firewall

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2016 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package firewall defines an API for validating access requests.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Context

type Context struct {
	Subject       string                 `json:"sub"`
	GrantedScopes []string               `json:"scopes"`
	Issuer        string                 `json:"iss"`
	Audience      string                 `json:"aud"`
	IssuedAt      time.Time              `json:"iat"`
	ExpiresAt     time.Time              `json:"exp"`
	Extra         map[string]interface{} `json:"ext"`
}

Context contains an access token's session data

type Firewall

type Firewall interface {
	Introspector

	// InspectToken checks if the given token is valid and if the requested scopes are satisfied. Returns
	// a context if the token is valid and an error if not.
	InspectToken(ctx context.Context, token string, scopes ...string) (*Context, error)

	// IsAllowed uses policies to return nil if the access request can be fulfilled or an error if not.
	IsAllowed(ctx context.Context, accessRequest *ladon.Request) error

	// TokenAllowed uses policies and a token to return a context and no error if the access request can be fulfilled or an error if not.
	TokenAllowed(ctx context.Context, token string, accessRequest *ladon.Request, scopes ...string) (*Context, error)

	// TokenFromRequest returns an access token from the HTTP Authorization header.
	TokenFromRequest(r *http.Request) string
}

Firewall offers various validation strategies for access tokens.

type Introspection

type Introspection struct {
	Active    bool   `json:"active"`
	Scope     string `json:"scope,omitempty"`
	ClientID  string `json:"client_id,omitempty"`
	Subject   string `json:"sub,omitempty"`
	ExpiresAt int64  `json:"exp,omitempty"`
	IssuedAt  int64  `json:"iat,omitempty"`
	NotBefore int64  `json:"nbf,omitempty"`
	Username  int64  `json:"username,omitempty"`
	Audience  string `json:"aud,omitempty"`
	Issuer    string `json:"iss,omitempty"`
}

Introspection contains an access token's session data as specified by IETF RFC 7662.

type Introspector

type Introspector interface {
	IntrospectToken(ctx context.Context, token string) (*Introspection, error)
}

Introspector is capable of introspecting an access token according to IETF RFC 7662.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL