Documentation ¶
Index ¶
- Constants
- Variables
- func GetAccountID(ctx context.Context, keyfunc jwt.Keyfunc) (string, error)
- func GetJWTField(ctx context.Context, field string, keyfunc jwt.Keyfunc) (string, error)
- func WithCallback(attr attributer) option
- func WithJWT(keyfunc jwt.Keyfunc) option
- func WithRequest() option
- type Authorizer
- type Builder
- type Handler
Constants ¶
const ( // TODO: Field is tentatively called "AccountID" but will probably need to be // changed. We don't know what the JWT will look like, so we're giving it our // best guess for the time being. MULTI_TENANCY_FIELD = "AccountID" )
Variables ¶
var ( ErrInternal = grpc.Errorf(codes.Internal, "unable to process request") )
Functions ¶
func GetAccountID ¶ added in v0.2.0
func GetJWTField ¶ added in v0.2.0
func WithCallback ¶
func WithCallback(attr attributer) option
WithCallback allows developers to pass their own attributer to the authorization service. It gives them the flexibility to add customization to the auth process without needing to write a Builder from scratch.
func WithJWT ¶
WithJWT allows for token-based authorization using JWT. When WithJWT has been added as a build parameter, every field in the token payload will be included in the request to Themis
func WithRequest ¶
func WithRequest() option
WithRequest takes metadata from the incoming request and passes it to Themis in the authorization request. Specifically, this includes the gRPC service name (e.g. AddressBook) and the corresponding function that is called by the client (e.g. ListPersons)
Types ¶
type Authorizer ¶
Authorizer glues together a Builder and a Handler. It is responsible for sending requests and receiving responses to/from Themis
func (Authorizer) AuthFunc ¶
func (a Authorizer) AuthFunc() grpc_auth.AuthFunc
AuthFunc builds the "AuthFunc" using the pep client that comes with Themis
type Builder ¶
type Builder interface {
// contains filtered or unexported methods
}
Builder is responsible for creating requests to Themis. The response from Themis will determine if a request is authorized or unauthorized
func NewBuilder ¶
func NewBuilder(opts ...option) Builder
NewBuilder returns an instance of the default Builder that includes all of of the user-provided options