auth

package
v0.3.6-dev11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 22, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AudienceAPI     = "m8api"
	AudienceK8sAuth = "k8sauth"
)
View Source
const (
	HeaderAuthId              = "x-auth-id"
	HeaderAuthName            = "x-auth-name"
	HeaderAuthEmail           = "x-auth-email"
	HeaderAuthNotBefore       = "x-auth-not-before"
	HeaderAuthNotBeforeFormat = time.RFC3339
	HeaderForwardedClientCert = "x-forwarded-client-cert"
	HeaderAuthorization       = "authorization"
)
View Source
const (
	ClusterBootstrapTokenValidity = 10 * time.Minute
)

Variables

This section is empty.

Functions

func NewApiToken added in v0.3.0

func NewApiToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration, scopes []gateway.AuthorizationScope) *jwt.AuthToken

func NewAuthToken added in v0.3.0

func NewAuthToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration) *jwt.AuthToken

func NewClusterBootstrapToken added in v0.3.0

func NewClusterBootstrapToken(claims *jwt.StandardClaims, issuer, userId string) *jwt.AuthToken

func NewKubernetesAuthToken added in v0.3.0

func NewKubernetesAuthToken(claims *jwt.StandardClaims, clusterClaim *jwt.ClusterClaim, issuer, userId string, validity time.Duration) *jwt.AuthToken

Types

type Client added in v0.3.0

type Client struct {
	// contains filtered or unexported fields
}

Implements an OIDC client which authenticates to an upstream IDP

func NewClient added in v0.3.0

func NewClient(config *ClientConfig) *Client

func (*Client) Exchange added in v0.3.0

func (n *Client) Exchange(ctx context.Context, code, state string) (*jwt.StandardClaims, error)

Exchange exchanges the auth code with a token of the upstream IDP and verifies the claims

func (*Client) GetAuthCodeURL added in v0.3.0

func (n *Client) GetAuthCodeURL(redirectUrl string) (string, string, error)

AuthCodeURL returns a URL to OAuth 2.0 provider's consent page that asks for permissions for the required scopes explicitly.

func (*Client) SetupOIDC added in v0.3.0

func (n *Client) SetupOIDC(ctx context.Context) error

type ClientConfig added in v0.3.0

type ClientConfig struct {
	IdentityProvider string // URL of the upstream identity provider
	Scopes           []string
	OfflineAsScope   bool
	Nonce            string
	ClientId         string
	ClientSecret     string
	RedirectURIs     []string
}

type Server added in v0.3.0

type Server struct {
	// contains filtered or unexported fields
}

Server implements a very basic OIDC server which issues and validates tokens

func NewServer added in v0.3.0

func NewServer(config *ServerConfig, signer jwt.JWTSigner, verifier jwt.JWTVerifier) *Server

NewServer creates a new OIDC server

func (*Server) Authorize added in v0.3.0

func (n *Server) Authorize(ctx context.Context, token string, claims interface{}) error

Authorize parses the raw JWT, verifies the content against the public key of the verifier and parses the claims

func (*Server) IssueToken added in v0.3.0

func (n *Server) IssueToken(ctx context.Context, upstreamClaims *jwt.StandardClaims, userId string) (string, *jwt.AuthToken, error)

IssueToken wraps the upstream claims in a JWT signed by Monoskope

func (*Server) Keys added in v0.3.0

func (n *Server) Keys() *jose.JSONWebKeySet

type ServerConfig added in v0.3.0

type ServerConfig struct {
	URL           string
	TokenValidity time.Duration
}

type State

type State struct {
	Callback string `form:"callback" json:"callback,omitempty"`
}

func DecodeState

func DecodeState(encoded string) (*State, error)

func (*State) Encode

func (state *State) Encode() (string, error)

func (*State) IsValid

func (state *State) IsValid() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL