tokens

package

v0.0.0-...-7f18515 Latest Latest Go to latest Published: Sep 8, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/costinm/meshauth

Documentation ¶

Index ¶

Constants
Variables
func ParseXFCC(val string) map[string]string
type Authn
- func NewAuthn(cfg *authn.AuthnConfig) *Authn
type JSONWebKeySet

Constants ¶

View Source

const BearerPrefix = "Bearer "

Variables ¶

View Source

var (
	TransientIssuerError = errors.New("transient issuer error")
)

Functions ¶

func ParseXFCC ¶

func ParseXFCC(val string) map[string]string

ParseXFCC is a minimal (and probably buggy) parser for XFCC envoy header. It does not deal with quoted strings including special chars (,;=). Istio certs are safe.

Types ¶

type Authn ¶

type Authn struct {
	Cfg *authn.AuthnConfig

	Verify func(context.Context, *authn.TrustConfig, string) error

	Client *http.Client

	// Issuers is the map - config is using a list
	Issuers map[string]*authn.TrustConfig `json:-`
}

Authn handles JWK/OIDC authentication.

A server may have different Authn configs for different listeners/hosts/routes - but typically one global config is more common.

func NewAuthn ¶

func NewAuthn(cfg *authn.AuthnConfig) *Authn

func (*Authn) Auth ¶

func (jauthn *Authn) Auth(actx *meshauth.RequestContext, r *http.Request) error

Authn extracts credentials from request, applies the authn Rules to extact claims and sets the result in headers and context.

func (*Authn) CheckJWT ¶

func (ja *Authn) CheckJWT(token string) (jwt *meshauth.JWT, e error)

CheckJWT will validate the JWT and return the 'sub' (subject) of the token.

If the JWT is invalid - fails signature, invalid claims - error is set.

If the OIDC keys can't be fetched - a 500 response should be returned (?) This is indicated with a nil error and nil jwt.

func (*Authn) CheckJwtMap ¶

func (a *Authn) CheckJwtMap(password string) (tok map[string]string, e error)

func (*Authn) ConvertJWKS ¶

func (ja *Authn) ConvertJWKS(i *authn.TrustConfig) error

func (*Authn) FetchAllKeys ¶

func (ja *Authn) FetchAllKeys(ctx context.Context, issuers []*authn.TrustConfig) error

Init the JWT map - can also be used to reconfigure.

func (*Authn) FetchKeys ¶

func (ja *Authn) FetchKeys(ctx context.Context, i *authn.TrustConfig) error

func (*Authn) UpdateKeys ¶

func (ja *Authn) UpdateKeys(ctx context.Context, i *authn.TrustConfig) error

UpdateKeys will populate the Keys field, by fetching the keys.

func (*Authn) UpdateWellKnown ¶

func (ja *Authn) UpdateWellKnown(ctx context.Context, issuer string, td *authn.TrustConfig) error

UpdateWellKnown downloads the JWKS from the well-known location Extracted from go-oidc

type JSONWebKeySet ¶

type JSONWebKeySet struct {
	Keys []rawJSONWebKey `json:"keys"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL