auth

package

v0.0.0-...-d0cc832 Latest Latest Go to latest Published: Nov 7, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cortezaproject/corteza-server-discovery

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Anonymous() *identity
func Authenticated(id uint64, rr ...uint64) *identity
func DefaultAccessTokenGenerator(ctx context.Context, req TokenRequest) (string, string, error)
func ExtractFromSubClaim(sub string) (userID uint64, rr []uint64)
func HttpTokenValidator(scope ...string) func(http.Handler) http.Handler
func IdentityFromToken(token jwt.Token) *identity
func NewTokenIssuer(opt ...IssuerOptFn) (issuer *tokenIssuer, err error)
func SetIdentityToContext(ctx context.Context, identity Identifiable) context.Context
func TokenVerifierMiddlewareWithSecretSigner(secret string) (_ func(http.Handler) http.Handler, err error)
type Identifiable
type IssueOptFn
type IssuerOptFn
type Signer
type TokenRequest

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	HttpTokenVerifier func(http.Handler) http.Handler
)

View Source

var (
	TokenIssuer *tokenIssuer
)

Functions ¶

func Anonymous ¶

func Anonymous() *identity

Anonymous constructs and returns new anonymous identity with system anonymous roles

func Authenticated ¶

func Authenticated(id uint64, rr ...uint64) *identity

Authenticated constructs and returns new authenticated identity with assigned roles + system authenticated roles

func DefaultAccessTokenGenerator ¶

func DefaultAccessTokenGenerator(ctx context.Context, req TokenRequest) (string, string, error)

DefaultAccessTokenGenerator uses token generator from oauth2 lib

func ExtractFromSubClaim ¶

func ExtractFromSubClaim(sub string) (userID uint64, rr []uint64)

func HttpTokenValidator ¶

func HttpTokenValidator(scope ...string) func(http.Handler) http.Handler

HttpTokenValidator checks if there is a token with identity and matching scope claim

Empty scope defaults to "api"!

func IdentityFromToken ¶

func IdentityFromToken(token jwt.Token) *identity

IdentityFromToken decodes sub & roles claims into identity

func NewTokenIssuer ¶

func NewTokenIssuer(opt ...IssuerOptFn) (issuer *tokenIssuer, err error)

NewTokenIssuer initializes and returns new instance of JWT manager

func SetIdentityToContext ¶

func SetIdentityToContext(ctx context.Context, identity Identifiable) context.Context

func TokenVerifierMiddlewareWithSecretSigner ¶

func TokenVerifierMiddlewareWithSecretSigner(secret string) (_ func(http.Handler) http.Handler, err error)

TokenVerifierMiddlewareWithSecretSigner returns HTTP handler with simple jwa.HS512 + secret verifier

This should be 1:1 with token issuer!

Types ¶

type Identifiable ¶

type Identifiable interface {
	Identity() uint64
	Roles() []uint64
	Valid() bool
	String() string
}

type IssueOptFn ¶

type IssueOptFn func(*TokenRequest) error

IssueOptFn functions modify TokenRequest

func WithAccessToken ¶

func WithAccessToken(access string) IssueOptFn

func WithAudience ¶

func WithAudience(aud string) IssueOptFn

func WithClientID ¶

func WithClientID(id uint64) IssueOptFn

func WithExpiration ¶

func WithExpiration(e time.Duration) IssueOptFn

func WithIdentity ¶

func WithIdentity(i Identifiable) IssueOptFn

func WithScope ¶

func WithScope(ss ...string) IssueOptFn

type IssuerOptFn ¶

type IssuerOptFn func(*tokenIssuer) error

IssuerOptFn modify toeknIssuer

func WithDefaultClientID ¶

func WithDefaultClientID(ID uint64) IssuerOptFn

WithDefaultClientID configures ID of the default auth client

func WithDefaultExpiration ¶

func WithDefaultExpiration(exp time.Duration) IssuerOptFn

WithDefaultExpiration configures default token expiration time

func WithDefaultIssuer ¶

func WithDefaultIssuer(iss string) IssuerOptFn

WithDefaultIssuer configures default issuer claim

func WithGenerator ¶

func WithGenerator(fn tokenIssuerGenerator) IssuerOptFn

WithGenerator configures generator function

func WithLookup ¶

func WithLookup(fn tokenIssuerLookup) IssuerOptFn

WithLookup configures lookup function

func WithSecretSigner ¶

func WithSecretSigner(secret string) IssuerOptFn

WithSecretSigner configures token issuer with

func WithSigner ¶

func WithSigner(fn tokenIssuerSigner) IssuerOptFn

WithSigner configures signer function

func WithStore ¶

func WithStore(fn tokenIssuerStore) IssuerOptFn

WithStore configures store function

type Signer ¶

type Signer interface {
	Sign(userID uint64, pp ...interface{}) string
	Verify(signature string, userID uint64, pp ...interface{}) bool
}

type TokenRequest ¶

type TokenRequest struct {
	AccessToken  string
	RefreshToken string
	Expiration   time.Duration
	Audience     string
	Issuer       string
	IssuedAt     time.Time
	ClientID     uint64
	UserID       uint64
	Roles        []uint64
	Scope        []string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL