auth

package

v0.0.0-...-284234c Latest Latest Go to latest Published: Feb 17, 2016 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jelmersnoeck/go-platform

Links

Open Source Insights

README ¶

Auth - Authentication and Authorisation interface

Provides a high level pluggable abstraction for authentication.

Interface

Simplify authentication with an interface that just returns true or false based on the current RPC context or session id. Optionally returns the session information for further examination.

Granular role based authorisation and control is needed at large scale for access management. Goes beyond just, does this person have an authenticated session. Should they be allowed to access the given resource.

Management of auth/roles should be offloaded to a service to minimise code changes in each individual service. Should ideally be embedded as middleware in requests handlers and initialised when registering a handler.

// Auth handles client side validation of authentication
// The client does not actually handle authentication itself.
// This could be an oauth2 provider, openid, basic auth, etc.
type Auth interface {
	// Determine if a request with context is authorised
	// Should extract token from the context, check with
	// the authorizer and return an err if not authed.
	// Can be used for both client and server
	Authorized(ctx context.Context, req Request) (*Token, error)
	// Retrieve a token for this client, should handle refreshing
	Token() (*Token, error)
	// Lookup a token
	Introspect(ctx context.Context) (*Token, error)
	// Revoke a token
	Revoke(t *Token) error
	// Will retrieve token from the context
	FromContext(ctx context.Context) (*Token, bool)
	// Creates a context with the token which can be
	NewContext(ctx context.Context, t *Token) context.Context
	// Retrieves token from headers
	// We may get back a partial token here
	FromHeader(map[string]string) (*Token, bool)
	// Adds token to headers
	NewHeader(map[string]string, *Token) map[string]string
	// We cache policies locally from the auth server
	Start() error
	Stop() error
}

## Supported Backends

Auth service (Oauth2)

Documentation ¶

Index ¶

Variables
func ClientWrapper(a Auth) client.Wrapper
func HandlerWrapper(a Auth) server.HandlerWrapper
func NewContext(ctx context.Context, c Auth) context.Context
type Auth
- func FromContext(ctx context.Context) (Auth, bool)
- func NewAuth(opts ...Option) Auth
type Option
type Options
type Request
type Token

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidToken = errors.New("invalid token")
)

Functions ¶

func ClientWrapper ¶

func ClientWrapper(a Auth) client.Wrapper

func HandlerWrapper ¶

func HandlerWrapper(a Auth) server.HandlerWrapper

func NewContext ¶

func NewContext(ctx context.Context, c Auth) context.Context

Types ¶

type Auth ¶

type Auth interface {
	// Determine if a request with context is authorised
	// Should extract token from the context, check with
	// the authorizer and return an err if not authed.
	// Can be used for both client and server
	Authorized(ctx context.Context, req Request) (*Token, error)
	// Retrieve a token for this client, should handle refreshing
	Token() (*Token, error)
	// Lookup a token
	Introspect(ctx context.Context) (*Token, error)
	// Revoke a token
	Revoke(t *Token) error
	// Will retrieve token from the context
	FromContext(ctx context.Context) (*Token, bool)
	// Creates a context with the token which can be
	NewContext(ctx context.Context, t *Token) context.Context
	// Retrieves token from headers
	// We may get back a partial token here
	FromHeader(map[string]string) (*Token, bool)
	// Adds token to headers
	NewHeader(map[string]string, *Token) map[string]string
	// We cache policies locally from the auth server
	Start() error
	Stop() error
	// Name
	String() string
}

Auth handles client side validation of authentication The client does not actually handle authentication itself. This could be an oauth2 provider, openid, basic auth, etc.

func FromContext ¶

func FromContext(ctx context.Context) (Auth, bool)

func NewAuth ¶

func NewAuth(opts ...Option) Auth

type Option ¶

type Option func(*Options)

func Client ¶

func Client(c client.Client) Option

func Id ¶

func Id(id string) Option

func Secret ¶

func Secret(s string) Option

type Options ¶

type Options struct {
	Id     string
	Secret string
	Client client.Client
	// Used for alternative options
	Context context.Context
}

type Request ¶

type Request interface {
	Service() string
	Method() string
}

Could be client or server request

type Token ¶

type Token struct {
	AccessToken  string
	RefreshToken string
	TokenType    string
	ExpiresAt    time.Time
	Scopes       []string
	Metadata     map[string]string
}

Basically identical to oauth token

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
proto Package go_micro_platform_auth is a generated protocol buffer package.	Package go_micro_platform_auth is a generated protocol buffer package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL