Documentation ¶
Index ¶
- Constants
- func NewApiToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration, ...) *jwt.AuthToken
- func NewAuthToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration) *jwt.AuthToken
- func NewClusterBootstrapToken(claims *jwt.StandardClaims, issuer, userId string) *jwt.AuthToken
- func NewKubernetesAuthToken(claims *jwt.StandardClaims, clusterClaim *jwt.ClusterClaim, ...) *jwt.AuthToken
- type Client
- type ClientConfig
- type Server
- type ServerConfig
- type State
Constants ¶
View Source
const ( AudienceAPI = "m8api" AudienceK8sAuth = "k8sauth" )
View Source
const ( HeaderAuthId = "x-auth-id" HeaderAuthName = "x-auth-name" HeaderAuthEmail = "x-auth-email" HeaderAuthNotBefore = "x-auth-not-before" HeaderAuthNotBeforeFormat = time.RFC3339 HeaderForwardedClientCert = "x-forwarded-client-cert" )
View Source
const (
ClusterBootstrapTokenValidity = 10 * time.Minute
)
Variables ¶
This section is empty.
Functions ¶
func NewApiToken ¶ added in v0.3.0
func NewApiToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration, scopes []gateway.AuthorizationScope) *jwt.AuthToken
func NewAuthToken ¶ added in v0.3.0
func NewClusterBootstrapToken ¶ added in v0.3.0
func NewClusterBootstrapToken(claims *jwt.StandardClaims, issuer, userId string) *jwt.AuthToken
func NewKubernetesAuthToken ¶ added in v0.3.0
func NewKubernetesAuthToken(claims *jwt.StandardClaims, clusterClaim *jwt.ClusterClaim, issuer, userId string, validity time.Duration) *jwt.AuthToken
Types ¶
type Client ¶ added in v0.3.0
type Client struct {
// contains filtered or unexported fields
}
Implements an OIDC client which authenticates to an upstream IDP
func NewClient ¶ added in v0.3.0
func NewClient(config *ClientConfig) *Client
func (*Client) Exchange ¶ added in v0.3.0
Exchange exchanges the auth code with a token of the upstream IDP and verifies the claims
func (*Client) GetAuthCodeURL ¶ added in v0.3.0
AuthCodeURL returns a URL to OAuth 2.0 provider's consent page that asks for permissions for the required scopes explicitly.
type ClientConfig ¶ added in v0.3.0
type Server ¶ added in v0.3.0
type Server struct {
// contains filtered or unexported fields
}
Server implements a very basic OIDC server which issues and validates tokens
func NewServer ¶ added in v0.3.0
func NewServer(config *ServerConfig, signer jwt.JWTSigner, verifier jwt.JWTVerifier) *Server
NewServer creates a new OIDC server
func (*Server) Authorize ¶ added in v0.3.0
Authorize parses the raw JWT, verifies the content against the public key of the verifier and parses the claims
type ServerConfig ¶ added in v0.3.0
Click to show internal directories.
Click to hide internal directories.