roles

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 4, 2023 License: MIT Imports: 16 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// GuestRoleName defines role name for an unauthenticated user
	GuestRoleName = "guest"

	// TLSUserRoleName defines a generic role name for an authenticated user
	TLSUserRoleName = "tls_user"

	// JWTUserRoleName defines a generic role name for an authenticated user
	JWTUserRoleName = "jwt_user"

	// DPoPUserRoleName defines a generic role name for an authenticated user
	DPoPUserRoleName = "dpop_user"

	// DefaultSubjectClaim defines default JWT Subject claim
	DefaultSubjectClaim = "sub"

	// DefaultRoleClaim defines default Role claim
	DefaultRoleClaim = "email"

	// DefaultTenantClaim defines default Tenant claim
	DefaultTenantClaim = "tenant"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type IdentityMap

type IdentityMap struct {
	// DebugLogs allows to add extra debog logs
	DebugLogs bool `json:"debug_logs" yaml:"debug_logs"`

	// TLS identity map
	TLS TLSIdentityMap `json:"tls" yaml:"tls"`
	// JWT identity map
	JWT JWTIdentityMap `json:"jwt" yaml:"jwt"`
	// DPoP identity map
	DPoP JWTIdentityMap `json:"jwt_dpop" yaml:"jwt_dpop"`
}

IdentityMap contains configuration for the roles

type IdentityProvider

type IdentityProvider interface {
	// ApplicableForRequest returns true if the provider is applicable for the request
	ApplicableForRequest(*http.Request) bool
	// IdentityFromRequest returns identity from the request
	IdentityFromRequest(*http.Request) (identity.Identity, error)

	// ApplicableForContext returns true if the provider is applicable for the request
	ApplicableForContext(ctx context.Context) bool
	// IdentityFromContext returns identity from the request
	IdentityFromContext(ctx context.Context, uri string) (identity.Identity, error)
}

IdentityProvider interface to extract identity from requests

func New

func New(config *IdentityMap, jwt jwt.Parser) (IdentityProvider, error)

New returns Authz provider instance

type JWTIdentityMap

type JWTIdentityMap struct {
	// DefaultAuthenticatedRole specifies role name for identity, if not found in maps
	DefaultAuthenticatedRole string `json:"default_authenticated_role" yaml:"default_authenticated_role"`
	// Enable JWT identities
	Enabled bool `json:"enabled" yaml:"enabled"`
	// Issuer specifies the token issuer to check for
	Issuer string `json:"issuer" yaml:"issuer"`
	// Audience specifies the token audience to check for
	Audience string `json:"audience" yaml:"audience"`
	// SubjectClaim specifies claim name to be used as Subject,
	// by default it's `sub`, but can be changed to `email` etc
	SubjectClaim string `json:"subject_claim" yaml:"subject_claim"`
	// RoleClaim specifies claim name to be used for role mapping,
	// by default it's `email`, but can be changed to `sub` etc
	RoleClaim string `json:"role_claim" yaml:"role_claim"`
	// TenantClaim specifies claim name to be used for tenant mapping,
	// by default it's `tenant`, but can be changed to `org` etc
	TenantClaim string `json:"tenant_claim" yaml:"tenant_claim"`
	// Roles is a map of role to JWT identity
	Roles map[string][]string `json:"roles" yaml:"roles"`
}

JWTIdentityMap provides roles for JWT

type TLSIdentityMap

type TLSIdentityMap struct {
	// DefaultAuthenticatedRole specifies role name for identity, if not found in maps
	DefaultAuthenticatedRole string `json:"default_authenticated_role" yaml:"default_authenticated_role"`
	// Enable TLS identities
	Enabled bool `json:"enabled" yaml:"enabled"`
	// Roles is a map of role to TLS identity
	Roles map[string][]string `json:"roles" yaml:"roles"`
}

TLSIdentityMap provides roles for TLS

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL