Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateJWTLogin(secret []byte, userID string, issuedAt, expiresAt time.Time) (string, error)
- func GetOperator(ctx context.Context) (*models.User, error)
- func Middleware(swagger *openapi3.T, authenticator Authenticator, ...) func(next http.Handler) http.Handler
- func NewSectetStore(authConfig *config.AuthConfig) (crypt.SecretStore, error)
- func NewSessionStore(secretStrore crypt.SecretStore) sessions.Store
- func VerifyToken(secret []byte, tokenString string) (jwt.Claims, error)
- func WithOperator(ctx context.Context, user *models.User) context.Context
- type Authenticator
- type CookieAuthConfig
- type Register
Constants ¶
const ( TokenSessionKeyName = "token" InternalAuthSessionName = "internal_auth_session" IDTokenClaimsSessionKey = "id_token_claims" )
const (
ExpirationDuration = time.Hour
)
const (
LoginAudience = "login"
)
Variables ¶
var ( ErrFailedToAccessStorage = errors.New("failed to access storage") ErrAuthenticatingRequest = errors.New("error authenticating request") ErrInvalidAPIEndpoint = errors.New("invalid API endpoint") ErrRequestSizeExceeded = errors.New("request size exceeded") ErrStorageNamespaceInUse = errors.New("storage namespace already in use") )
var ( ErrInvalidToken = errors.New("invalid token") ErrInvalidNameEmail = errors.New("invalid name or email") ErrExtractClaims = errors.New("failed to extract claims from JWT token") )
var (
ErrUnexpectedSigningMethod = errors.New("unexpected signing method")
)
var ErrUserNotFound = fmt.Errorf("UserNotFound")
Functions ¶
func GenerateJWTLogin ¶
GenerateJWTLogin creates a jwt token which can be used for authentication during login only, i.e. it will not work for password reset. It supports backward compatibility for creating a login jwt. The audience is not set for login token. Any audience will make the token invalid for login. No email is passed to support the ability of login for users via user/access keys which don't have an email yet
func Middleware ¶
func NewSectetStore ¶
func NewSectetStore(authConfig *config.AuthConfig) (crypt.SecretStore, error)
func NewSessionStore ¶
func NewSessionStore(secretStrore crypt.SecretStore) sessions.Store
func VerifyToken ¶
VerifyToken verifies the authenticity of a token using a secret key.
It takes in the following parameters: - secret []byte: the secret key used to sign the token - tokenString string: the token string to be verified
It returns the following: - jwt.Claims: the claims extracted from the token - error: any error encountered during token verification
Types ¶
type Authenticator ¶
type Authenticator interface { // AuthenticateUser authenticates a user matching username and // password and returns their ID. AuthenticateUser(ctx context.Context, ak, sk string) (string, error) }
Authenticator authenticates users returning an identifier for the user. (Currently it handles only username+password single-step authentication. This interface will need to change significantly in order to support challenge-response protocols.)