Documentation
¶
Index ¶
- Constants
- Variables
- type CommonToken
- func (c *CommonToken) Audience() []string
- func (c *CommonToken) AuthorizationID() string
- func (c *CommonToken) ClientID() string
- func (c *CommonToken) Email() string
- func (c *CommonToken) Expiration() time.Time
- func (c *CommonToken) IssuedAt() time.Time
- func (c *CommonToken) Issuer() string
- func (c *CommonToken) Roles() []string
- func (c *CommonToken) Scope() string
- func (c *CommonToken) Subject() string
- func (c *CommonToken) Type() string
- type CommonTokenInserter
- type CommonTokenType
- type CommonTokenUpdater
- type Dispatcher
- type Fetcher
- type TokenIssuer
- func (t *TokenIssuer) Alg() string
- func (t *TokenIssuer) AsJWKSet() (jwk.Set, error)
- func (t *TokenIssuer) AsPublicOnlyJWKSet() (jwk.Set, error)
- func (t *TokenIssuer) Audience() []string
- func (t *TokenIssuer) IssueAccessTokenForMachineClient(clientID string, scopes []string) (jwt.Token, error)
- func (t *TokenIssuer) IssueAccessTokenForUser(user *user.SignedInUser, authorizationID uuid.UUID, clientID string, ...) (jwt.Token, error)
- func (t *TokenIssuer) IssueAuthorizationCode(ctx context.Context, authorizationID uuid.UUID, codeChallenge string, ...) (string, error)
- func (t *TokenIssuer) IssueNetlifyAccessTokenForUser(user *user.SignedInUser, authorizationID uuid.UUID, clientID string, ...) (jwt.Token, error)
- func (t *TokenIssuer) IssueRefreshToken(ctx context.Context, authorizationID uuid.UUID) (string, error)
- func (t *TokenIssuer) IssueRememberMeToken(ctx context.Context, authorizationID uuid.UUID) (string, error)
- func (t *TokenIssuer) Issuer() string
- func (t *TokenIssuer) KeyID() string
- func (t *TokenIssuer) PrivateKey() jwk.Key
- func (t *TokenIssuer) PublicKey() jwk.Key
- func (t *TokenIssuer) RememberMeDuration() time.Duration
- func (t *TokenIssuer) Sign(token jwt.Token) ([]byte, error)
- type TokenRotator
- func (t *TokenRotator) PreRotationChallenge(ctx context.Context, authorizationCode string, codeVerifier string) error
- func (t *TokenRotator) RevokeCommonToken(ctx context.Context, tokenType CommonTokenType, token string, autID uuid.UUID) error
- func (t *TokenRotator) RevokeCommonTokensForAuthorization(ctx context.Context, autID uuid.UUID) error
- func (t *TokenRotator) RotateCommonToken(ctx context.Context, tokenType CommonTokenType, token string, clientID string) error
- type TokenVerifier
- func (t *TokenVerifier) ParseAndValidateAccessToken(accessToken string) (jwt.Token, error)
- func (t *TokenVerifier) ValidateAccessTokenDetails(ctx context.Context, accessToken string) (*CommonToken, error)
- func (t *TokenVerifier) ValidateRefreshTokenDetails(ctx context.Context, refreshToken string) (*CommonToken, error)
Constants ¶
View Source
const ( //ClaimEmail is the claim storing the email ClaimEmail = "email" //ClaimRoles is the claim storing the roles ClaimRoles = "roles" //this works out of the box with aspnet core //ClaimClientID is the claim storing the application client_id ClaimClientID = "client_id" //ClaimAuthorization is the claim storing the authorization ClaimAuthorization = "aut" //ClaimScope is the claim storing the scopes ClaimScope = "scope" //ClaimNetlifyAppMetaData represents the app_metadata claim used in netlifys token ClaimNetlifyAppMetaData = "app_metadata" //ClaimNetlifyUserMetaData represents the user_metadata claim used in netlifys token ClaimNetlifyUserMetaData = "user_metadata" )
Variables ¶
View Source
var ErrChallengeFailed = errors.New("code verification challenge failed")
View Source
var ErrInvalidToken = errors.New("invalid or unknown token")
View Source
var ErrTokenExpired = errors.New("token has expired")
View Source
var ErrTokenInvalidClientId = errors.New("token has been issued for different client id")
View Source
var ErrTokenNotFound = errors.New("unknown token")
View Source
var ErrTokenRevoked = errors.New("token has been revoked")
Functions ¶
This section is empty.
Types ¶
type CommonToken ¶
type CommonToken struct {
// contains filtered or unexported fields
}
func (*CommonToken) Audience ¶
func (c *CommonToken) Audience() []string
func (*CommonToken) AuthorizationID ¶
func (c *CommonToken) AuthorizationID() string
func (*CommonToken) ClientID ¶
func (c *CommonToken) ClientID() string
func (*CommonToken) Email ¶
func (c *CommonToken) Email() string
func (*CommonToken) Expiration ¶
func (c *CommonToken) Expiration() time.Time
func (*CommonToken) IssuedAt ¶
func (c *CommonToken) IssuedAt() time.Time
func (*CommonToken) Issuer ¶
func (c *CommonToken) Issuer() string
func (*CommonToken) Roles ¶
func (c *CommonToken) Roles() []string
func (*CommonToken) Scope ¶
func (c *CommonToken) Scope() string
func (*CommonToken) Subject ¶
func (c *CommonToken) Subject() string
func (*CommonToken) Type ¶
func (c *CommonToken) Type() string
type CommonTokenInserter ¶
type CommonTokenType ¶
type CommonTokenType string
const AccessTokenType CommonTokenType = "access_token"
AccessTokenType is a common access token
const AuthorizationCodeType CommonTokenType = "authorization_code"
AuthorizationCodeType is a authorization code token
const RefreshTokenType CommonTokenType = "refresh_token"
RefreshTokenType is a refresh token which can be traded for a new set
const RememberMeTokenType CommonTokenType = "remember_me"
RememberMeTokenType is a single sign on token to remember signed in user
type CommonTokenUpdater ¶
type CommonTokenUpdater interface {
RevokeCommonTokensForAuthorization(ctx context.Context, authorizationID uuid.UUID) (int, error)
CommonTokenDetails(
ctx context.Context,
tokenType string,
token string,
) (*db.CommonTokenDetails, error)
RedeemCommonToken(ctx context.Context, tokenType string, token string) error
RevokeCommonToken(ctx context.Context, tokenType string, token string) error
}
type Dispatcher ¶
type TokenIssuer ¶
type TokenIssuer struct {
// contains filtered or unexported fields
}
func NewIssuer ¶
func NewIssuer( log *zap.Logger, cfg *config.JWTConfiguration, storage CommonTokenInserter, ) *TokenIssuer
func (*TokenIssuer) Alg ¶
func (t *TokenIssuer) Alg() string
func (*TokenIssuer) AsPublicOnlyJWKSet ¶
func (t *TokenIssuer) AsPublicOnlyJWKSet() (jwk.Set, error)
func (*TokenIssuer) Audience ¶
func (t *TokenIssuer) Audience() []string
func (*TokenIssuer) IssueAccessTokenForMachineClient ¶
func (*TokenIssuer) IssueAccessTokenForUser ¶
func (t *TokenIssuer) IssueAccessTokenForUser( user *user.SignedInUser, authorizationID uuid.UUID, clientID string, scopes []string, ) (jwt.Token, error)
IssueAccessTokenForUser issues a standard access token for a user
func (*TokenIssuer) IssueAuthorizationCode ¶
func (*TokenIssuer) IssueNetlifyAccessTokenForUser ¶
func (t *TokenIssuer) IssueNetlifyAccessTokenForUser( user *user.SignedInUser, authorizationID uuid.UUID, clientID string, scopes []string, ) (jwt.Token, error)
IssueNetlifyAccessTokenForUser differs from the standard access token, it has the app_metadata and user_metadata claims
func (*TokenIssuer) IssueRefreshToken ¶
func (*TokenIssuer) IssueRememberMeToken ¶
func (*TokenIssuer) Issuer ¶
func (t *TokenIssuer) Issuer() string
func (*TokenIssuer) KeyID ¶
func (t *TokenIssuer) KeyID() string
func (*TokenIssuer) PrivateKey ¶
func (t *TokenIssuer) PrivateKey() jwk.Key
func (*TokenIssuer) PublicKey ¶
func (t *TokenIssuer) PublicKey() jwk.Key
func (*TokenIssuer) RememberMeDuration ¶
func (t *TokenIssuer) RememberMeDuration() time.Duration
type TokenRotator ¶
type TokenRotator struct {
// contains filtered or unexported fields
}
func NewRotator ¶
func NewRotator( updater CommonTokenUpdater, dispatcher Dispatcher, log *zap.Logger) *TokenRotator
func (*TokenRotator) PreRotationChallenge ¶
func (t *TokenRotator) PreRotationChallenge( ctx context.Context, authorizationCode string, codeVerifier string, ) error
PreRotationChallenge needed to be done before rotating
func (*TokenRotator) RevokeCommonToken ¶
func (t *TokenRotator) RevokeCommonToken( ctx context.Context, tokenType CommonTokenType, token string, autID uuid.UUID, ) error
func (*TokenRotator) RevokeCommonTokensForAuthorization ¶
func (*TokenRotator) RotateCommonToken ¶
func (t *TokenRotator) RotateCommonToken( ctx context.Context, tokenType CommonTokenType, token string, clientID string, ) error
type TokenVerifier ¶
type TokenVerifier struct {
// contains filtered or unexported fields
}
func NewTokenVerifier ¶
func NewTokenVerifier(log *zap.Logger, issuer *TokenIssuer, loader Fetcher, authService *authorization.Service) *TokenVerifier
func (*TokenVerifier) ParseAndValidateAccessToken ¶
func (t *TokenVerifier) ParseAndValidateAccessToken(accessToken string) (jwt.Token, error)
ParseAndValidateAccessToken parses and validates the jwt token against the supplied claims, does not check the database by itself for any revocations
func (*TokenVerifier) ValidateAccessTokenDetails ¶
func (t *TokenVerifier) ValidateAccessTokenDetails( ctx context.Context, accessToken string, ) (*CommonToken, error)
ValidateAccessTokenDetails validates an access token and all underlying entities from the data store returns a common token wrapper if the token is still usable otherwise it will return a error
func (*TokenVerifier) ValidateRefreshTokenDetails ¶
func (t *TokenVerifier) ValidateRefreshTokenDetails( ctx context.Context, refreshToken string, ) (*CommonToken, error)
ValidateRefreshTokenDetails validates an refresh against all stored entities returns a common token wrapper if the token is still usable
Source Files
Click to show internal directories.
Click to hide internal directories.