Documentation
¶
Index ¶
- Variables
- func Auth(accessCheckFunction AccessCheckFunction, endpoints KeycloakConfig) gin.HandlerFunc
- func AuthCheck() func(tc *TokenContainer, ctx *gin.Context) bool
- func GroupCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool
- func RealmCheck(allowedRoles []string) func(tc *TokenContainer, ctx *gin.Context) bool
- func RequestLogger(keys []string, contentKey string) gin.HandlerFunc
- func UidCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool
- type AccessCheckFunction
- type AccessTuple
- type BuilderConfig
- type Certs
- type ClaimMapperFunc
- type KeyCloakToken
- type KeyEntry
- type KeycloakConfig
- type RestrictedAccessBuilder
- type ServiceRole
- type TokenContainer
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrorNoContext = errors.New("no token in context") ErrorInvalidToken = errors.New("invalid Token") ErrorForbidden = errors.New("access to the Resource is forbidden") ErrorTimeout = errors.New("authorization check overtime") )
View Source
var VarianceTimer = 30000 * time.Millisecond
VarianceTimer controls the max runtime of Auth() and AuthChain() middleware
Functions ¶
func Auth ¶
func Auth(accessCheckFunction AccessCheckFunction, endpoints KeycloakConfig) gin.HandlerFunc
func GroupCheck ¶
func GroupCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool
func RealmCheck ¶
func RealmCheck(allowedRoles []string) func(tc *TokenContainer, ctx *gin.Context) bool
func RequestLogger ¶
func RequestLogger(keys []string, contentKey string) gin.HandlerFunc
func UidCheck ¶
func UidCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool
Types ¶
type AccessCheckFunction ¶
type AccessCheckFunction func(tc *TokenContainer, ctx *gin.Context) bool
type AccessTuple ¶
type BuilderConfig ¶
type ClaimMapperFunc ¶
type ClaimMapperFunc func(jsonWebToken *jwt.JSONWebToken, keyCloakToken *KeyCloakToken) error
type KeyCloakToken ¶
type KeyCloakToken struct {
Jti string `json:"jti,omitempty"`
Exp int64 `json:"exp"`
Nbf int64 `json:"nbf"`
Iat int64 `json:"iat"`
Iss string `json:"iss"`
Sub string `json:"sub"`
Typ string `json:"typ"`
Azp string `json:"azp,omitempty"`
Nonce string `json:"nonce,omitempty"`
AuthTime int64 `json:"auth_time,omitempty"`
SessionState string `json:"session_state,omitempty"`
Acr string `json:"acr,omitempty"`
ClientSession string `json:"client_session,omitempty"`
AllowedOrigins []string `json:"allowed-origins,omitempty"`
ResourceAccess map[string]ServiceRole `json:"resource_access,omitempty"`
Name string `json:"name"`
PreferredUsername string `json:"preferred_username"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
Email string `json:"email,omitempty"`
RealmAccess ServiceRole `json:"realm_access,omitempty"`
CustomClaims interface{} `json:"custom_claims,omitempty"`
}
type KeycloakConfig ¶
type KeycloakConfig struct {
Url string
Realm string
FullCertsPath *string
CustomClaimsMapper ClaimMapperFunc
}
type RestrictedAccessBuilder ¶
type RestrictedAccessBuilder interface {
RestrictButForRole(role string) RestrictedAccessBuilder
RestrictButForUid(uid string) RestrictedAccessBuilder
RestrictButForRealm(realmName string) RestrictedAccessBuilder
Build() gin.HandlerFunc
}
func NewAccessBuilder ¶
func NewAccessBuilder(config BuilderConfig) RestrictedAccessBuilder
type ServiceRole ¶
type ServiceRole struct {
Roles []string `json:"roles"`
}
type TokenContainer ¶
type TokenContainer struct {
Token *oauth2.Token
KeyCloakToken *KeyCloakToken
}
TokenContainer stores all relevant token information
func GetTokenContainer ¶
func GetTokenContainer(token *oauth2.Token, config KeycloakConfig) (*TokenContainer, error)
func (*TokenContainer) Valid ¶
func (t *TokenContainer) Valid() bool
Source Files
Click to show internal directories.
Click to hide internal directories.