basicjwt

package

v0.0.0-...-d389ac1 Latest Latest Go to latest Published: Sep 12, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/choria-io/aaasvc

Links

Open Source Insights

Documentation ¶

Overview ¶

Package basicjwt is a signer that parse a JWT token and approves requests based on the claims within it.

There should be 2 non standard claims in the JWT token:

"callerid" - a string that will be set as the caller id of signed requests in the form of foo=bar

"agents" - a slice of strings for which actions to allow, used by the authorizers like actionlist

The agents claim is not required for basic token handling and authorizers other than actionlist might need other claims, see the docs for the authorizers you wish to use

Index ¶

type BasicJWT
- func New(fw inter.Framework, c *SignerConfig, site string) (*BasicJWT, error)
type SignerConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BasicJWT ¶

type BasicJWT struct {
	// contains filtered or unexported fields
}

BasicJWT is a very basic JWT based signer

func New ¶

func New(fw inter.Framework, c *SignerConfig, site string) (*BasicJWT, error)

New creates a new instance of the BasicJWT signer

func (*BasicJWT) SetAuditors ¶

func (s *BasicJWT) SetAuditors(as ...auditors.Auditor)

SetAuditors adds auditors to be called when dealing with signing requests

func (*BasicJWT) SetAuthorizer ¶

func (s *BasicJWT) SetAuthorizer(a authorizers.Authorizer)

SetAuthorizer configures the authorizer to use

func (*BasicJWT) Sign ¶

func (s *BasicJWT) Sign(req *models.SignRequest) (sr *models.SignResponse)

Sign creates a new secure request from the given request after authz

- The token is validated for time etc - The request is parsed into a choria protocol.Request - If the request matches the claims in the JWT caller is set to jc=<user> - A protocol.SecureRequest is made and returned

func (*BasicJWT) SignRequest ¶

func (s *BasicJWT) SignRequest(req []byte, token string, signature string) (bool, []byte, error)

SignRequest signs req based on token using same rules as Sign()

type SignerConfig ¶

type SignerConfig struct {
	// SigningPubKey is the public certificate of the key used to sign the user JWT - typically the authenticator
	SigningPubKey string `json:"signing_certificate"`

	// SigningToken is the JWT used for signing requests, should have delegate authority
	SigningToken string `json:"signing_token"`

	// SigningSeed is used with SigningToken to sign secure requests
	SigningSeed string `json:"signing_seed"`

	// MaxValidity is the maximum token validity from current time to sign, this is to avoid someone issuing infinite or many year long tokens that can be a real problem should they leak
	MaxValidity string `json:"max_validity"`

	// ChoriaService enables the choria service to sign requests
	ChoriaService bool `json:"choria_service"`

	// AllowBearerTokens makes the signature of the request optional
	AllowBearerTokens bool `json:"allow_bearer_tokens"`
}

SignerConfig is configuration for the BasicJWT signer type

Source Files ¶

View all Source files

basicjwt.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL