authn

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2024 License: LGPL-3.0 Imports: 13 Imported by: 6

Documentation

Index

Constants

View Source 
const (
	DefaultKeychainTTL = 60
)

Variables

View Source 
var ErrInvalidOptions = errors.New("invalid options for SubjectFrom")

ErrInvalidOptions is returned by SubjectFrom if invalid options are used

View Source 
var ErrNoKey = errors.New("No keys found")

Functions

func Configure 

func Configure(config Config) error

Configure initializes the default AuthN client with the given config. This is necessary to use authn.SubjectFrom without keeping a reference to your own AuthN client.

func SubjectFrom 

func SubjectFrom(idToken string) (string, error)

SubjectFrom will use the the client configured by Configure to extract a subject from the given idToken.

Types

type Account added in v1.0.0 

type Account struct {
	ID       int    `json:"id"`
	Username string `json:"username"`
	Locked   bool   `json:"locked"`
	Deleted  bool   `json:"deleted"`
}

Account is an AuthN user account

type Claims added in v1.2.0 

type Claims struct {
	AuthTime  *jwt.NumericDate `json:"auth_time"`
	SessionID string           `json:"sid"`
	jwt.Claims
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client provides JWT verification for ID tokens generated by the AuthN server. In the future it will also implement the server's private APIs (aka admin actions). 

var DefaultClient *Client

DefaultClient can be initialized by Configure and used by SubjectFrom.

func NewClient 

func NewClient(config Config) (*Client, error)

NewClient returns an initialized and configured Client.

func (*Client) ArchiveAccount added in v1.0.0 

func (ac *Client) ArchiveAccount(id string) error

ArchiveAccount archives the account with the associated id

func (*Client) ClaimsFrom added in v1.2.0 

func (ac *Client) ClaimsFrom(idToken string) (*Claims, error)

ClaimsFrom will return all verified claims inside the given idToken if and only if the token is a valid JWT that passes all verification requirements. If the JWT does not verify, the returned error will explain why. This is for debugging purposes.

func (*Client) ClaimsFromWithAudience added in v1.2.0 

func (ac *Client) ClaimsFromWithAudience(idToken string, audience jwt.Audience) (*Claims, error)

ClaimsFromWithAudience works like ClaimsFrom but allows specifying a different JWT audience.

func (*Client) ExpirePassword added in v1.0.0 

func (ac *Client) ExpirePassword(id string) error

ExpirePassword expires the password of the account with the associated id

func (*Client) GetAccount added in v1.0.0 

func (ac *Client) GetAccount(id string) (*Account, error)

GetAccount gets the account with the associated id

func (*Client) ImportAccount added in v1.0.0 

func (ac *Client) ImportAccount(username, password string, locked bool) (int, error)

ImportAccount imports an account with the provided information, returns the imported account id

func (*Client) LockAccount added in v1.0.0 

func (ac *Client) LockAccount(id string) error

LockAccount locks the account with the associated id

func (*Client) ServerStats added in v1.0.0 

func (ac *Client) ServerStats() (*http.Response, error)

ServerStats gets the http response object from calling the server stats endpoint

func (*Client) ServiceStats added in v1.0.0 

func (ac *Client) ServiceStats() (*http.Response, error)

ServiceStats gets the http response object from calling the service stats endpoint

func (*Client) SubjectFrom 

func (ac *Client) SubjectFrom(idToken string) (string, error)

SubjectFrom will return the subject inside the given idToken if and only if the token is a valid JWT that passes all verification requirements. The returned value is the AuthN server's account ID and should be used as a unique foreign key in your users data.

If the JWT does not verify, the returned error will explain why. This is for debugging purposes.

func (*Client) SubjectFromWithAudience added in v1.1.0 

func (ac *Client) SubjectFromWithAudience(idToken string, audience jwt.Audience) (string, error)

SubjectFromWithAudience works like SubjectFrom but allows specifying a different JWT audience.

func (*Client) UnlockAccount added in v1.0.0 

func (ac *Client) UnlockAccount(id string) error

UnlockAccount unlocks the account with the associated id

func (*Client) Update added in v1.0.0 

func (ac *Client) Update(id, username string) error

Update updates the account with the associated id

type Config 

type Config struct {
	Issuer         string //the base url of the service handling authentication
	PrivateBaseURL string //overrides the base url for private endpoints
	Audience       string //the domain (host) of the main application
	Username       string //the http basic auth username for accessing private endpoints of the authn issuer
	Password       string //the http basic auth password for accessing private endpoints of the authn issuer
	KeychainTTL    int    //TTL for a key in keychain in minutes
}

Config is a configuration struct for Client

type ErrorResponse added in v1.1.0 

type ErrorResponse struct {
	StatusCode int          `json:"-"`
	URL        string       `json:"-"`
	Errors     []FieldError `json:"errors"`
}

ErrorResponse is returned together with 4xx and 5xx HTTP status codes and contains a list of error conditions encountered while processing an API request It implements the error interface

func (*ErrorResponse) Error added in v1.1.0 

func (e *ErrorResponse) Error() string

Error implements the error interface

func (*ErrorResponse) Field added in v1.1.0 

func (e *ErrorResponse) Field(field string) (string, bool)

Field returns the error message for field if any

func (*ErrorResponse) HasField added in v1.1.0 

func (e *ErrorResponse) HasField(field string) bool

HasField returns true if field caused an error

type FieldError added in v1.1.0 

type FieldError struct {
	Field   string `json:"field"`
	Message string `json:"message"`
}

FieldError is a returned for each field in an API request that does not match the expectations. Examples are MISSING, TAKEN, INSECURE, ...

func (FieldError) String added in v1.1.0 

func (f FieldError) String() string

String returns a string representation of f and implements fmt.Stringer

type JWKProvider 

type JWKProvider interface {
	Key(kid string) ([]jose.JSONWebKey, error)
}

Provides a JSON Web Key from a Key ID Wanted to use function signature from go-jose.v2 but that would make us lose error information

type JWTClaimsExtractor 

type JWTClaimsExtractor interface {
	GetVerifiedClaims(idToken string) (*Claims, error)
}

Extracts verified in-built claims from a jwt idToken

func NewIDTokenVerifier 

func NewIDTokenVerifier(issuer, audience string, keychain JWKProvider) (JWTClaimsExtractor, error)

NewIDTokenVerifier creates a new idTokenVerifier object by using keychain as the JWK provider Claims are verified against the values specified in config

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.