Documentation ¶
Index ¶
- Constants
- func LoadPrivateKey(data []byte) (*jose.JSONWebKey, error)
- func LoadPublicKey(data []byte) (*jose.JSONWebKey, error)
- type AuthToken
- func NewAuthToken(claims *StandardClaims, issuer, userId string, validity time.Duration) *AuthToken
- func NewClusterBootstrapToken(claims *StandardClaims, issuer, userId string) *AuthToken
- func NewKubernetesAuthToken(claims *StandardClaims, clusterClaim *ClusterClaim, issuer, userId string, ...) *AuthToken
- type ClusterClaim
- type JWTSigner
- type JWTVerifier
- type StandardClaims
- type TestEnv
Constants ¶
View Source
const ( AudienceMonoctl = "monoctl" AudienceK8sAuth = "k8sauth" AudienceM8Operator = "m8operator" ClusterBootstrapTokenValidity = 10 * time.Minute )
View Source
const (
SignatureAlgorithm = jose.RS256
)
Variables ¶
This section is empty.
Functions ¶
func LoadPrivateKey ¶
LoadPrivateKey loads a private key from PEM/DER/JWK-encoded data.
func LoadPublicKey ¶
LoadPublicKey loads a public key from PEM/DER/JWK-encoded data.
Types ¶
type AuthToken ¶
type AuthToken struct { *jwt.Claims *StandardClaims *ClusterClaim }
func NewAuthToken ¶
func NewAuthToken(claims *StandardClaims, issuer, userId string, validity time.Duration) *AuthToken
func NewClusterBootstrapToken ¶
func NewClusterBootstrapToken(claims *StandardClaims, issuer, userId string) *AuthToken
func NewKubernetesAuthToken ¶
func NewKubernetesAuthToken(claims *StandardClaims, clusterClaim *ClusterClaim, issuer, userId string, validity time.Duration) *AuthToken
type ClusterClaim ¶
type ClusterClaim struct { ClusterId string `json:"cluster_id,omitempty"` // Id of the cluster. ClusterName string `json:"cluster_name,omitempty"` // Name of the cluster. ClusterUserName string `json:"cluster_username,omitempty"` // Name of the user in the cluster. ClusterRole string `json:"cluster_role,omitempty"` // Role the user has in the cluster. }
type JWTSigner ¶
type JWTSigner interface { // GenerateSignedToken generates a signed JWT containing the given claims GenerateSignedToken(interface{}) (string, error) }
JWTSigner is an interface for JWT signers
type JWTVerifier ¶
type JWTVerifier interface { Verify(string, interface{}) error JWKS() *jose.JSONWebKeySet KeyExpiration() time.Duration Close() error }
JWTVerifier verifies a JWT and parses claims
func NewVerifier ¶
func NewVerifier(publicKeyFilename string, keyExpiration time.Duration) (JWTVerifier, error)
NewVerifier creates a new verifier for raw JWT
type StandardClaims ¶
type StandardClaims struct { Name string `json:"name,omitempty"` // User’s display name. Email string `json:"email,omitempty"` // The email of the user. EmailVerified bool `json:"email_verified,omitempty"` // If the upstream provider has verified the email. Groups []string `json:"groups,omitempty"` // A list of strings representing the groups a user is a member of. FederatedClaims map[string]string `json:"federated_claims,omitempty"` }
type TestEnv ¶
func (*TestEnv) CreateSigner ¶
func (*TestEnv) CreateVerifier ¶
func (env *TestEnv) CreateVerifier(keyExpiration time.Duration) (JWTVerifier, error)
func (*TestEnv) RotateCertificate ¶
Click to show internal directories.
Click to hide internal directories.