Documentation
¶
Overview ¶
Package opaque provides server-side consistent tokens.
It generates tokens in a proprietary format that the client cannot access and contain some identifier to information in a server's persistent storage.
It uses HMAC with SHA to generate and validate tokens.
Index ¶
- func GetAuthenticateFunc(s TokenStore, k SecretsKeeper, opts ...auth.Option) token.AuthenticateFunc
- func IssueToken(ctx context.Context, info auth.Info, s TokenStore, k SecretsKeeper, ...) (string, error)
- func New(c gcache.Cache, s TokenStore, k SecretsKeeper, opts ...auth.Option) auth.Strategy
- func WithExpDuration(dur time.Duration) auth.Option
- func WithHash(h crypto.Hash) auth.Option
- func WithTokenLength(length int) auth.Option
- func WithTokenPrefix(prefix string) auth.Option
- type SecretsKeeper
- type StaticSecret
- type Token
- type TokenStore
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthenticateFunc ¶
func GetAuthenticateFunc(s TokenStore, k SecretsKeeper, opts ...auth.Option) token.AuthenticateFunc
GetAuthenticateFunc return function to authenticate request using opaque token. The returned function typically used with the token strategy.
func IssueToken ¶
func IssueToken( ctx context.Context, info auth.Info, s TokenStore, k SecretsKeeper, opts ...auth.Option, ) (string, error)
IssueToken issue token for the provided user info.
func New ¶
func New(c gcache.Cache, s TokenStore, k SecretsKeeper, opts ...auth.Option) auth.Strategy
New return strategy authenticate request using opaque token.
New is similar to:
fn := opaque.GetAuthenticateFunc(tokenStore, secretsKeeper, opts...) token.New(fn, cache, opts...)
Types ¶
type SecretsKeeper ¶
type SecretsKeeper interface {
// Keys return's keys to sign and parse opaque token,
// The Returned keys must be in descending order timestamp.
Keys() ([][]byte, error)
}
SecretsKeeper hold all secrets/keys to sign and parse opaque token.
type StaticSecret ¶
type StaticSecret []byte
StaticSecret implements the SecretsKeeper and holds only a single secret.
func (StaticSecret) Keys ¶
func (s StaticSecret) Keys() ([][]byte, error)
Keys return's keys to sign and parse opaque token,
type Token ¶
type Token struct {
// Lifespan represent when the token expires.
Lifespan time.Time
// Signature a unique HMAC, per token.
//
// Signature used to verify client token.
//
// Store the signature in plaintext without
// any form of obfuscation or encryption.
Signature string
// Prefix represent token prefix or type.
Prefix string
// Info represent auth info token is mapped to it.
Info auth.Info
}
Token represent a token entry in token store.
type TokenStore ¶
type TokenStore interface {
// Store used to store a new token entry.
Store(context.Context, Token) error
// Lookup used to get token entry by its signature.
Lookup(ctx context.Context, signature string) (Token, error)
// Revoke used to delete token entry by its signature.
Revoke(ctx context.Context, signature string) error
}
TokenStore is used to manage client tokens. Tokens are used for clients to authenticate, and each token is mapped to an applicable auth info.
Source Files