Documentation ¶
Index ¶
- func NewJwtTokenStoreReader(opts ...JTSROptions) *jwtTokenStoreReader
- func ResolveClientUserTenants(ctx context.Context, a security.Account, c oauth2.OAuth2Client) (defaultTenantId string, assignedTenants []string, err error)
- type ContextDetailsFactory
- type FactoryOption
- type FactoryOptions
- type JTSROption
- type JTSROptions
- type RedisContextDetailsStore
- func (r *RedisContextDetailsStore) ContextDetailsExists(c context.Context, key interface{}) bool
- func (r *RedisContextDetailsStore) FindSessionId(ctx context.Context, token oauth2.Token) (string, error)
- func (r *RedisContextDetailsStore) ReadContextDetails(c context.Context, key interface{}) (security.ContextDetails, error)
- func (r *RedisContextDetailsStore) ReadStoredAuthorization(c context.Context, token oauth2.RefreshToken) (oauth2.Authentication, error)
- func (r *RedisContextDetailsStore) RegisterAccessToken(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) error
- func (r *RedisContextDetailsStore) RegisterRefreshToken(c context.Context, token oauth2.RefreshToken, oauth oauth2.Authentication) error
- func (r *RedisContextDetailsStore) RemoveContextDetails(c context.Context, key interface{}) error
- func (r *RedisContextDetailsStore) RevokeAccessToken(ctx context.Context, token oauth2.AccessToken) error
- func (r *RedisContextDetailsStore) RevokeAllAccessTokens(ctx context.Context, token oauth2.RefreshToken) error
- func (r *RedisContextDetailsStore) RevokeClientAccess(ctx context.Context, clientId string, revokeRefreshToken bool) error
- func (r *RedisContextDetailsStore) RevokeRefreshToken(ctx context.Context, token oauth2.RefreshToken) error
- func (r *RedisContextDetailsStore) RevokeSessionAccess(ctx context.Context, sessionId string, revokeRefreshToken bool) error
- func (r *RedisContextDetailsStore) RevokeUserAccess(ctx context.Context, username string, revokeRefreshToken bool) error
- func (r *RedisContextDetailsStore) SaveContextDetails(c context.Context, key interface{}, details security.ContextDetails) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewJwtTokenStoreReader ¶
func NewJwtTokenStoreReader(opts ...JTSROptions) *jwtTokenStoreReader
func ResolveClientUserTenants ¶
func ResolveClientUserTenants(ctx context.Context, a security.Account, c oauth2.OAuth2Client) (defaultTenantId string, assignedTenants []string, err error)
ResolveClientUserTenants will take the client's assigned tenants and the user's assigned tenants, and use them to compute the tenants this security context has access to as a result. For example, if a client is assigned to tenant-1, it means anyone using this client has access to tenant-1. If a user who has access to tenant-1 and tenant-2 is authenticated using this client. Then the resulting security context should indicate that the user has only access to tenant-1. As a result, the user's default tenant may or may not still be valid, so this method also returns that.
Types ¶
type ContextDetailsFactory ¶
type ContextDetailsFactory struct { }
func NewContextDetailsFactory ¶
func NewContextDetailsFactory(opts ...FactoryOptions) *ContextDetailsFactory
func (*ContextDetailsFactory) New ¶
func (f *ContextDetailsFactory) New(ctx context.Context, request oauth2.OAuth2Request) (security.ContextDetails, error)
type FactoryOption ¶
type FactoryOption struct { }
type FactoryOptions ¶
type FactoryOptions func(option *FactoryOption)
type JTSROption ¶
type JTSROption struct { DetailsStore security.ContextDetailsStore Decoder jwt.JwtDecoder }
type JTSROptions ¶
type JTSROptions func(opt *JTSROption)
type RedisContextDetailsStore ¶
type RedisContextDetailsStore struct {
// contains filtered or unexported fields
}
RedisContextDetailsStore implements security.ContextDetailsStore and auth.AuthorizationRegistry
func NewRedisContextDetailsStore ¶
func NewRedisContextDetailsStore(ctx context.Context, cf redis.ClientFactory, timeoutApplier oauth2.TimeoutApplier) *RedisContextDetailsStore
func (*RedisContextDetailsStore) ContextDetailsExists ¶
func (r *RedisContextDetailsStore) ContextDetailsExists(c context.Context, key interface{}) bool
func (*RedisContextDetailsStore) FindSessionId ¶
func (*RedisContextDetailsStore) ReadContextDetails ¶
func (r *RedisContextDetailsStore) ReadContextDetails(c context.Context, key interface{}) (security.ContextDetails, error)
func (*RedisContextDetailsStore) ReadStoredAuthorization ¶
func (r *RedisContextDetailsStore) ReadStoredAuthorization(c context.Context, token oauth2.RefreshToken) (oauth2.Authentication, error)
func (*RedisContextDetailsStore) RegisterAccessToken ¶
func (r *RedisContextDetailsStore) RegisterAccessToken(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) error
RegisterAccessToken save relationships :
- AccessToken <- User & Client "AUC"
- AccessToken -> SessionId "AS"
- RefreshToken <-> AccessToken "AR"
func (*RedisContextDetailsStore) RegisterRefreshToken ¶
func (r *RedisContextDetailsStore) RegisterRefreshToken(c context.Context, token oauth2.RefreshToken, oauth oauth2.Authentication) error
RegisterRefreshToken save relationships :
- RefreshToken -> Authentication "ART"
- RefreshToken <- User & Client "RUC"
- RefreshToken -> SessionId "RS"
func (*RedisContextDetailsStore) RemoveContextDetails ¶
func (r *RedisContextDetailsStore) RemoveContextDetails(c context.Context, key interface{}) error
func (*RedisContextDetailsStore) RevokeAccessToken ¶
func (r *RedisContextDetailsStore) RevokeAccessToken(ctx context.Context, token oauth2.AccessToken) error
RevokeAccessToken remove redis records:
- AccessToken -> ContextDetails "AAT"
- AccessToken <- User & Client "AUC"
- AccessToken -> SessionId "AS"
- AccessToken <-> RefreshToken "AR"
func (*RedisContextDetailsStore) RevokeAllAccessTokens ¶
func (r *RedisContextDetailsStore) RevokeAllAccessTokens(ctx context.Context, token oauth2.RefreshToken) error
RevokeAllAccessTokens remove all access tokens associated with given refresh token, with help of AccessToken <-> RefreshToken "AR" records
func (*RedisContextDetailsStore) RevokeClientAccess ¶
func (r *RedisContextDetailsStore) RevokeClientAccess(ctx context.Context, clientId string, revokeRefreshToken bool) error
RevokeClientAccess remove all access/refresh tokens issued to the given client, with help of AccessToken <- User & Client "AUC" & RefreshToken <- User & Client "RUC" records
func (*RedisContextDetailsStore) RevokeRefreshToken ¶
func (r *RedisContextDetailsStore) RevokeRefreshToken(ctx context.Context, token oauth2.RefreshToken) error
RevokeRefreshToken remove redis records:
- RefreshToken -> Authentication "ART"
- RefreshToken <- User & Client "RUC"
- RefreshToken -> SessionId "RS"
- All Access Tokens (Each implicitly remove AccessToken <-> RefreshToken "AR")
func (*RedisContextDetailsStore) RevokeSessionAccess ¶
func (r *RedisContextDetailsStore) RevokeSessionAccess(ctx context.Context, sessionId string, revokeRefreshToken bool) error
RevokeSessionAccess remove all access/refresh tokens issued under given session, with help of AccessToken <- SessionId "RS" & RefreshToken <- SessionId "RS"
func (*RedisContextDetailsStore) RevokeUserAccess ¶
func (r *RedisContextDetailsStore) RevokeUserAccess(ctx context.Context, username string, revokeRefreshToken bool) error
RevokeUserAccess remove all access/refresh tokens issued to the given user, with help of AccessToken <- User & Client "AUC" & RefreshToken <- User & Client "RUC" records
func (*RedisContextDetailsStore) SaveContextDetails ¶
func (r *RedisContextDetailsStore) SaveContextDetails(c context.Context, key interface{}, details security.ContextDetails) error