Documentation ¶
Index ¶
- Variables
- func DownloadKeyset(ctx context.Context, jwksUrl string) (*jwt.KeySet, error)
- func ParseBasicAuthorizationHeader(authHeader string) (string, string, error)
- func ParseBearerAuthorizationHeader(authHeader string) (string, error)
- func SuppressReferrer(next http.Handler) http.Handler
- type FTClaims
- type Middleware
Constants ¶
This section is empty.
Variables ¶
var ( // ErrEmptyHeader represents an empty header. ErrEmptyHeader = errors.New("empty header") // ErrIncorrectHeaderFormat means the formatting of the header was incorrect. ErrIncorrectHeaderFormat = errors.New("incorrect header format") // ErrInvalidToken means an invalid character was present in the auth token. // Only base64 digits are allowed. ErrInvalidToken = errors.New("invalid token") // ErrMissingParameter means that a required parameter is missing from the request. ErrMissingParameter = errors.New("missing parameter") )
var ( ErrEmptyAuthHeader = errors.New("empty auth header") ErrEmptyDPoPHeader = errors.New("empty DPoP header") ErrInvalidPayload = errors.New("invalid payload") ErrExpiredToken = errors.New("expired token") )
Middleware errors
var ( ErrMissingClaims = errors.New("missing ftauth claims") ErrInvalidClaims = errors.New("invalid ftauth claims") )
Errors
var (
JwtContextKey jwtKey = "jwt"
)
Context key
var ( // ValidTokenRegex matches only valid token characters (i.e. base64 characters). ValidTokenRegex = regexp.MustCompile(`^[a-zA-Z0-9-._~+/]+=*$`) )
Functions ¶
func DownloadKeyset ¶
DownloadKeyset retrieves and deserializes the JWKS at the given URL.
func ParseBasicAuthorizationHeader ¶
ParseBasicAuthorizationHeader returns the client ID and secret sent via the HTTP Basic Authorization header, as defined in RFC 2617. An error is returned if the header could not be parsed or if either component is missing.
We do not support client authentication via POST body. See RFC 6749 2.3.1
func ParseBearerAuthorizationHeader ¶
ParseBearerAuthorizationHeader parses the Authorization header field and returns the authorization token, if present and valid.
The Authorization header should be in the form (RFC6750 2.1) b64token = 1*( ALPHA / DIGIT /
"-" / "." / "_" / "~" / "+" / "/" ) *"="
credentials = "Bearer" 1*SP b64token
func SuppressReferrer ¶
SuppressReferrer follows best practices to avoid leaking the authorization code or state parameter via the Referrer header being maliciously targetted.
See Section 4.2.4: https://tools.ietf.org/html/draft-ietf-oauth-security-topics-16
Types ¶
type FTClaims ¶
type FTClaims struct { UserID string `mapstructure:"user_id"` ClientID string `mapstructure:"client_id"` }
FTClaims hold user and client IDs in JWT tokens issued by the FTAuth server.
func ParseClaims ¶
ParseClaims extracts FTClaims from a JWT token, if present. It performs no verification or validation.
type Middleware ¶
type Middleware struct {
// contains filtered or unexported fields
}
Middleware provides methods for creating HTTP middleware.
func NewMiddleware ¶
func NewMiddleware(keySet *jwt.KeySet) (*Middleware, error)
NewMiddleware creates a middleware factory for FTAuth verification operations.
func (*Middleware) BearerAuthenticated ¶
func (m *Middleware) BearerAuthenticated(next http.Handler) http.Handler
BearerAuthenticated protects endpoints based off a user's Bearer auth token.
func (*Middleware) BearerAuthenticatedWithClientAndScope ¶
func (m *Middleware) BearerAuthenticatedWithClientAndScope(clientID, scope string) func(http.Handler) http.Handler
BearerAuthenticatedWithScope protects endpoints based off a user's Bearer auth token and the assigned client ID and scope on the bearer token.
func (*Middleware) BearerAuthenticatedWithScope ¶
BearerAuthenticatedWithScope protects endpoints based off a user's Bearer auth token and the assigned scopes on the bearer token.