Documentation ¶
Index ¶
- Variables
- func NewMiddleware(headerName string, publicKey interface{}) goserverhttp.Option
- func SetClaims(r *http.Request, claims Claims) *http.Request
- type Claims
- func (a *Claims) Entities() (entities []string)
- func (a *Claims) FromClaimsMap(claims jwt.Claims) error
- func (a *Claims) ToClaims() (jwt.Claims, error)
- func (a *Claims) ToJWT(privateKey interface{}) (string, error)
- func (a *Claims) Valid() booldeprecated
- func (a Claims) Validate() (err error)
- func (a Claims) VerifyAudience(cmp string, required bool) bool
- func (a Claims) VerifyAuthorizedParty() bool
- func (a Claims) VerifyExpiresAt(cmp time.Time, required bool) bool
- func (a Claims) VerifyIssuedAt(cmp time.Time, required bool) bool
- func (a Claims) VerifyIssuer(cmp string, required bool) bool
- func (a Claims) VerifyNotBefore(cmp time.Time, required bool) bool
- type Timestamp
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingSub = errors.New("sub is required") ErrExpiration = errors.New("invalid exp") ErrTooEarly = errors.New("token is not valid yet") ErrTooSoon = errors.New("token used before issued") ErrInvalidParty = errors.New("invalid authorized party") )
Validation error constants
var ( // DataStoreClaims used for setting the service itself as an author of a record DataStoreClaims = Claims{ UserID: uuid.Nil.String(), UserName: "datastore", } )
var TimeFunc = time.Now
TimeFunc provides the current time when parsing token to validate "exp" claim (expiration time). You can override it to use another time value. This is useful for testing or if your server uses a different time zone than your tokens.
Functions ¶
func NewMiddleware ¶
func NewMiddleware(headerName string, publicKey interface{}) goserverhttp.Option
NewMiddleware creates a new authrorization middleware to set the claims in the context
Types ¶
type Claims ¶
type Claims struct { // standard oidc claims ID string `json:"id"` Issuer string `json:"iss"` IssuedAt Timestamp `json:"iat"` NotBefore Timestamp `json:"nbf"` Expires Timestamp `json:"exp"` Audience string `json:"aud,omitempty"` UserID string `json:"sub"` UserName string `json:"name"` Email string `json:"email"` // Contiamo specific claims TenantID string `json:"tenantID"` RealmIDs []string `json:"realmIDs"` GroupIDs []string `json:"groupIDs"` AllowedIPs []string `json:"allowedIPs"` IsTenantAdmin bool `json:"isTenantAdmin"` AdminRealmIDs []string `json:"adminRealmIDs"` AuthenticationMethodReferences []string `json:"amr"` // AuthorizedParty is used to indicate that the request is authorizing as a // service request, giving it super-admin privileges to completely any request. // This replaces the "project admin" behavior of the current tokens. AuthorizedParty string `json:"azp,omitempty"` // SourceToken is for internal usage only SourceToken string `json:"-"` }
Claims represents the expected claims that should be in JWT claims of an X-Request-Token
func GetClaimsFromCtx ¶
GetClaimsFromCtx retrieves the Claims object from the given context
func (*Claims) Entities ¶
Entities returns a slice of the entity ids that the auth claims contains. These are ids that permissions may be assigned to. Currently, this is the UserID, GroupIDs, and ResourceTokenIDs
func (*Claims) FromClaimsMap ¶
FromClaimsMap loads the claim information from a jwt.Claims object, this is a simple map[string]interface{}
func (Claims) VerifyAudience ¶ added in v3.1.0
VerifyAudience compares the aud claim against cmp.
func (Claims) VerifyAuthorizedParty ¶ added in v3.1.0
VerifyAuthorizedParty verify that azp matches the iss value, if set.
func (Claims) VerifyExpiresAt ¶ added in v3.1.0
VerifyExpiresAt compares the exp claim against the cmp time.
func (Claims) VerifyIssuedAt ¶ added in v3.1.0
VerifyIssuedAt compares the iat claim against the cmp time.
func (Claims) VerifyIssuer ¶ added in v3.1.0
VerifyIssuer compares the iss claim against cmp.
type Timestamp ¶
type Timestamp struct {
// contains filtered or unexported fields
}
Timestamp provides a timestamp value that can handle JSON strings and numeric values
func (Timestamp) MarshalJSON ¶
MarshalJSON implements the JSON marshal interface, returning
t as a Unix time, the number of seconds elapsed since
January 1, 1970 UTC.
func (*Timestamp) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler. It supports string and null input.