authorization

package
v2.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 23, 2020 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (

	// DataStoreClaims used for setting the service itself as an author of a record
	DataStoreClaims = Claims{
		UserID:   uuid.Nil.String(),
		UserName: "datastore",
	}
)

Functions

func NewMiddleware

func NewMiddleware(headerName string, publicKey interface{}) goserverhttp.Option

NewMiddleware creates a new authrorization middleware to set the claims in the context

func SetClaims

func SetClaims(r *http.Request, claims Claims) *http.Request

SetClaims add the Claims instance to the request Context

Types

type Claims

type Claims struct {
	ID                             string    `json:"id"`
	IssuedAt                       Timestamp `json:"iat"`
	NotBefore                      Timestamp `json:"nbf"`
	Expires                        Timestamp `json:"exp"`
	Issuer                         string    `json:"iss"`
	UserID                         string    `json:"sub"`
	UserName                       string    `json:"name"`
	TenantID                       string    `json:"tenantID"`
	Email                          string    `json:"email"`
	RealmIDs                       []string  `json:"realmIDs"`
	GroupIDs                       []string  `json:"groupIDs"`
	ResourceTokenIDs               []string  `json:"resourceTokenIDs"`
	AllowedIPs                     []string  `json:"allowedIPs"`
	IsTenantAdmin                  bool      `json:"isTenantAdmin"`
	AdminRealmIDs                  []string  `json:"adminRealmIDs"`
	SourceToken                    string    `json:"-"`
	AuthenticationMethodReferences []string  `json:"amr"`
}

Claims represents the expected claims that should be in a JWT sent to labs

The IDP defined the token as

type RequestToken struct {
	ID               string   `protobuf:"bytes,1,opt,name=ID,json=id,proto3" json:"ID,omitempty"`
	IssuedAt         float64  `protobuf:"fixed64,2,opt,name=IssuedAt,json=iat,proto3" json:"IssuedAt,omitempty"`
	NotBefore        float64  `protobuf:"fixed64,3,opt,name=NotBefore,json=nbf,proto3" json:"NotBefore,omitempty"`
	Expires          float64  `protobuf:"fixed64,4,opt,name=Expires,json=exp,proto3" json:"Expires,omitempty"`
	Issuer           string   `protobuf:"bytes,5,opt,name=Issuer,json=iss,proto3" json:"Issuer,omitempty"`
	UserID           string   `protobuf:"bytes,6,opt,name=UserID,json=sub,proto3" json:"UserID,omitempty"`
	UserName         string   `protobuf:"bytes,7,opt,name=UserName,json=name,proto3" json:"UserName,omitempty"`
	TenantID         string   `protobuf:"bytes,8,opt,name=TenantID,json=tenantID,proto3" json:"TenantID,omitempty"`
	Email            string   `protobuf:"bytes,9,opt,name=Email,json=email,proto3" json:"Email,omitempty"`
	RealmIDs         []string `protobuf:"bytes,10,rep,name=RealmIDs,json=realmIDs,proto3" json:"RealmIDs,omitempty"`
	GroupIDs         []string `protobuf:"bytes,11,rep,name=GroupIDs,json=groupIDs,proto3" json:"GroupIDs,omitempty"`
	ResourceTokenIDs []string `protobuf:"bytes,12,rep,name=ResourceTokenIDs,json=resourceTokenIDs,proto3" json:"ResourceTokenIDs,omitempty"`
	AllowedIPs       []string `protobuf:"bytes,13,rep,name=AllowedIPs,json=allowedIPs,proto3" json:"AllowedIPs,omitempty"`
	IsTenantAdmin    bool     `protobuf:"varint,14,opt,name=IsTenantAdmin,json=isTenantAdmin,proto3" json:"IsTenantAdmin,omitempty"`
	AdminRealmIDs    []string `protobuf:"bytes,15,rep,name=AdminRealmIDs,json=adminRealmIDs,proto3" json:"AdminRealmIDs,omitempty"`
	AuthenticationMethodReferences []string `protobuf:"bytes,16,rep,name=AuthenticationMethodReferences,json=amr,proto3" json:"AuthenticationMethodReferences,omitempty"`
}

func GetClaims

func GetClaims(r *http.Request) (Claims, bool)

GetClaims retrieves the Claims object from the request context

func GetClaimsFromCtx

func GetClaimsFromCtx(ctx context.Context) (Claims, bool)

GetClaimsFromCtx retrieves the Claims object from the given context

func (*Claims) Entities

func (a *Claims) Entities() (entities []string)

Entities returns a slice of the entity ids that the auth claims contains. These are ids that permissions may be assigned to. Currently, this is the UserID, GroupIDs, and ResourceTokenIDs

func (*Claims) FromClaimsMap

func (a *Claims) FromClaimsMap(claims jwt.Claims) error

FromClaimsMap loads the claim information from a jwt.Claims object, this is a simple map[string]interface{}

func (*Claims) ToClaims

func (a *Claims) ToClaims() (jwt.Claims, error)

ToClaims encodes the token as jwt.Claims

func (*Claims) ToJWT

func (a *Claims) ToJWT(privateKey interface{}) (string, error)

ToJWT encodes the token to a valid jwt

func (*Claims) Valid

func (a *Claims) Valid() bool

Valid tests if the Claims object contains the minimal required information to be used for authorization checks.

type Timestamp

type Timestamp struct {
	// contains filtered or unexported fields
}

Timestamp provides a timestamp value that can handle JSON strings and numeric values

func FromTime

func FromTime(t time.Time) Timestamp

FromTime creates a timestamp from an existing time value

func (Timestamp) MarshalJSON

func (t Timestamp) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON marshal interface, returning

t as a Unix time, the number of seconds elapsed since

January 1, 1970 UTC.

func (Timestamp) Time

func (t Timestamp) Time() time.Time

Time returns the embedded go time value

func (*Timestamp) UnmarshalJSON

func (t *Timestamp) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler. It supports string and null input.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL