zalando

package

v1.5.2 Latest Latest Go to latest Published: Jan 24, 2019 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/blackironj/gin-oauth2

Links

Open Source Insights

Documentation ¶

Overview ¶

Package zalando contains Zalando specific definitions for authorization.

Index ¶

Variables
func GroupCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
func NoAuthorization() func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
func RequestTeamInfo(tc *ginoauth2.TokenContainer, uri string) ([]byte, error)
func ScopeAndCheck(name string, scopes ...string) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
func ScopeCheck(name string, scopes ...string) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
func UidCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
type AccessTuple
type TeamInfo

Constants ¶

This section is empty.

Variables ¶

View Source

var AccessTuples []AccessTuple

AccessTuples has to be set by the client to grant access.

View Source

var OAuth2Endpoint = oauth2.Endpoint{
	AuthURL:  "https://identity.zalando.com/oauth2/token",
	TokenURL: "https://info.services.auth.zalando.com/oauth2/tokeninfo",
}

OAuth2Endpoint is similar to the definitions in golang.org/x/oauth2

View Source

var TeamAPI string = "https://teams.auth.zalando.com/api/teams"

TeamAPI is a custom API

Functions ¶

func GroupCheck ¶

func GroupCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

GroupCheck is an authorization function that checks, if the Token was issued for an employee of a specified team. The given TokenContainer must be valid. As side effect it sets "uid" and "team" in the gin.Context to the "official" team.

func NoAuthorization ¶

func NoAuthorization() func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

NoAuthorization sets "team" and "uid" in the context without checking if the user/team is authorized.

func RequestTeamInfo ¶

func RequestTeamInfo(tc *ginoauth2.TokenContainer, uri string) ([]byte, error)

RequestTeamInfo is a function that returns team information for a given token.

func ScopeAndCheck ¶

func ScopeAndCheck(name string, scopes ...string) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

ScopeAndCheck does an AND check of scopes given from token of the request to all provided scopes. Only if all of provided scopes are found in the Scopes of the token it grants access to the resource.

func ScopeCheck ¶

func ScopeCheck(name string, scopes ...string) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

ScopeCheck does an OR check of scopes given from token of the request to all provided scopes. If one of provided scopes is in the Scopes of the token it grants access to the resource.

func UidCheck ¶

func UidCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool

UidCheck is an authorization function that checks UID scope TokenContainer must be Valid. As side effect it sets "uid" and "cn" in the gin.Context to the authorized uid and cn (Realname).

Types ¶

type AccessTuple ¶

type AccessTuple struct {
	Realm string `yaml:"realm,omitempty"` // p.e. "employees", "services"
	Uid   string `yaml:"uid,omitempty"`   // UnixName
	Cn    string `yaml:"cn,omitempty"`    // RealName
}

AccessTuple is the type defined for use in AccessTuples.

type TeamInfo ¶

type TeamInfo struct {
	Id      string
	Id_name string
	Team_id string
	Type    string
	Name    string
	Mail    []string
}

TeamInfo is defined like in TeamAPI json.

Source Files ¶

View all Source files

zalando.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL