auth

package

v0.3.6-dev38 Latest Latest Go to latest Published: Apr 12, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/finleap-connect/monoskope

Documentation ¶

Index ¶

Constants
func NewApiToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration, ...) *jwt.AuthToken
func NewAuthToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration) *jwt.AuthToken
func NewClusterBootstrapToken(claims *jwt.StandardClaims, issuer, userId string) *jwt.AuthToken
func NewKubernetesAuthToken(claims *jwt.StandardClaims, clusterClaim *jwt.ClusterClaim, ...) *jwt.AuthToken
type Client
- func NewClient(config *ClientConfig) *Client
type ClientConfig
type Server
- func NewServer(config *ServerConfig, signer jwt.JWTSigner, verifier jwt.JWTVerifier) *Server
type ServerConfig
type State
- func DecodeState(encoded string) (*State, error)
- func (state *State) Encode() (string, error)
- func (state *State) IsValid() bool

Constants ¶

View Source

const (
	AudienceAPI     = "m8api"
	AudienceK8sAuth = "k8sauth"
)

View Source

const (
	HeaderAuthId              = "x-auth-id"
	HeaderAuthName            = "x-auth-name"
	HeaderAuthEmail           = "x-auth-email"
	HeaderAuthNotBefore       = "x-auth-not-before"
	HeaderAuthNotBeforeFormat = time.RFC3339
	HeaderForwardedClientCert = "x-forwarded-client-cert"
	HeaderAuthorization       = "authorization"
)

View Source

const (
	ClusterBootstrapTokenValidity = 10 * time.Minute
)

Variables ¶

This section is empty.

Functions ¶

func NewApiToken ¶ added in v0.3.0

func NewApiToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration, scopes []gateway.AuthorizationScope) *jwt.AuthToken

func NewAuthToken ¶ added in v0.3.0

func NewAuthToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration) *jwt.AuthToken

func NewClusterBootstrapToken ¶ added in v0.3.0

func NewClusterBootstrapToken(claims *jwt.StandardClaims, issuer, userId string) *jwt.AuthToken

func NewKubernetesAuthToken ¶ added in v0.3.0

func NewKubernetesAuthToken(claims *jwt.StandardClaims, clusterClaim *jwt.ClusterClaim, issuer, userId string, validity time.Duration) *jwt.AuthToken

Types ¶

type Client ¶ added in v0.3.0

type Client struct {
	// contains filtered or unexported fields
}

Implements an OIDC client which authenticates to an upstream IDP

func NewClient ¶ added in v0.3.0

func NewClient(config *ClientConfig) *Client

func (*Client) Exchange ¶ added in v0.3.0

func (n *Client) Exchange(ctx context.Context, code, state string) (*jwt.StandardClaims, error)

Exchange exchanges the auth code with a token of the upstream IDP and verifies the claims

func (*Client) GetAuthCodeURL ¶ added in v0.3.0

func (n *Client) GetAuthCodeURL(redirectUrl string) (string, string, error)

AuthCodeURL returns a URL to OAuth 2.0 provider's consent page that asks for permissions for the required scopes explicitly.

func (*Client) SetupOIDC ¶ added in v0.3.0

func (n *Client) SetupOIDC(ctx context.Context) error

type ClientConfig ¶ added in v0.3.0

type ClientConfig struct {
	IdentityProvider string // URL of the upstream identity provider
	Scopes           []string
	OfflineAsScope   bool
	Nonce            string
	ClientId         string
	ClientSecret     string
	RedirectURIs     []string
}

type Server ¶ added in v0.3.0

type Server struct {
	// contains filtered or unexported fields
}

Server implements a very basic OIDC server which issues and validates tokens

func NewServer ¶ added in v0.3.0

func NewServer(config *ServerConfig, signer jwt.JWTSigner, verifier jwt.JWTVerifier) *Server

NewServer creates a new OIDC server

func (*Server) Authorize ¶ added in v0.3.0

func (n *Server) Authorize(ctx context.Context, token string, claims interface{}) error

Authorize parses the raw JWT, verifies the content against the public key of the verifier and parses the claims

func (*Server) IssueToken ¶ added in v0.3.0

func (n *Server) IssueToken(ctx context.Context, upstreamClaims *jwt.StandardClaims, userId string) (string, *jwt.AuthToken, error)

IssueToken wraps the upstream claims in a JWT signed by Monoskope

func (*Server) Keys ¶ added in v0.3.0

func (n *Server) Keys() *jose.JSONWebKeySet

type ServerConfig ¶ added in v0.3.0

type ServerConfig struct {
	URL           string
	TokenValidity time.Duration
}

type State ¶

type State struct {
	Callback string `form:"callback" json:"callback,omitempty"`
}

func DecodeState ¶

func DecodeState(encoded string) (*State, error)

func (*State) Encode ¶

func (state *State) Encode() (string, error)

func (*State) IsValid ¶

func (state *State) IsValid() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL