auth

package

v0.0.0-...-8bebc79 Latest Latest Go to latest Published: Sep 21, 2016 License: MIT Imports: 25 Imported by: 6

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/buckhx/safari-zone

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AccessCredentials(token string) credentials.PerRPCCredentials
func AuthenticateContext(ctx context.Context, key, secret string) context.Context
func AuthorizeContext(ctx context.Context, token string) context.Context
func BasicCredentials(key, secret string) credentials.PerRPCCredentials
func GenES256Key() (pem []byte, err error)
func GetBasicCredentials(ctx context.Context) (key, secret string, err error)
func LoadECPrivateKey(pem []byte) (*ecdsa.PrivateKey, error)
func MarshalJwkJSON(kid, alg string, key interface{}) ([]byte, error)
func PublicCredentials() credentials.PerRPCCredentials
type Authorizer
- func NewAuthorizer(opts Opts) (*Authorizer, error)
- func (a *Authorizer) Context(ctx context.Context) (context.Context, error)
- func (a *Authorizer) HandleStream(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, ...) error
- func (a *Authorizer) HandleUnary(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, ...) (interface{}, error)
- func (a *Authorizer) Verify(tok string) (*jwt.Token, error)
type Claims
- func ClaimsFromContext(ctx context.Context) (Claims, bool)
- func ClaimsFromToken(token string) (c Claims, ok bool)
- func (c Claims) HasRole(roles ...string) bool
- func (c Claims) HasScope(scp ...string) bool
- func (c Claims) HasSubScope(sub string, scp ...string) bool
type Mint
- func NewEC256Mint(owner string, pem []byte) (m *Mint, err error)
- func (m *Mint) IssueToken(sub string, dur time.Duration, scope ...string) (string, error)
- func (m *Mint) MarshalPublicJwk() ([]byte, error)
type Opts

Constants ¶

View Source

const (
	AUTH_HEADER   = "authorization"
	BEARER_PREFIX = "Bearer "
	BASIC_PREFIX  = "Basic "
)

Variables ¶

This section is empty.

Functions ¶

func AccessCredentials ¶

func AccessCredentials(token string) credentials.PerRPCCredentials

AccessCredentials generates grpc credentials based on the access token string

func AuthenticateContext ¶

func AuthenticateContext(ctx context.Context, key, secret string) context.Context

func AuthorizeContext ¶

func AuthorizeContext(ctx context.Context, token string) context.Context

func BasicCredentials ¶

func BasicCredentials(key, secret string) credentials.PerRPCCredentials

AccessCredentials generates grpc credentials based on the access token string

func GenES256Key ¶

func GenES256Key() (pem []byte, err error)

func GetBasicCredentials ¶

func GetBasicCredentials(ctx context.Context) (key, secret string, err error)

func LoadECPrivateKey ¶

func LoadECPrivateKey(pem []byte) (*ecdsa.PrivateKey, error)

func MarshalJwkJSON ¶

func MarshalJwkJSON(kid, alg string, key interface{}) ([]byte, error)

func PublicCredentials ¶

func PublicCredentials() credentials.PerRPCCredentials

EmptyCredentials generates grpc credentials that can be used to call unsecured methods such as authentication

Types ¶

type Authorizer ¶

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer verifies authorization for a RPC calls by intercepting request metadata

func NewAuthorizer ¶

func NewAuthorizer(opts Opts) (*Authorizer, error)

func (*Authorizer) Context ¶

func (a *Authorizer) Context(ctx context.Context) (context.Context, error)

Context validates the context's authorization params and populates claims if there is no error TODO rename to validate and rm returned ctx

func (*Authorizer) HandleStream ¶

func (a *Authorizer) HandleStream(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

func (*Authorizer) HandleUnary ¶

func (a *Authorizer) HandleUnary(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)

func (*Authorizer) Verify ¶

func (a *Authorizer) Verify(tok string) (*jwt.Token, error)

Verify checks a token string and returns a jwt.Token if valid

type Claims ¶

type Claims struct {
	jwt.StandardClaims
	Scope []string `json:"scope,omitempty"`
}

func ClaimsFromContext ¶

func ClaimsFromContext(ctx context.Context) (Claims, bool)

func ClaimsFromToken ¶

func ClaimsFromToken(token string) (c Claims, ok bool)

ClaimsFromToken reads the claims from a token string. It DOES NOT verify the signature

func (Claims) HasRole ¶

func (c Claims) HasRole(roles ...string) bool

HasRole checks if any of these roles are in the claims

func (Claims) HasScope ¶

func (c Claims) HasScope(scp ...string) bool

HasScope checks that every scope is covered

func (Claims) HasSubScope ¶

func (c Claims) HasSubScope(sub string, scp ...string) bool

HasSubScope checks if the scope is in these claims OR if the subject is matchec

type Mint ¶

type Mint struct {
	// contains filtered or unexported fields
}

TODO mint interface

func NewEC256Mint ¶

func NewEC256Mint(owner string, pem []byte) (m *Mint, err error)

NewEC creates a new mint w/ a ES256 private key from a .pem file at the given path

func (*Mint) IssueToken ¶

func (m *Mint) IssueToken(sub string, dur time.Duration, scope ...string) (string, error)

func (*Mint) MarshalPublicJwk ¶

func (m *Mint) MarshalPublicJwk() ([]byte, error)

type Opts ¶

type Opts struct {
	// UnsecuredMethods are grpc method strings that skip authorization
	UnsecuredMethods []string
	// CertURI is the uri for the publc JWK that verifies access tokens
	Cert string
}

AuthOpts configures a Authorizer

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL