trust

package
v0.0.0-...-f7bec94 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 8, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package trust implements jwt-bearer grant management capabilities

JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt. Client uses jwt to request access token to act as RO.

Index

Constants

This section is empty.

Variables

View Source
var ErrMissingRequiredParameter = &fosite.RFC6749Error{
	DescriptionField: "One of the required parameters is missing. Check your request parameters.",
	ErrorField:       "missing_required_parameter",
	CodeField:        http.StatusBadRequest,
}

Functions

func TestHelperGrantManagerCreateGetDeleteGrant

func TestHelperGrantManagerCreateGetDeleteGrant(m GrantManager) func(t *testing.T)

func TestHelperGrantManagerErrors

func TestHelperGrantManagerErrors(m GrantManager) func(t *testing.T)

Types

type Grant

type Grant struct {
	ID string `json:"id"`

	// Issuer identifies the principal that issued the JWT assertion (same as iss claim in jwt).
	Issuer string `json:"issuer"`

	// Subject identifies the principal that is the subject of the JWT.
	Subject string `json:"subject"`

	// AllowAnySubject indicates that the issuer is allowed to have any principal as the subject of the JWT.
	AllowAnySubject bool `json:"allow_any_subject"`

	// Scope contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
	Scope []string `json:"scope"`

	// PublicKeys contains information about public key issued by Issuer, that will be used to check JWT assertion signature.
	PublicKey PublicKey `json:"public_key"`

	// CreatedAt indicates, when grant was created.
	CreatedAt time.Time `json:"created_at"`

	// ExpiresAt indicates, when grant will expire, so we will reject assertion from Issuer targeting Subject.
	ExpiresAt time.Time `json:"expires_at"`
}

type GrantManager

type GrantManager interface {
	CreateGrant(ctx context.Context, g Grant, publicKey jose.JSONWebKey) error
	GetConcreteGrant(ctx context.Context, id string) (Grant, error)
	DeleteGrant(ctx context.Context, id string) error
	GetGrants(ctx context.Context, limit, offset int, optionalIssuer string) ([]Grant, error)
	CountGrants(ctx context.Context) (int, error)
	FlushInactiveGrants(ctx context.Context, notAfter time.Time, limit int, batchSize int) error
}

type GrantValidator

type GrantValidator struct {
}

func NewGrantValidator

func NewGrantValidator() *GrantValidator

func (*GrantValidator) Validate

func (v *GrantValidator) Validate(request createGrantRequest) error

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler

func NewHandler(r InternalRegistry) *Handler

func (*Handler) Create

func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

swagger:route POST /trust/grants/jwt-bearer/issuers admin trustJwtGrantIssuer

Trust an OAuth2 JWT Bearer Grant Type Issuer

Use this endpoint to establish a trust relationship for a JWT issuer to perform JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523).

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  201: trustedJwtGrantIssuer
  400: genericError
  409: genericError
  500: genericError

func (*Handler) Delete

func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /trust/grants/jwt-bearer/issuers/{id} admin deleteTrustedJwtGrantIssuer

Delete a Trusted OAuth2 JWT Bearer Grant Type Issuer

Use this endpoint to delete trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship.

Once deleted, the associated issuer will no longer be able to perform the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grant.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  204: emptyResponse
  404: genericError
  500: genericError

func (*Handler) Get

swagger:route GET /trust/grants/jwt-bearer/issuers/{id} admin getTrustedJwtGrantIssuer

Get a Trusted OAuth2 JWT Bearer Grant Type Issuer

Use this endpoint to get a trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship. /

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: trustedJwtGrantIssuer
  404: genericError
  500: genericError

func (*Handler) List

swagger:route GET /trust/grants/jwt-bearer/issuers admin listTrustedJwtGrantIssuers

List Trusted OAuth2 JWT Bearer Grant Type Issuers

Use this endpoint to list all trusted JWT Bearer Grant Type Issuers.

Consumes:
- application/json

Produces:
- application/json

Schemes: http, https

Responses:
  200: trustedJwtGrantIssuers
  500: genericError

func (*Handler) SetRoutes

func (h *Handler) SetRoutes(admin *x.RouterAdmin)

type InternalRegistry

type InternalRegistry interface {
	x.RegistryWriter
	x.RegistryLogger
	Registry
}

type PublicKey

type PublicKey struct {
	// Set is basically a name for a group(set) of keys. Will be the same as Issuer in grant.
	Set string `json:"set"`

	// KeyID is key unique identifier (same as kid header in jws/jwt).
	KeyID string `json:"kid"`
}

type Registry

type Registry interface {
	GrantManager() GrantManager
	GrantValidator() *GrantValidator
}

type SQLData

type SQLData struct {
	ID              string    `db:"id"`
	Issuer          string    `db:"issuer"`
	Subject         string    `db:"subject"`
	AllowAnySubject bool      `db:"allow_any_subject"`
	Scope           string    `db:"scope"`
	KeySet          string    `db:"key_set"`
	KeyID           string    `db:"key_id"`
	CreatedAt       time.Time `db:"created_at"`
	ExpiresAt       time.Time `db:"expires_at"`
}

func (SQLData) TableName

func (SQLData) TableName() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL