Documentation
¶
Index ¶
Constants ¶
const ( // RobotAccountProviderKey is the key for robot account token provider RobotAccountProviderKey = "robotAccountProvider" // APITokenProviderKey is the key for api token provider APITokenProviderKey = "apiTokenProvider" // FederatedProviderKey is the key for federated token provider FederatedProviderKey = "federatedProvider" )
Variables ¶
var ( ErrMissingJwtToken = errorsAPI.Unauthorized(reason, "JWT token is missing") ErrMissingKeyFunc = errorsAPI.Unauthorized(reason, "keyFunc is missing") ErrMissingVerifyAudienceFunc = errorsAPI.Unauthorized(reason, "verifyAudienceFunc is missing") ErrTokenInvalid = errorsAPI.Unauthorized(reason, "Token is invalid") ErrTokenExpired = errorsAPI.Unauthorized(reason, "JWT token has expired") ErrTokenParseFail = errorsAPI.Unauthorized(reason, "Fail to parse JWT token ") ErrUnSupportSigningMethod = errorsAPI.Unauthorized(reason, "Wrong signing method") ErrWrongContext = errorsAPI.Unauthorized(reason, "Wrong context for middleware") )
Functions ¶
func WithJWTMulti ¶
func WithJWTMulti(l log.Logger, opts ...JWTOption) middleware.Middleware
WithJWTMulti creates a custom JWT middleware that configured with different token providers tries to run all validations from an incoming token. If one of the providers matches the expected audience it gets parsed and sent down to the next middleware. If none matches an error is returned
Types ¶
type JWTAuthContext ¶
func FromJWTAuthContext ¶
func FromJWTAuthContext(ctx context.Context) (authContext JWTAuthContext, ok bool)
FromJWTAuthContext extract JWTAuthContext from context
type JWTOption ¶
type JWTOption func(*options)
func NewAPITokenProvider ¶
NewAPITokenProvider return the configuration to validate and verify token issued for API Tokens
func NewRobotAccountProvider ¶
NewRobotAccountProvider return the configuration to validate and verify token issued for Robot Accounts
func WithFederatedProvider ¶ added in v0.165.0
func WithFederatedProvider(conf *conf.FederatedAuthentication) JWTOption
WithFederatedProvider adds support to ask a third party service to verify the token verify URL must be an API that receives a json encoded body with the following structure:
{
"token": "<jwt token>",
"org_name": "<organization name>"
}
and returns a json with the following structure:
{
"issuerUrl": "<issuer url>",
"repository": "<repository>",
"orgId": "<organization id>",
"orgName": "<organization name>",
}
type TokenProviderOption ¶
type TokenProviderOption func(*providerOption)
func WithClaims ¶
func WithClaims(f func() jwt.Claims) TokenProviderOption
func WithKeyFunc ¶
func WithKeyFunc(keyFunc jwt.Keyfunc) TokenProviderOption
func WithSigningMethod ¶
func WithSigningMethod(method jwt.SigningMethod) TokenProviderOption
func WithVerifyAudienceFunc ¶
func WithVerifyAudienceFunc(f VerifyAudienceFunc) TokenProviderOption
type VerifyAudienceFunc ¶
type VerifyAudienceFunc func(*jwt.Token) bool
Source Files