Documentation
¶
Index ¶
- Variables
- func AuthorizeGRPC(ctx context.Context) error
- func AuthorizeHTTP(request *http.Request) error
- func GetBearerClaims(authorizationHeader []string, claims jwt.Claims) (jwt.Claims, error)
- func GetBearerMapClaims(authorizationHeader []string) (jwt.MapClaims, error)
- func GetMapClaimsGRPC(ctx context.Context) (jwt.MapClaims, error)
- func GetMapClaimsHTTP(request *http.Request) (jwt.MapClaims, error)
- func SetupOAuth(config sections.OAuthConfigurator) ([]grpc.ServerOption, error)
- func SetupOTP(config sections.OAuthConfigurator) ([]grpc.ServerOption, error)
- type ScopeClaims
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingMetadata = status.Errorf(codes.InvalidArgument, "No metadata provided") ErrMissingAuthorization = status.Errorf(codes.Unauthenticated, "No authorization data or header provided") ErrMissingToken = status.Errorf(codes.Unauthenticated, "No authorization token provided") ErrMissingBearer = status.Errorf(codes.Unauthenticated, "No bearer token provided within authorization token") ErrInvalidToken = status.Errorf(codes.Unauthenticated, "Invalid token") ErrInvalidClaims = status.Errorf(codes.Unauthenticated, "Invalid claims") ErrInvalidMapClaims = fmt.Errorf("unable to map claims") )
Errors
Functions ¶
func AuthorizeHTTP ¶
AuthorizeHTTP performs HTTP auth
func GetBearerClaims ¶
GetBearerClaims fetches authorization claims from a request's authorization header NB: `claims` is used as an output value Provided `claims` is filled with values from the token. Thus, `claims` jwt.Claims should be writable-by-value type, such as a pointer to a struct, such as Ex.: &ScopeClaims{} or it can be a map, Ex.: jwt.MapClaims{} because, `claims` is filled with data, fetched from context
func GetBearerMapClaims ¶
GetBearerMapClaims get map claims from 'Bearer XXX' token
func GetMapClaimsGRPC ¶
GetMapClaimsGRPC ensures a valid token exists within a request's metadata and authorizes the token received from Metadata
func GetMapClaimsHTTP ¶
GetMapClaimsHTTP ensures a valid token exists within a request's metadata and authorizes the token received from Metadata
func SetupOAuth ¶
func SetupOAuth(config sections.OAuthConfigurator) ([]grpc.ServerOption, error)
SetupOAuth prepares gRPC server options with OAuth from config
func SetupOTP ¶
func SetupOTP(config sections.OAuthConfigurator) ([]grpc.ServerOption, error)
SetupOTP prepares gRPC server options for OTP auth
Types ¶
type ScopeClaims ¶
type ScopeClaims struct {
jwt.StandardClaims
// Scope is a synonym to permission(s). Set of space-separated items.
Scope string `json:"scope"`
}
ScopeClaims define scope token. It is an Access Token, which provides scope (set of permissions) which this token (claim) provides. Scope is a synonym to permission(s), both terms are usable. Token example 1:
{
aud: "https://atlas-aud",
exp: 1630351936,
iat: 1630265536,
iss: "https://<tenant>.auth0.com/",
azp: "auth0 ClientID of the application",
gty: "client-credentials"
sub: "sub@clients",
scope: "permission-scope-read",
}
Token example 2:
{
iss: "https://<tenant>.auth0.com/",
sub: "auth0|user id goes here 3e65",
aud: [
"audience",
"https://auth0.com/userinfo"
],
iat: 1637762859,
exp: 1637849259,
azp: "auth0 ClientID of the application",
scope: "openid profile email"
}
Where:
aud: Audience exp: Expires At jti: Id iat: Issued At iss: Issuer nbf: Not Before sub: Subject azp: Authorized Parties (OIDC claims)
func (ScopeClaims) Valid ¶
func (c ScopeClaims) Valid() error
Valid checks whether claims are valid.
Source Files