuth 2.0 Client ID of this party. This Claim is only needed when the ID Token has // a single audience value and that audience is different from the authorized party. It MAY be included even when the authorized party is the same as the sole audience. The azp value is a case-sensitive string containing a StringOrURI value. AuthorizedParty string `json:"azp"` // Scopes A list of scopes that was set by the authorization server such as use:adminApi Scopes []string `json:"scopes"` // Roles List of groups that a principal belongs to Roles []string `json:"roles"` }
func ExtractPrincipalFromContext ¶
func ExtractPrincipalFromContext(ctx context.Context) (*ArmoryCloudPrincipal, error)
ExtractPrincipalFromContext can be used by any handler or downstream middleware of the ArmoryCloudPrincipalMiddleware to get the encoded principal for manual verification of scopes.
func (*ArmoryCloudPrincipal) HasScope ¶
func (p *ArmoryCloudPrincipal) HasScope(scope string) bool
func (*ArmoryCloudPrincipal) String ¶
func (p *ArmoryCloudPrincipal) String() string
func (*ArmoryCloudPrincipal) Tenant ¶
func (p *ArmoryCloudPrincipal) Tenant() string
func (*ArmoryCloudPrincipal) ToJson ¶
func (p *ArmoryCloudPrincipal) ToJson() string
func (*ArmoryCloudPrincipal) UnsafeHasScope ¶ added in v1.11.1
func (p *ArmoryCloudPrincipal) UnsafeHasScope(scope string) bool
type ArmoryCloudPrincipalService ¶
type ArmoryCloudPrincipalService struct {
JwtFetcher JwtFetcher
}
func New ¶
func New(settings Configuration) (*ArmoryCloudPrincipalService, error)
New creates an ArmoryCloudPrincipalService. It downloads JWKS from the Armory Auth Server & populates the JWK Cache for principal verification.
func (*ArmoryCloudPrincipalService) ExtractAndVerifyPrincipalFromTokenBytes ¶
func (a *ArmoryCloudPrincipalService) ExtractAndVerifyPrincipalFromTokenBytes(token []byte) (*ArmoryCloudPrincipal, error)
func (*ArmoryCloudPrincipalService) ExtractAndVerifyPrincipalFromTokenString ¶
func (a *ArmoryCloudPrincipalService) ExtractAndVerifyPrincipalFromTokenString(token string) (*ArmoryCloudPrincipal, error)
func (*ArmoryCloudPrincipalService) VerifyPrincipalAndSetContext ¶ added in v1.15.0
func (a *ArmoryCloudPrincipalService) VerifyPrincipalAndSetContext(tokenOrRawHeader string, c *gin.Context) error
type Configuration ¶ added in v1.7.1
type JwtFetcher ¶
type PrincipalType ¶
type PrincipalType string
const ( User PrincipalType = "user" Machine PrincipalType = "machine" )