Documentation
¶
Index ¶
- type EmailPasswordAuth
- func (auth *EmailPasswordAuth) AuthViewer(w http.ResponseWriter, r *http.Request) viewer.ViewerContext
- func (auth *EmailPasswordAuth) Authenticate(ctx context.Context, emailAddress, password string) (*entjwt.AuthedIdentity, error)
- func (auth *EmailPasswordAuth) ExtendTokenExpiration(tokenStr string) (string, error)
- func (auth *EmailPasswordAuth) ViewerFromToken(tokenStr string) (viewer.ViewerContext, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EmailPasswordAuth ¶
type EmailPasswordAuth struct {
// Required function to take the email/password and returns an (ID, error) tuple indicating
// if email/password maps to something in the database
IDFromEmailPassword func(string, string) (string, error)
// Required function takes the ID above and returns a (ViewerContext, error) tuple. Called by AuthFromViewer method to return the ViewerContext
// to be used for the current request
VCFromID func(string) (viewer.ViewerContext, error)
// Required. Used to sign the token used to auth the user
SigningKey interface{}
// Length of time the access token should be valid for. Default is jwt.DefaultDuration
Duration time.Duration
// What algorithm method should be used to sign this token. Default is jwt.DefaultSigningMethod
SigningMethod jwt.SigningMethod
// ClaimFunc is used to return a new instance of jwt.Claims to be used instead of jwt.MapClaims
// when generating token. It's passed to jwt.NewWithClaims
ClaimFunc func(string) entjwt.Claims
// This pairs well with ClaimFunc to generate a new empty claims instance which is passed to jwt.ParseWithClaims
BaseClaimFunc func() entjwt.Claims
// ExtendTokenDuration defines the window for which the token can be extended
// (with a valid existing token and without a refresh token)
// If not set (default), token can be extended whenever e.g. sliding window every 10 minutes, every request, etc.
// If set, token can only be extended within that window e.g. if set to 5 minutes, will be 5 minutes
// before token expires
// By default, auth handler doesn't do anything and since DefaultDuration is currently 1 hour,
// developer needs to pick *something* to do to extend tokens or provide a
// longer duration
ExtendTokenDuration time.Duration
// contains filtered or unexported fields
}
EmailPasswordAuth is an implementation of the auth.Auth interface that verifies that an email/password combination is valid
func NewEmailPasswordAuth ¶
func NewEmailPasswordAuth(
signingKey interface{},
idFromEmailPassword func(string, string) (string, error),
vcFromID func(string) (viewer.ViewerContext, error),
) *EmailPasswordAuth
NewEmailPasswordAuth returns a new instance of EmailPasswordAuth with all requried fields
func (*EmailPasswordAuth) AuthViewer ¶
func (auth *EmailPasswordAuth) AuthViewer(w http.ResponseWriter, r *http.Request) viewer.ViewerContext
AuthViewer takes the authorization token from the request and verifies if valid and then returns a ViewerContext which maps to user encoded in the token
func (*EmailPasswordAuth) Authenticate ¶
func (auth *EmailPasswordAuth) Authenticate(ctx context.Context, emailAddress, password string) (*entjwt.AuthedIdentity, error)
Authenticate takes credentials from the request and authenticates the user. Can be called from your GraphQL mutation, REST API, etc.
func (*EmailPasswordAuth) ExtendTokenExpiration ¶
func (auth *EmailPasswordAuth) ExtendTokenExpiration(tokenStr string) (string, error)
ExtendTokenExpiration takes the current token and gets a new auth token for the user See ExtendTokenDuration for more information
func (*EmailPasswordAuth) ViewerFromToken ¶
func (auth *EmailPasswordAuth) ViewerFromToken(tokenStr string) (viewer.ViewerContext, error)
ViewerFromToken takes the token string and verifies if valid and then returns a ViewerContext which maps to user encoded in the token
Source Files