Documentation ¶
Index ¶
- Constants
- type JwtAuthToken
- type TokenHandler
- func (a *TokenHandler) IssueToken(scopes []string, email string) (string, error)
- func (a *TokenHandler) ParseAuthToken(tokenString string) (*JwtAuthToken, error)
- func (a *TokenHandler) PrivateKeyExists() bool
- func (a *TokenHandler) ValidateAuthorization(r *http.Request, scopes []string) (*JwtAuthToken, int)
Constants ¶
View Source
const ( ScopeBundle string = "bundle" ScopeDecision string = "az" ScopeAdmin string = "root" EnvTknKeyDirectory string = "AUTHZEN_TKN_DIRECTORY" EnvTknPrivateKeyFile string = "AUTHZEN_TKN_PRIVKEYFILE" EnvTknPubKeyFile string = "AUTHZEN_TKN_PUBKEYFILE" // EnvAllowAnon string = "AUTHZEN_TKN_DISABLE" DefTknPrivateKeyFile string = "issuer-priv.pem" DefTknPublicKeyFile string = "issuer-cert.pem" EnvTknEnforceMode string = "AUTHZEN_TKN_MODE" EnvTknIssuer string = "TKN_ISSUER" ModeEnforceAnonymous = "ANON" ModeEnforceBundle = "BUNDLE" ModeEnforceAll = "ALL" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type JwtAuthToken ¶
type JwtAuthToken struct { Scopes []string `json:"roles,omitempty"` Email string `json:"email,omitempty"` jwt.RegisteredClaims }
func (*JwtAuthToken) IsScopeMatch ¶
func (t *JwtAuthToken) IsScopeMatch(scopesAccepted []string) bool
type TokenHandler ¶
type TokenHandler struct { TokenIssuer string PrivateKey *rsa.PrivateKey PublicKey *keyfunc.JWKS KeyDir string PrivateKeyPath string PublicKeyPath string Mode string }
func GenerateIssuerKeys ¶
func GenerateIssuerKeys(name string, keepExisting bool) (*TokenHandler, error)
GenerateIssuerKeys will create a new JWT issuer private and public key set. Set keepExisting to true to enable auto-generation on first execution.
func LoadIssuer ¶
func LoadIssuer(name string) (*TokenHandler, error)
func TokenValidator ¶
func TokenValidator(name string) (*TokenHandler, error)
func (*TokenHandler) IssueToken ¶
func (a *TokenHandler) IssueToken(scopes []string, email string) (string, error)
func (*TokenHandler) ParseAuthToken ¶
func (a *TokenHandler) ParseAuthToken(tokenString string) (*JwtAuthToken, error)
ParseAuthToken parses and validates an authorization token. An *JwtAuthToken is only returned if the token was validated otherwise nil
func (*TokenHandler) PrivateKeyExists ¶
func (a *TokenHandler) PrivateKeyExists() bool
func (*TokenHandler) ValidateAuthorization ¶
func (a *TokenHandler) ValidateAuthorization(r *http.Request, scopes []string) (*JwtAuthToken, int)
ValidateAuthorization evaluates the authorization header and checks to see if the correct scope is asserted. 200 OK means authorized. Forbidden returned if wrong scope, otherwise unauthorized
Click to show internal directories.
Click to hide internal directories.