Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type HexaClaims ¶
type HexaClaims struct {
*jwt.RegisteredClaims
Roles string `json:"roles"`
}
type OpaInfo ¶
type OpaInfo struct {
Req *ReqParams `json:"req"` // Req describes information about the request
Subject *SubjectInfo `json:"subject"` // Subject provides information known about an authenticated subject
}
OpaInfo is the input information structure to be provided to OPA for processing
type OpaInput ¶
type OpaInput struct {
Input OpaInfo `json:"input"`
}
OpaInput used to construct a JSON marshalled "input" structure to be fed to an OPA Query endpoint. This structure builds a standardize set of input parameters for use with Hexa Policy
type ReqParams ¶
type ReqParams struct {
ClientIp string `json:"ip,omitempty"` // ClientIp is the network address of the requestor
Protocol string `json:"protocol,omitempty"` // Protocol is typically HTTP
Host string `json:"host,omitempty"` // Host is the domain used in the request
Method string `json:"method,omitempty"` // Method is typically the HTTP method
Path string `json:"path"` // Path is the request path of the URL
QueryParam map[string][]string `json:"param"` // QueryParam are the parsed query parameters (ie. after ?)
Header map[string][]string `json:"header,omitempty"` // Header includes all the request headers
Time time.Time `json:"time"` // Time of the received request
ActionUris []string `json:"actionUris"` // ActionUris are the Action Uris being requested
ResourceIds []string `json:"resourceIds"` // ResourceIds are the resources the client represents
}
ReqParams provides information about the request made to an application requesting authorization
type SubjectInfo ¶
type SubjectInfo struct {
Roles []string `json:"roles,omitempty"` // Roles are the roles associated with the subject (e.g. asserted in JWT token)
Claims map[string]interface{} `json:"claims,omitempty"` // Claims received about the subject (e.g. from a JWT token or directory)
Expires time.Time `json:"expires,omitempty"` // Expires represents the expiry time of the JWT
Type string `json:"type,omitempty"` // Type is the type of authentication: either anonymous|basic|jwt|...
Sub string `json:"sub,omitempty"` // Sub is the subject. For JWT the 'sub' claim, for other sources just the authenticated username
Issuer string `json:"iss,omitempty"` // Issuer is the issuer of the authentication token
Audience []string `json:"aud,omitempty"` // Audience the aud value ot a JWT
IssuedAt time.Time `json:"iat,omitempty"` // IssuedAt is the time the JWT presented was issued
NotBefore time.Time `json:"nbf,omitempty"` // NotBefore For post-dated JWTs, the time after which a token is valid
}
SubjectInfo describes information known about an authenticated subject
func PrepareSubjectInfo ¶
func PrepareSubjectInfo(r *http.Request) (*SubjectInfo, error)
func (*SubjectInfo) MapJwtClaims ¶
func (info *SubjectInfo) MapJwtClaims(claims HexaClaims, tknType string)
Source Files
Click to show internal directories.
Click to hide internal directories.