Documentation
¶
Index ¶
Constants ¶
View Source
const ( // GuestRoleName defines role name for an unauthenticated user GuestRoleName = "guest" // TLSUserRoleName defines a generic role name for an authenticated user TLSUserRoleName = "tls_user" // JWTUserRoleName defines a generic role name for an authenticated user JWTUserRoleName = "jwt_user" // DPoPUserRoleName defines a generic role name for an authenticated user DPoPUserRoleName = "dpop_user" // DefaultSubjectClaim defines default JWT Subject claim DefaultSubjectClaim = "sub" // DefaultRoleClaim defines default Role claim DefaultRoleClaim = "email" // DefaultTenantClaim defines default Tenant claim DefaultTenantClaim = "tenant" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IdentityMap ¶
type IdentityMap struct {
// DebugLogs allows to add extra debog logs
DebugLogs bool `json:"debug_logs" yaml:"debug_logs"`
// TLS identity map
TLS TLSIdentityMap `json:"tls" yaml:"tls"`
// JWT identity map
JWT JWTIdentityMap `json:"jwt" yaml:"jwt"`
// DPoP identity map
DPoP JWTIdentityMap `json:"jwt_dpop" yaml:"jwt_dpop"`
}
IdentityMap contains configuration for the roles
type IdentityProvider ¶
type IdentityProvider interface {
// ApplicableForRequest returns true if the provider is applicable for the request
ApplicableForRequest(*http.Request) bool
// IdentityFromRequest returns identity from the request
IdentityFromRequest(*http.Request) (identity.Identity, error)
// ApplicableForContext returns true if the provider is applicable for the request
ApplicableForContext(ctx context.Context) bool
// IdentityFromContext returns identity from the request
IdentityFromContext(ctx context.Context, uri string) (identity.Identity, error)
}
IdentityProvider interface to extract identity from requests
func New ¶
func New(config *IdentityMap, jwt jwt.Parser) (IdentityProvider, error)
New returns Authz provider instance
type JWTIdentityMap ¶
type JWTIdentityMap struct {
// DefaultAuthenticatedRole specifies role name for identity, if not found in maps
DefaultAuthenticatedRole string `json:"default_authenticated_role" yaml:"default_authenticated_role"`
// Enable JWT identities
Enabled bool `json:"enabled" yaml:"enabled"`
// Issuer specifies the token issuer to check for
Issuer string `json:"issuer" yaml:"issuer"`
// Audience specifies the token audience to check for
Audience string `json:"audience" yaml:"audience"`
// SubjectClaim specifies claim name to be used as Subject,
// by default it's `sub`, but can be changed to `email` etc
SubjectClaim string `json:"subject_claim" yaml:"subject_claim"`
// RoleClaim specifies claim name to be used for role mapping,
// by default it's `email`, but can be changed to `sub` etc
RoleClaim string `json:"role_claim" yaml:"role_claim"`
// TenantClaim specifies claim name to be used for tenant mapping,
// by default it's `tenant`, but can be changed to `org` etc
TenantClaim string `json:"tenant_claim" yaml:"tenant_claim"`
// Roles is a map of role to JWT identity
Roles map[string][]string `json:"roles" yaml:"roles"`
}
JWTIdentityMap provides roles for JWT
type TLSIdentityMap ¶
type TLSIdentityMap struct {
// DefaultAuthenticatedRole specifies role name for identity, if not found in maps
DefaultAuthenticatedRole string `json:"default_authenticated_role" yaml:"default_authenticated_role"`
// Enable TLS identities
Enabled bool `json:"enabled" yaml:"enabled"`
// Roles is a map of role to TLS identity
Roles map[string][]string `json:"roles" yaml:"roles"`
}
TLSIdentityMap provides roles for TLS
Source Files
Click to show internal directories.
Click to hide internal directories.