auth

package

v0.0.0-...-cc07b41 Latest Latest Go to latest Published: May 18, 2020 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dreznel/ardan-service

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Authenticator
- func NewAuthenticator(privateKey *rsa.PrivateKey, activeKID, algorithm string, ...) (*Authenticator, error)
- func (a *Authenticator) GenerateToken(claims Claims) (string, error)
- func (a *Authenticator) ParseClaims(tokenStr string) (Claims, error)
type Claims
- func NewClaims(subject string, roles []string, now time.Time, expires time.Duration) Claims
- func (c Claims) HasRole(roles ...string) bool
- func (c Claims) Valid() error
type KeyLookupFunc
- func NewSimpleKeyLookupFunc(activeKID string, publicKey *rsa.PublicKey) KeyLookupFunc

Constants ¶

View Source

const (
	RoleAdmin = "ADMIN"
	RoleUser  = "USER"
)

These are the expected values for Claims.Roles.

View Source

const Key ctxKey = 1

Key is used to store/retrieve a Claims value from a context.Context.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.

func NewAuthenticator ¶

func NewAuthenticator(privateKey *rsa.PrivateKey, activeKID, algorithm string, publicKeyLookupFunc KeyLookupFunc) (*Authenticator, error)

NewAuthenticator creates an *Authenticator for use. It will error if: - The private key is nil. - The public key func is nil. - The key ID is blank. - The specified algorithm is unsupported.

func (*Authenticator) GenerateToken ¶

func (a *Authenticator) GenerateToken(claims Claims) (string, error)

GenerateToken generates a signed JWT token string representing the user Claims.

func (*Authenticator) ParseClaims ¶

func (a *Authenticator) ParseClaims(tokenStr string) (Claims, error)

ParseClaims recreates the Claims that were used to generate a token. It verifies that the token was signed using our key.

type Claims ¶

type Claims struct {
	Roles []string `json:"roles"`
	jwt.StandardClaims
}

Claims represents the authorization claims transmitted via a JWT.

func NewClaims ¶

func NewClaims(subject string, roles []string, now time.Time, expires time.Duration) Claims

NewClaims constructs a Claims value for the identified user. The Claims expire within a specified duration of the provided time. Additional fields of the Claims can be set after calling NewClaims is desired.

func (Claims) HasRole ¶

func (c Claims) HasRole(roles ...string) bool

HasRole returns true if the claims has at least one of the provided roles.

func (Claims) Valid ¶

func (c Claims) Valid() error

Valid is called during the parsing of a token.

type KeyLookupFunc ¶

type KeyLookupFunc func(kid string) (*rsa.PublicKey, error)

KeyLookupFunc is used to map a JWT key id (kid) to the corresponding public key. It is a requirement for creating an Authenticator.

* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by key id (kid).

* Key-id-to-public-key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.

func NewSimpleKeyLookupFunc ¶

func NewSimpleKeyLookupFunc(activeKID string, publicKey *rsa.PublicKey) KeyLookupFunc

NewSimpleKeyLookupFunc is a simple implementation of KeyFunc that only ever supports one key. This is easy for development but in production should be replaced with a caching layer that calls a JWKS endpoint.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL