Documentation ¶
Overview ¶
Code used to support authentication tokens for arbitrary purposes.
Index ¶
- Constants
- Variables
- type BadKeyError
- type BadUsernameError
- type CredentialAuthority
- type InvalidTokenKeyError
- type InvalidTokenServerError
- type InvalidTokenTypeError
- type MaxTokenExpiresError
- type Token
- func (t Token) Bytes() []byte
- func (t Token) ClientName() string
- func (t Token) ClientVersion() string
- func (t Token) KID() keybase1.KID
- func (t Token) Server() string
- func (t Token) String() string
- func (t Token) TimeRemaining() int
- func (t Token) Type() string
- func (t Token) UID() keybase1.UID
- func (t Token) Username() libkb.NormalizedUsername
- func (t Token) Version() int
- type TokenAuth
- type TokenBody
- type TokenClient
- type TokenExpiredError
- type TokenKey
- type UserKeyAPIer
Constants ¶
const ( TokenType = "auth" CurrentTokenVersion = 1 )
Variables ¶
var ErrCanceled = errors.New("canceled")
ErrCanceled is raised when an API operation is canceled midstream.
var ErrShutdown = errors.New("shutting down")
ErrShutdown is raised when an operation is pending but the CA is shutting down
Functions ¶
This section is empty.
Types ¶
type BadKeyError ¶
type BadKeyError struct {
// contains filtered or unexported fields
}
BadKeyError is raised when the given KID is not valid for the given UID.
func (BadKeyError) Error ¶
func (e BadKeyError) Error() string
type BadUsernameError ¶
type BadUsernameError struct {
// contains filtered or unexported fields
}
BadUsernameError is raised when the given username disagreeds with the expected username
func (BadUsernameError) Error ¶
func (e BadUsernameError) Error() string
type CredentialAuthority ¶
type CredentialAuthority struct {
// contains filtered or unexported fields
}
CredentialAuthority should be allocated as a singleton object. It validates UID<->Username<->ActiveKey triples for all users across a service. It keeps a cache and subscribes for updates, so you can call into it as much as you'd like without fear of spamming the network.
func NewCredentialAuthority ¶
func NewCredentialAuthority(log logger.Logger, api UserKeyAPIer) *CredentialAuthority
NewCredentialAuthority makes a new signleton CredentialAuthority an start it running. It takes as input a logger and an API for making keybase API calls
func (*CredentialAuthority) Check ¶
func (v *CredentialAuthority) Check(ctx context.Context, uid keybase1.UID, username libkb.NormalizedUsername, kid keybase1.KID) (err error)
Check is the main point of entry to this library. It takes as input a UID, a username and a kid that should refer to a current valid triple, perhaps extracted from a signed authentication statement. It returns an error if the check fails, and nil otherwise.
func (*CredentialAuthority) Shutdown ¶
func (v *CredentialAuthority) Shutdown()
Shutdown the credentialAuthority and delete all internal state.
type InvalidTokenKeyError ¶
type InvalidTokenKeyError struct {
// contains filtered or unexported fields
}
InvalidTokenKeyError is raised then the public key presented in the token does not correspond to the private key used to sign the token.
func (InvalidTokenKeyError) Error ¶
func (e InvalidTokenKeyError) Error() string
type InvalidTokenServerError ¶
type InvalidTokenServerError struct {
// contains filtered or unexported fields
}
InvalidTokenServerError is raised then the server presented in the token does not correspond to the server being asked to verify the token.
func (InvalidTokenServerError) Error ¶
func (e InvalidTokenServerError) Error() string
type InvalidTokenTypeError ¶
type InvalidTokenTypeError struct {
// contains filtered or unexported fields
}
InvalidTokenTypeError is raised when the given token is not of the expected type.
func (InvalidTokenTypeError) Error ¶
func (e InvalidTokenTypeError) Error() string
type MaxTokenExpiresError ¶
type MaxTokenExpiresError struct {
// contains filtered or unexported fields
}
MaxTokenExpiresError is raised when the given token expires too far in the future.
func (MaxTokenExpiresError) Error ¶
func (e MaxTokenExpiresError) Error() string
type Token ¶
type Token struct { Body TokenBody `json:"body"` Client TokenClient `json:"client"` CreationTime int64 `json:"ctime"` ExpireIn int `json:"expire_in"` Tag string `json:"tag"` }
func (Token) ClientName ¶
func (Token) ClientVersion ¶
func (Token) TimeRemaining ¶
func (Token) Username ¶
func (t Token) Username() libkb.NormalizedUsername
type TokenClient ¶
type TokenExpiredError ¶
type TokenExpiredError struct {
// contains filtered or unexported fields
}
TokenExpiredError is raised when the given token is expired.
func (TokenExpiredError) Error ¶
func (e TokenExpiredError) Error() string
type UserKeyAPIer ¶
type UserKeyAPIer interface { // GetUser looks up the username and KIDS active for the given user. GetUser(context.Context, keybase1.UID) (libkb.NormalizedUsername, []keybase1.KID, error) // PollForChanges returns the UIDs that have recently changed on the server // side. It will be called in a poll loop. PollForChanges(context.Context) ([]keybase1.UID, error) }
UserKeyAPIer is an interface that specifies the UserKeyAPI that will eventually be used to get information about the users from the trusted server authority.
func NewUserKeyAPIer ¶
func NewUserKeyAPIer(log logger.Logger, api libkb.API) UserKeyAPIer
NewUserKeyAPIer returns a UserKeyAPIer implementation.