auth

package

v0.0.0-...-fbf9a92 Latest Latest Go to latest Published: Apr 25, 2021 License: GPL-3.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cvcio/elections-api

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Authenticator
- func NewAuthenticator(key *rsa.PrivateKey, keyID, algorithm string, publicKeyFunc KeyFunc) (*Authenticator, error)
- func (a *Authenticator) GenerateToken(claims Claims) (string, error)
- func (a *Authenticator) ParseClaims(tknStr string) (Claims, error)
type Claims
- func NewClaims(subject string, user string, roles []string, organization string, ...) Claims
- func (c Claims) HasRole(roles ...string) bool
- func (c Claims) Valid() error
type KeyFunc
- func NewSingleKeyFunc(id string, key *rsa.PublicKey) KeyFunc

Constants ¶

View Source

const (
	RoleAdmin     = "ADMIN"
	RolePowerUser = "POWERUSER"
	RoleUser      = "USER"
	RoleOrgAdmin  = "ORGADMIN"
)

These are the expected values for Claims.Roles.

View Source

const Key ctxKey = 1

Key is used to store/retrieve a Claims value from a context.Context.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.

func NewAuthenticator ¶

func NewAuthenticator(key *rsa.PrivateKey, keyID, algorithm string, publicKeyFunc KeyFunc) (*Authenticator, error)

NewAuthenticator creates an *Authenticator for use. It will error if: - The private key is nil. - The public key func is nil. - The key ID is blank. - The specified algorithm is unsupported.

func (*Authenticator) GenerateToken ¶

func (a *Authenticator) GenerateToken(claims Claims) (string, error)

GenerateToken generates a signed JWT token string representing the user Claims.

func (*Authenticator) ParseClaims ¶

func (a *Authenticator) ParseClaims(tknStr string) (Claims, error)

ParseClaims recreates the Claims that were used to generate a token. It verifies that the token was signed using our key.

type Claims ¶

type Claims struct {
	Roles        []string `json:"roles"`
	User         string   `json:"user"`
	Organization string   `json:"organization"`
	jwt.StandardClaims
}

Claims represents the authorization claims transmitted via a JWT. TODO: add scope to claims

func NewClaims ¶

func NewClaims(subject string, user string, roles []string, organization string, now time.Time, expires time.Duration) Claims

NewClaims constructs a Claims value for the identified user. The Claims expire within a specified duration of the provided time. Additional fields of the Claims can be set after calling NewClaims is desired.

func (Claims) HasRole ¶

func (c Claims) HasRole(roles ...string) bool

HasRole returns true if the claims has at least one of the provided roles.

func (Claims) Valid ¶

func (c Claims) Valid() error

Valid is called during the parsing of a token.

type KeyFunc ¶

type KeyFunc func(keyID string) (*rsa.PublicKey, error)

KeyFunc is used to map a JWT key id (kid) to the corresponding public key. It is a requirement for creating an Authenticator.

* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by key id (kid).

* Key-id-to-public-key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.

func NewSingleKeyFunc ¶

func NewSingleKeyFunc(id string, key *rsa.PublicKey) KeyFunc

NewSingleKeyFunc is a simple implementation of KeyFunc that only ever supports one key. This is easy for development but in production should be replaced with a caching layer that calls a JWKS endpoint.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL