Documentation ¶
Overview ¶
Package tlsclient with a TLS client helper supporting certificate, JWT or Basic authentication
Index ¶
- Constants
- func ConnectTLS(serverURL string, clientCert *tls.Certificate, caCert *x509.Certificate) (*tls.Conn, error)
- type JwtAuthLogin
- type JwtAuthResponse
- type TLSClient
- func (cl *TLSClient) Certificate() *tls.Certificate
- func (cl *TLSClient) Close()
- func (cl *TLSClient) ConnectNoAuth()
- func (cl *TLSClient) ConnectWithBasicAuth(userID string, passwd string)
- func (cl *TLSClient) ConnectWithClientCert(clientCert *tls.Certificate) (err error)
- func (cl *TLSClient) ConnectWithJWTLogin(loginID string, secret string, authLoginURL string) (accessToken string, err error)
- func (cl *TLSClient) ConnectWithJwtAccessToken(loginID string, accessToken string)
- func (cl *TLSClient) Delete(path string, msg interface{}) ([]byte, error)
- func (cl *TLSClient) Get(path string) ([]byte, error)
- func (cl *TLSClient) Invoke(method string, url string, msg interface{}) ([]byte, error)
- func (cl *TLSClient) Patch(path string, msg interface{}) ([]byte, error)
- func (cl *TLSClient) Post(path string, msg interface{}) ([]byte, error)
- func (cl *TLSClient) Put(path string, msg interface{}) ([]byte, error)
- func (cl *TLSClient) RefreshJWTTokens(refreshURL string) (refreshTokens *JwtAuthResponse, err error)
Constants ¶
const ( AuthMethodBasic = "basic" // basic auth for backwards compatibility when connecting AuthMethodDigest = "digest" // digest auth for backwards compatibility when connecting AuthMethodNone = "" // disable authentication, for testing AuthMethodJwt = "jwt" // JSON web token for use with WoST server (default) )
Authentication methods for use with ConnectWithLoginID Use AuthMethodDefault unless there is a good reason not to
const ( // ParamOffset offset in case of multiple requests ParamOffset = "offset" // ParamLimit contains maximum number of results ParamLimit = "limit" // ParamQuery contains a query ParamQuery = "queryparams" // ParamUpdatedSince contains a ISO8601 datetime ParamUpdatedSince = "updatedSince" // ParamThings contains a list of Thing IDs to query for ParamThings = "things" )
standardized query parameter names for querying servers
const ( // DefaultJWTLoginPath for obtaining access & refresh tokens DefaultJWTLoginPath = "/authn/login" // DefaultJWTRefreshPath for refreshing tokens with the auth service DefaultJWTRefreshPath = "/authn/refresh" // DefaultJWTConfigPath for storing client configuration on the auth service DefaultJWTConfigPath = "/authn/config" )
The default paths for user authentication and configuration
Variables ¶
This section is empty.
Functions ¶
func ConnectTLS ¶
func ConnectTLS(serverURL string, clientCert *tls.Certificate, caCert *x509.Certificate) ( *tls.Conn, error)
ConnectTLS creates a TLS connection to a server, optionally using a client certificate.
serverURL full URL: tcp://host:8883, wss://host:9001 clientCert to login with. Nil to not use client certs caCert of the server to connect to (recommended). Nil to not verify the server connection.
Types ¶
type JwtAuthLogin ¶
type JwtAuthLogin struct { LoginID string `json:"login"` // typically the email Password string `json:"password"` RememberMe bool `json:"rememberMe"` // store refresh token in cookie }
JwtAuthLogin defines the login request message to sent when using JWT authentication
type JwtAuthResponse ¶
type JwtAuthResponse struct { AccessToken string `json:"accessToken"` RefreshToken string `json:"refreshToken"` RefreshURL string `json:"refreshURL"` }
JwtAuthResponse defines the login or refresh response
type TLSClient ¶
type TLSClient struct {
// contains filtered or unexported fields
}
TLSClient is a simple TLS Client with authentication using certificates or JWT authentication with login/pw
func NewTLSClient ¶
func NewTLSClient(hostPort string, caCert *x509.Certificate) *TLSClient
NewTLSClient creates a new TLS Client instance. Use connect/Close to open and close connections
hostPort is the server hostname or IP address and port to connect to caCert with the x509 CA certificate, nil if not available
returns TLS client for submitting requests
func (*TLSClient) Certificate ¶
func (cl *TLSClient) Certificate() *tls.Certificate
Certificate returns the client auth certificate or nil if none is used
func (*TLSClient) ConnectNoAuth ¶
func (cl *TLSClient) ConnectNoAuth()
ConnectNoAuth creates a connection with the server without client authentication Only requests that do not require authentication will succeed
func (*TLSClient) ConnectWithBasicAuth ¶
ConnectWithBasicAuth creates a server connection using the configured authentication Intended to connect to services that do not support JWT authentication
func (*TLSClient) ConnectWithClientCert ¶
func (cl *TLSClient) ConnectWithClientCert(clientCert *tls.Certificate) (err error)
ConnectWithClientCert creates a connection with the server using a client certificate for mutual authentication. The provided certificate must be signed by the server's CA.
clientCert client tls certificate containing x509 cert and private key
Returns nil if successful, or an error if connection failed
func (*TLSClient) ConnectWithJWTLogin ¶
func (cl *TLSClient) ConnectWithJWTLogin(loginID string, secret string, authLoginURL string) (accessToken string, err error)
ConnectWithJWTLogin requests JWT tokens using loginID/password If a CA certificate is not available then insecure-skip-verify is used to allow connection to an unverified server (leap of faith).
This uses JWT authentication using the POST /login path with a Json encoded JwtAuthLogin message as body.
The server returns a JwtAuthResponse message with an access/refresh token pair and a refresh URL. The access token is used as bearer token in the Authentication header for followup requests.
loginID username or application ID to identify as. secret to authenticate with. authLoginURL optional full address of the authentication server login, "" to authenticate using the application server /login
Returns nil if successful or an error if setting up of authentication failed.
func (*TLSClient) ConnectWithJwtAccessToken ¶
ConnectWithJwtAccessToken Sets login ID and secret for JWT authentication using an access token obtained elsewhere. This uses the provided access token as bearer token in the authorization header
func (*TLSClient) Delete ¶
Delete sends a delete message with json payload
path to invoke msg message object to include. This will be marshalled to json
func (*TLSClient) Invoke ¶
Invoke a HTTPS method and read response If Basic or JWT authentication is enabled then add the auth info to the headers
method: GET, PUT, POST, ... url: full URL to invoke msg message object to include. Non strings will be marshalled to json
func (*TLSClient) Patch ¶
Patch sends a patch message with json payload
path to invoke msg message object to include. Non strings will be marshalled to json
func (*TLSClient) Post ¶
Post a message with json payload
path to invoke msg message object to include. Non strings will be marshalled to json
func (*TLSClient) Put ¶
Put a message with json payload
path to invoke msg message object to include. Non strings will be marshalled to json
func (*TLSClient) RefreshJWTTokens ¶
func (cl *TLSClient) RefreshJWTTokens(refreshURL string) (refreshTokens *JwtAuthResponse, err error)
RefreshJWTTokens refreshes the JWT access and bearer token
refreshURL to use. "" for using the application server and default refresh path
This returns a struct with new access and refresh token