common

package

v0.14.0 Latest Latest Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cisco-open/go-lanai

Links

Open Source Insights

Documentation ¶

Index ¶

func NewJwtTokenStoreReader(opts ...JTSROptions) *jwtTokenStoreReader
func ResolveClientUserTenants(ctx context.Context, a security.Account, c oauth2.OAuth2Client) (defaultTenantId string, assignedTenants []string, err error)
type ContextDetailsFactory
- func NewContextDetailsFactory(opts ...FactoryOptions) *ContextDetailsFactory
- func (f *ContextDetailsFactory) New(ctx context.Context, request oauth2.OAuth2Request) (security.ContextDetails, error)
type FactoryOption
type FactoryOptions
type JTSROption
type JTSROptions
type RedisContextDetailsStore
- func NewRedisContextDetailsStore(ctx context.Context, cf redis.ClientFactory, ...) *RedisContextDetailsStore

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewJwtTokenStoreReader ¶

func NewJwtTokenStoreReader(opts ...JTSROptions) *jwtTokenStoreReader

func ResolveClientUserTenants ¶

func ResolveClientUserTenants(ctx context.Context, a security.Account, c oauth2.OAuth2Client) (defaultTenantId string, assignedTenants []string, err error)

ResolveClientUserTenants will take the client's assigned tenants and the user's assigned tenants, and use them to compute the tenants this security context has access to as a result. For example, if a client is assigned to tenant-1, it means anyone using this client has access to tenant-1. If a user who has access to tenant-1 and tenant-2 is authenticated using this client. Then the resulting security context should indicate that the user has only access to tenant-1. As a result, the user's default tenant may or may not still be valid, so this method also returns that.

Types ¶

type ContextDetailsFactory ¶

type ContextDetailsFactory struct {
}

func NewContextDetailsFactory ¶

func NewContextDetailsFactory(opts ...FactoryOptions) *ContextDetailsFactory

func (*ContextDetailsFactory) New ¶

func (f *ContextDetailsFactory) New(ctx context.Context, request oauth2.OAuth2Request) (security.ContextDetails, error)

type FactoryOption ¶

type FactoryOption struct {
}

type FactoryOptions ¶

type FactoryOptions func(option *FactoryOption)

type JTSROption ¶

type JTSROption struct {
	DetailsStore security.ContextDetailsStore
	Decoder      jwt.JwtDecoder
}

type JTSROptions ¶

type JTSROptions func(opt *JTSROption)

type RedisContextDetailsStore ¶

type RedisContextDetailsStore struct {
	// contains filtered or unexported fields
}

RedisContextDetailsStore implements security.ContextDetailsStore and auth.AuthorizationRegistry

func NewRedisContextDetailsStore ¶

func NewRedisContextDetailsStore(ctx context.Context, cf redis.ClientFactory, timeoutApplier oauth2.TimeoutApplier) *RedisContextDetailsStore

func (*RedisContextDetailsStore) ContextDetailsExists ¶

func (r *RedisContextDetailsStore) ContextDetailsExists(c context.Context, key interface{}) bool

func (*RedisContextDetailsStore) FindSessionId ¶

func (r *RedisContextDetailsStore) FindSessionId(ctx context.Context, token oauth2.Token) (string, error)

func (*RedisContextDetailsStore) ReadContextDetails ¶

func (r *RedisContextDetailsStore) ReadContextDetails(c context.Context, key interface{}) (security.ContextDetails, error)

func (*RedisContextDetailsStore) ReadStoredAuthorization ¶

func (r *RedisContextDetailsStore) ReadStoredAuthorization(c context.Context, token oauth2.RefreshToken) (oauth2.Authentication, error)

func (*RedisContextDetailsStore) RegisterAccessToken ¶

func (r *RedisContextDetailsStore) RegisterAccessToken(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) error

RegisterAccessToken save relationships :

AccessToken <- User & Client "AUC"
AccessToken -> SessionId "AS"
RefreshToken <-> AccessToken "AR"

func (*RedisContextDetailsStore) RegisterRefreshToken ¶

func (r *RedisContextDetailsStore) RegisterRefreshToken(c context.Context, token oauth2.RefreshToken, oauth oauth2.Authentication) error

RegisterRefreshToken save relationships :

RefreshToken -> Authentication "ART"
RefreshToken <- User & Client "RUC"
RefreshToken -> SessionId "RS"

func (*RedisContextDetailsStore) RemoveContextDetails ¶

func (r *RedisContextDetailsStore) RemoveContextDetails(c context.Context, key interface{}) error

func (*RedisContextDetailsStore) RevokeAccessToken ¶

func (r *RedisContextDetailsStore) RevokeAccessToken(ctx context.Context, token oauth2.AccessToken) error

RevokeAccessToken remove redis records:

AccessToken -> ContextDetails "AAT"
AccessToken <- User & Client "AUC"
AccessToken -> SessionId "AS"
AccessToken <-> RefreshToken "AR"

func (*RedisContextDetailsStore) RevokeAllAccessTokens ¶

func (r *RedisContextDetailsStore) RevokeAllAccessTokens(ctx context.Context, token oauth2.RefreshToken) error

RevokeAllAccessTokens remove all access tokens associated with given refresh token, with help of AccessToken <-> RefreshToken "AR" records

func (*RedisContextDetailsStore) RevokeClientAccess ¶

func (r *RedisContextDetailsStore) RevokeClientAccess(ctx context.Context, clientId string, revokeRefreshToken bool) error

RevokeClientAccess remove all access/refresh tokens issued to the given client, with help of AccessToken <- User & Client "AUC" & RefreshToken <- User & Client "RUC" records

func (*RedisContextDetailsStore) RevokeRefreshToken ¶

func (r *RedisContextDetailsStore) RevokeRefreshToken(ctx context.Context, token oauth2.RefreshToken) error

RevokeRefreshToken remove redis records:

RefreshToken -> Authentication "ART"
RefreshToken <- User & Client "RUC"
RefreshToken -> SessionId "RS"
All Access Tokens (Each implicitly remove AccessToken <-> RefreshToken "AR")

func (*RedisContextDetailsStore) RevokeSessionAccess ¶

func (r *RedisContextDetailsStore) RevokeSessionAccess(ctx context.Context, sessionId string, revokeRefreshToken bool) error

RevokeSessionAccess remove all access/refresh tokens issued under given session, with help of AccessToken <- SessionId "RS" & RefreshToken <- SessionId "RS"

func (*RedisContextDetailsStore) RevokeUserAccess ¶

func (r *RedisContextDetailsStore) RevokeUserAccess(ctx context.Context, username string, revokeRefreshToken bool) error

RevokeUserAccess remove all access/refresh tokens issued to the given user, with help of AccessToken <- User & Client "AUC" & RefreshToken <- User & Client "RUC" records

func (*RedisContextDetailsStore) SaveContextDetails ¶

func (r *RedisContextDetailsStore) SaveContextDetails(c context.Context, key interface{}, details security.ContextDetails) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL