Documentation
¶
Index ¶
- Variables
- func AuthClaimsToJwtClaims(raw AuthClaims) jwt.Claims
- func ContextWithAuthClaims(parent context.Context, claims *AuthClaims) context.Context
- func ContextWithAuthUser(parent context.Context, user SecurityUser) context.Context
- type AuthClaims
- type AuthErrorCode
- type Authenticator
- type Option
- type Options
- type ScopeSet
- type SecurityUser
- type SecurityUserCreator
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidInitJwt = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidInitJwt), "invalid init jwt") ErrInvalidSubject = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidSubject), "invalid subject") ErrInvalidAudience = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidAudience), "invalid audience") ErrInvalidIssuer = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidIssuer), "invalid issuer") ErrInvalidClaims = status.Error(codes.Code(AuthErrorCodeInvalidClaims), "invalid claims") ErrInvalidToken = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidBearerToken), "invalid bearer token") ErrInvalidParseContextFunc = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidParseContextFunc), "invalid parse token function undefined") ErrMissingBearerToken = status.Error(codes.Code(AuthErrorCodeBearerTokenMissing), "missing bearer token") ErrUnauthenticated = status.Error(codes.Code(AuthErrorCodeUnauthenticated), "unauthenticated") ErrTokenExpired = status.Error(codes.Code(AuthErrorCodeTokenExpired), "token expired") ErrUnsupportedSigningMethod = status.Error(codes.Code(AuthErrorCodeUnsupportedSigningMethod), "unsupported signing method") ErrMissingKeyFunc = status.Error(codes.Code(AuthErrorCodeMissingKeyFunc), "missing keyFunc") ErrSignTokenFailed = status.Error(codes.Code(AuthErrorCodeSignTokenFailed), "sign token failed") ErrGetKeyFailed = status.Error(codes.Code(AuthErrorCodeGetKeyFailed), "get key failed") ErrNoAtHash = status.Error(codes.Code(AuthCodeNoAtHash), "id token did not have an access token hash") ErrInvalidAtHash = status.Error(codes.Code(AuthCodeInvalidAtHash), "access token hash does not match value in ID token") )
Functions ¶
func AuthClaimsToJwtClaims ¶
func AuthClaimsToJwtClaims(raw AuthClaims) jwt.Claims
func ContextWithAuthClaims ¶
func ContextWithAuthClaims(parent context.Context, claims *AuthClaims) context.Context
ContextWithAuthClaims injects the provided AuthClaims into the parent context.
func ContextWithAuthUser ¶
func ContextWithAuthUser(parent context.Context, user SecurityUser) context.Context
ContextWithAuthClaims injects the provided AuthClaims into the parent context.
Types ¶
type AuthClaims ¶
type AuthClaims struct {
Subject string
// Scopes see: https://datatracker.ietf.org/doc/html/rfc6749#section-3.3
Scopes ScopeSet
}
AuthClaims contains claims that are included in OIDC standard claims. See https://openid.net/specs/openid-connect-core-1_0.html#IDToken
func AuthClaimsFromContext ¶
func AuthClaimsFromContext(ctx context.Context) (*AuthClaims, bool)
AuthClaimsFromContext extracts the AuthClaims from the provided ctx (if any).
func JwtClaimsToAuthClaims ¶
func JwtClaimsToAuthClaims(rawClaims jwt.Claims) (*AuthClaims, error)
func MapClaimsToAuthClaims ¶
func MapClaimsToAuthClaims(rawClaims jwt.MapClaims) (*AuthClaims, error)
type AuthErrorCode ¶
type AuthErrorCode int32
const ( AuthErrorCodeAuthFailedInvalidInitJwt AuthErrorCode = 1000 AuthErrorCodeAuthFailedInvalidSubject AuthErrorCode = 1001 AuthErrorCodeAuthFailedInvalidAudience AuthErrorCode = 1002 AuthErrorCodeAuthFailedInvalidIssuer AuthErrorCode = 1003 AuthErrorCodeInvalidClaims AuthErrorCode = 1004 AuthErrorCodeAuthFailedInvalidBearerToken AuthErrorCode = 1005 AuthErrorCodeAuthFailedInvalidParseContextFunc AuthErrorCode = 1006 AuthErrorCodeUnauthenticated AuthErrorCode = 1500 AuthErrorCodeBearerTokenMissing AuthErrorCode = 1010 AuthErrorCodeTokenExpired AuthErrorCode = 1011 AuthErrorCodeUnsupportedSigningMethod AuthErrorCode = 1012 AuthErrorCodeMissingKeyFunc AuthErrorCode = 1014 AuthErrorCodeSignTokenFailed AuthErrorCode = 1015 AuthErrorCodeGetKeyFailed AuthErrorCode = 1016 AuthCodeNoAtHash AuthErrorCode = 1050 AuthCodeInvalidAtHash AuthErrorCode = 1051 )
type Authenticator ¶
type Authenticator interface {
// Authenticate returns a nil error and the AuthClaims info (if available).
// if the subject is authenticated or a non-nil error with an appropriate error cause otherwise.
Authenticate(ctx context.Context) (*AuthClaims, error)
// CreateIdentity inject user claims into context.
CreateIdentity(ctx context.Context, claims AuthClaims) (string, error)
}
type Option ¶
type Option func(*Options)
func WithAuthClaims ¶
func WithAuthClaims(auth AuthClaims) Option
type SecurityUser ¶
type SecurityUser interface {
// ParseFromContext parses the user from the context.
ParseFromContext(ctx context.Context) error
// GetSubject returns the subject of the token.
GetSubject() string
// GetObject returns the object of the token.
GetObject() string
// GetAction returns the action of the token.
GetAction() string
// GetDomain returns the domain of the token.
GetDomain() string
// GetUser returns the user of the token.
GetUser() string
}
func AuthUserFromContext ¶
func AuthUserFromContext(ctx context.Context) (SecurityUser, bool)
AuthUserFromContext extracts the AuthUser from the provided ctx (if any).
type SecurityUserCreator ¶
type SecurityUserCreator func(*AuthClaims) SecurityUser
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.