identity

package

v1.0.0 Latest Latest Go to latest Published: Jan 1, 2021 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/digital-dream-labs/vector-cloud

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func NewFileProvider(jwtPath, cloudDir string) (*fileProvider, error)
type Provider
type Token
type TokenInfo
- func FromJwtToken(t *jwt.Token) (*TokenInfo, error)
- func (t TokenInfo) IsExpired() bool
- func (t TokenInfo) JwtToken(method jwt.SigningMethod) *jwt.Token

Constants ¶

View Source

const (
	JwtClaimTokenID     = "token_id"
	JwtClaimTokenType   = "token_type"
	JwtClaimRequestorID = "requestor_id"
	JwtClaimUserID      = "user_id"
	JwtClaimIssuedAt    = "iat"
	JwtClaimExpiresAt   = "expires"
	JwtClaimPermissions = "permissions"
)

View Source

const DefaultTokenPath = "/tmp/victoken"

DefaultTokenPath specifies default directory for persistent JWT storage

Variables ¶

View Source

var UseClientCert = false

UseClientCert can be set to true to force the use of client certs

Functions ¶

func NewFileProvider ¶

func NewFileProvider(jwtPath, cloudDir string) (*fileProvider, error)

NewFileProvider creates a new file backed Provider interface implementation

Types ¶

type Provider ¶

type Provider interface {
	Init() error
	ParseAndStoreToken(token string) (Token, error)
	GetToken() Token
	CertCommonName() string
	TransportCredentials() credentials.TransportCredentials
}

Provider is an interface to manage JWT tokens and TLS certs for a single robot

type Token ¶

type Token interface {
	IssuedAt() time.Time
	RefreshTime() time.Time
	String() string
	UserID() string
}

Token provides the methods that clients will care about for authenticating and using tokens

type TokenInfo ¶

type TokenInfo struct {
	// Id is the unique ID of the token.
	Id string

	// Type - Only 'user+robot' is supported right now.
	Type string

	// RequestorId is an identifier for the entity which requested the
	// token. Likely to be the common name of the robot cert
	// (i.e. 'vic:<ESN>', or later an Anki Principal URN)
	RequestorId string

	// UserId is the accounts system ID of the user associated with
	// the requesting entity.
	UserId string

	// IssuedAt is the UTC time when the token was issued.
	IssuedAt time.Time

	// ExpiresAt is the UTC time at which the token is no longer
	// valid. Generally equal to IssuedAt + 24 hours.
	ExpiresAt time.Time

	// PurgeAt is the UTC time at which Dynamo will automatically
	// delete the token. Only used within the Token Service.
	PurgeAt time.Time

	// RevokedAt is the UTC time at which the token was revoked, if it
	// has been revoked. Tokens can be revoked due to account system
	// password changes or account deletion. Only used within the
	// Token Service.
	RevokedAt time.Time

	// Revoked is true if this token has been revoked due to account
	// system changes. Only used within the Token Service.
	Revoked bool

	// Raw is the raw string form of the JWT token, if this Token
	// object was parsed from a JWT token. Only used within the Token
	// Service.
	Raw string

	Permissions map[string]interface{} `json:"permissions,omitempty"`
}

Token is a structured representation of an access token.

func FromJwtToken ¶

func FromJwtToken(t *jwt.Token) (*TokenInfo, error)

FromJwtToken converts a generic jwt.Token object, parsed from a signed token string, into a Token structure, validating that all the required Anki token claims are present.

func (TokenInfo) IsExpired ¶

func (t TokenInfo) IsExpired() bool

IsExpired is a simple predicate indicating whether the token's expiration time has passed or not.

func (TokenInfo) JwtToken ¶

func (t TokenInfo) JwtToken(method jwt.SigningMethod) *jwt.Token

JwtToken converts this Token object to a jwt.Token object suitable for hashing and conversion to a signed string.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL