tokensupport

package

v0.64.1 Latest Latest Go to latest Published: May 6, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hexa-org/policy-opa

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type JwtAuthToken
- func (t *JwtAuthToken) IsScopeMatch(scopesAccepted []string) bool
type TokenHandler

Constants ¶

View Source

const (
	ScopeBundle          string = "bundle"
	ScopeDecision        string = "az"
	ScopeAdmin           string = "root"
	EnvTknKeyDirectory   string = "AUTHZEN_TKN_DIRECTORY"
	EnvTknPrivateKeyFile string = "AUTHZEN_TKN_PRIVKEYFILE"
	EnvTknPubKeyFile     string = "AUTHZEN_TKN_PUBKEYFILE"
	// EnvAllowAnon         string = "AUTHZEN_TKN_DISABLE"
	DefTknPrivateKeyFile string = "issuer-priv.pem"
	DefTknPublicKeyFile  string = "issuer-cert.pem"
	EnvTknEnforceMode    string = "AUTHZEN_TKN_MODE"
	EnvTknIssuer         string = "TKN_ISSUER"

	ModeEnforceAnonymous = "ANON"
	ModeEnforceBundle    = "BUNDLE"
	ModeEnforceAll       = "ALL"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type JwtAuthToken ¶

type JwtAuthToken struct {
	Scopes []string `json:"roles,omitempty"`
	Email  string   `json:"email,omitempty"`
	jwt.RegisteredClaims
}

func (*JwtAuthToken) IsScopeMatch ¶

func (t *JwtAuthToken) IsScopeMatch(scopesAccepted []string) bool

type TokenHandler ¶

type TokenHandler struct {
	TokenIssuer    string
	PrivateKey     *rsa.PrivateKey
	PublicKey      *keyfunc.JWKS
	KeyDir         string
	PrivateKeyPath string
	PublicKeyPath  string
	Mode           string
}

func GenerateIssuerKeys ¶

func GenerateIssuerKeys(name string, keepExisting bool) (*TokenHandler, error)

GenerateIssuerKeys will create a new JWT issuer private and public key set. Set keepExisting to true to enable auto-generation on first execution.

func LoadIssuer ¶

func LoadIssuer(name string) (*TokenHandler, error)

func TokenValidator ¶

func TokenValidator(name string) (*TokenHandler, error)

func (*TokenHandler) IssueToken ¶

func (a *TokenHandler) IssueToken(scopes []string, email string) (string, error)

func (*TokenHandler) ParseAuthToken ¶

func (a *TokenHandler) ParseAuthToken(tokenString string) (*JwtAuthToken, error)

ParseAuthToken parses and validates an authorization token. An *JwtAuthToken is only returned if the token was validated otherwise nil

func (*TokenHandler) PrivateKeyExists ¶

func (a *TokenHandler) PrivateKeyExists() bool

func (*TokenHandler) ValidateAuthorization ¶

func (a *TokenHandler) ValidateAuthorization(r *http.Request, scopes []string) (*JwtAuthToken, int)

ValidateAuthorization evaluates the authorization header and checks to see if the correct scope is asserted. 200 OK means authorized. Forbidden returned if wrong scope, otherwise unauthorized

Source Files ¶

View all Source files

tokenGenerator.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL