Documentation
¶
Index ¶
Constants ¶
const ( RoleAdmin = "ADMIN" RolePowerUser = "POWERUSER" RoleUser = "USER" RoleOrgAdmin = "ORGADMIN" RoleEditor = "EDITOR" RoleInvestigator = "INVESTIGATOR" RoleAnnotator = "ANNOTATOR" RoleReviewer = "REVIEWER" )
These are the expected values for Claims.Roles.
const Key ctxKey = 1
Key is used to store/retrieve a Claims value from a context.Context.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator interface {
GenerateToken(Claims) (string, error)
ParseClaims(string) (Claims, error)
}
Authenticator is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.
type Claims ¶
type Claims struct {
Roles []string `json:"roles"`
User string `json:"user"`
Organization string `json:"organization"`
Lang string `json:"lang"`
SearchLimit int `json:"searchLimit"`
jwt.StandardClaims
}
Claims represents the authorization claims transmitted via a JWT. TODO: add scope to claims
func NewClaims ¶
func NewClaims(subject string, user string, roles []string, organization string, lang string, searchLimit int, now time.Time, expires time.Duration) Claims
NewClaims constructs a Claims value for the identified user. The Claims expire within a specified duration of the provided time. Additional fields of the Claims can be set after calling NewClaims is desired.
type DebugAuthenticator ¶
type DebugAuthenticator struct{}
func (DebugAuthenticator) GenerateToken ¶
func (a DebugAuthenticator) GenerateToken(claims Claims) (string, error)
func (DebugAuthenticator) ParseClaims ¶
func (a DebugAuthenticator) ParseClaims(tkn string) (Claims, error)
type DefaultAuthenticator ¶
type DefaultAuthenticator struct {
// contains filtered or unexported fields
}
func NewDefaultAuthenticator ¶
func NewDefaultAuthenticator(key *rsa.PrivateKey, keyID, algorithm string, publicKeyFunc KeyFunc) (*DefaultAuthenticator, error)
NewAuthenticator creates an *Authenticator for use. It will error if: - The private key is nil. - The public key func is nil. - The key ID is blank. - The specified algorithm is unsupported.
func (DefaultAuthenticator) GenerateToken ¶
func (a DefaultAuthenticator) GenerateToken(claims Claims) (string, error)
GenerateToken generates a signed JWT token string representing the user Claims.
func (DefaultAuthenticator) ParseClaims ¶
func (a DefaultAuthenticator) ParseClaims(tknStr string) (Claims, error)
ParseClaims recreates the Claims that were used to generate a token. It verifies that the token was signed using our key.
type JWTAuthenticator ¶
type JWTAuthenticator struct {
// expose
Issuer string
// contains filtered or unexported fields
}
func NewJWTAuthenticator ¶
func NewJWTAuthenticator(keyCertificate, keyID, algorithm, issuer string) (*JWTAuthenticator, error)
NewJWTAuthenticator creates an *Authenticator for use. It will error if: - The private key is nil. - The public key func is nil. - The key ID is blank. - The specified algorithm is unsupported.
type KeyFunc ¶
KeyFunc is used to map a JWT key id (kid) to the corresponding public key. It is a requirement for creating an Authenticator.
* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by key id (kid).
* Key-id-to-public-key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.
Source Files