authn

package

v1.0.0 Latest Latest Go to latest Published: Sep 11, 2019 License: LGPL-3.0 Imports: 13 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/keratin/authn-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Configure(config Config) error
func NewIDTokenVerifier(issuer, audience string, keychain JWKProvider) (*idTokenVerifier, error)
func SubjectFrom(idToken string) (string, error)
type Account
type Client
- func NewClient(config Config) (*Client, error)
type Config
type JWKProvider
type JWTClaimsExtractor

Constants ¶

View Source

const (
	DefaultKeychainTTL = 60
)

Variables ¶

View Source

var (
	ErrNoKey = errors.New("No keys found")
)

Functions ¶

func Configure ¶

func Configure(config Config) error

Configure initializes the default AuthN client with the given config. This is necessary to use authn.SubjectFrom without keeping a reference to your own AuthN client.

func NewIDTokenVerifier ¶

func NewIDTokenVerifier(issuer, audience string, keychain JWKProvider) (*idTokenVerifier, error)

Creates a new idTokenVerifier object by using keychain as the JWK provider Claims are verified against the values specified in config

func SubjectFrom ¶

func SubjectFrom(idToken string) (string, error)

SubjectFrom will use the the client configured by Configure to extract a subject from the given idToken.

Types ¶

type Account ¶ added in v1.0.0

type Account struct {
	ID       int    `json:"id"`
	Username string `json:"username"`
	Locked   bool   `json:"locked"`
	Deleted  bool   `json:"deleted"`
}

Account is an AuthN user account

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client provides JWT verification for ID tokens generated by the AuthN server. In the future it will also implement the server's private APIs (aka admin actions).

var DefaultClient *Client

DefaultClient can be initialized by Configure and used by SubjectFrom.

func NewClient ¶

func NewClient(config Config) (*Client, error)

NewClient returns an initialized and configured Client.

func (*Client) ArchiveAccount ¶ added in v1.0.0

func (ac *Client) ArchiveAccount(id string) error

ArchiveAccount archives the account with the associated id

func (*Client) ExpirePassword ¶ added in v1.0.0

func (ac *Client) ExpirePassword(id string) error

ExpirePassword expires the password of the account with the associated id

func (*Client) GetAccount ¶ added in v1.0.0

func (ac *Client) GetAccount(id string) (*Account, error)

GetAccount gets the account with the associated id

func (*Client) ImportAccount ¶ added in v1.0.0

func (ac *Client) ImportAccount(username, password string, locked bool) error

ImportAccount imports an account with the provided information

func (*Client) LockAccount ¶ added in v1.0.0

func (ac *Client) LockAccount(id string) error

LockAccount locks the account with the associated id

func (*Client) ServerStats ¶ added in v1.0.0

func (ac *Client) ServerStats() (*http.Response, error)

ServerStats gets the http response object from calling the server stats endpoint

func (*Client) ServiceStats ¶ added in v1.0.0

func (ac *Client) ServiceStats() (*http.Response, error)

ServiceStats gets the http response object from calling the service stats endpoint

func (*Client) SubjectFrom ¶

func (ac *Client) SubjectFrom(idToken string) (string, error)

SubjectFrom will return the subject inside the given idToken if and only if the token is a valid JWT that passes all verification requirements. The returned value is the AuthN server's account ID and should be used as a unique foreign key in your users data.

If the JWT does not verify, the returned error will explain why. This is for debugging purposes.

func (*Client) UnlockAccount ¶ added in v1.0.0

func (ac *Client) UnlockAccount(id string) error

UnlockAccount unlocks the account with the associated id

func (*Client) Update ¶ added in v1.0.0

func (ac *Client) Update(id, username string) error

Update updates the account with the associated id

type Config ¶

type Config struct {
	Issuer         string //the base url of the service handling authentication
	PrivateBaseURL string //overrides the base url for private endpoints
	Audience       string //the domain (host) of the main application
	Username       string //the http basic auth username for accessing private endpoints of the authn issuer
	Password       string //the http basic auth password for accessing private endpoints of the authn issuer
	KeychainTTL    int    //TTL for a key in keychain in minutes
}

Config is a configuration struct for Client

type JWKProvider ¶

type JWKProvider interface {
	Key(kid string) ([]jose.JSONWebKey, error)
}

Provides a JSON Web Key from a Key ID Wanted to use function signature from go-jose.v2 but that would make us lose error information

type JWTClaimsExtractor ¶

type JWTClaimsExtractor interface {
	GetVerifiedClaims(idToken string) (*jwt.Claims, error)
}

Extracts verified in-built claims from a jwt idToken

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL