The highest tagged major version is
Documentation
¶
Overview ¶
Package auth provides authentication and authorization capability
Index ¶
- Constants
- Variables
- func ContextWithAccount(ctx context.Context, account *Account) (context.Context, error)
- func ContextWithToken(ctx context.Context, token string) context.Context
- type Account
- type Auth
- type GenerateOption
- type GenerateOptions
- type Option
- type Options
- type Resource
- type Token
- type TokenOption
- type TokenOptions
Constants ¶
View Source
const ( // MetadataKey is the key used when storing the account in metadata MetadataKey = "auth-account" // TokenCookieName is the name of the cookie which stores the auth token TokenCookieName = "micro-token" // SecretCookieName is the name of the cookie which stores the auth secret SecretCookieName = "micro-secret" )
Variables ¶
View Source
var ( // ErrNotFound is returned when a resouce cannot be found ErrNotFound = errors.New("not found") // ErrEncodingToken is returned when the service encounters an error during encoding ErrEncodingToken = errors.New("error encoding the token") // ErrInvalidToken is returned when the token provided is not valid ErrInvalidToken = errors.New("invalid token provided") // ErrInvalidRole is returned when the role provided was invalid ErrInvalidRole = errors.New("invalid role") // ErrForbidden is returned when a user does not have the necessary roles to access a resource ErrForbidden = errors.New("resource forbidden") // BearerScheme used for Authorization header BearerScheme = "Bearer " )
View Source
var (
DefaultAuth = NewAuth()
)
Functions ¶
func ContextWithAccount ¶ added in v2.3.0
ContextWithAccount sets the account in the context
Types ¶
type Account ¶ added in v2.1.0
type Account struct {
// ID of the account (UUIDV4, email or username)
ID string `json:"id"`
// Secret used to renew the account
Secret string `json:"secret"`
// Roles associated with the Account
Roles []string `json:"roles"`
// Any other associated metadata
Metadata map[string]string `json:"metadata"`
// Namespace the account belongs to, default blank
Namespace string `json:"namespace"`
}
Account provided by an auth provider
func AccountFromContext ¶ added in v2.3.0
AccountFromContext gets the account from the context, which is set by the auth wrapper at the start of a call. If the account is not set, a nil account will be returned. The error is only returned when there was a problem retrieving an account
type Auth ¶
type Auth interface {
// Init the auth
Init(opts ...Option)
// Options set for auth
Options() Options
// Generate a new account
Generate(id string, opts ...GenerateOption) (*Account, error)
// Grant access to a resource
Grant(role string, res *Resource) error
// Revoke access to a resource
Revoke(role string, res *Resource) error
// Verify an account has access to a resource
Verify(acc *Account, res *Resource) error
// Inspect a token
Inspect(token string) (*Account, error)
// Token generated using an account ID and secret
Token(id, secret string, opts ...TokenOption) (*Token, error)
// String returns the name of the implementation
String() string
}
Auth providers authentication and authorization
type GenerateOption ¶ added in v2.1.0
type GenerateOption func(o *GenerateOptions)
func WithMetadata ¶ added in v2.4.0
func WithMetadata(md map[string]string) GenerateOption
WithMetadata for the generated account
func WithNamespace ¶ added in v2.4.0
func WithNamespace(n string) GenerateOption
WithNamespace for the generated account
func WithRoles ¶ added in v2.4.0
func WithRoles(rs ...string) GenerateOption
WithRoles for the generated account
type GenerateOptions ¶ added in v2.1.0
type GenerateOptions struct {
// Metadata associated with the account
Metadata map[string]string
// Roles/scopes associated with the account
Roles []string
// Namespace the account belongs too
Namespace string
}
func NewGenerateOptions ¶ added in v2.1.0
func NewGenerateOptions(opts ...GenerateOption) GenerateOptions
NewGenerateOptions from a slice of options
type Option ¶ added in v2.1.0
type Option func(o *Options)
func PrivateKey ¶ added in v2.1.0
PrivateKey is the JWT private key
func ServiceToken ¶ added in v2.4.0
ServiceToken sets an auth token
type Options ¶ added in v2.1.0
type Options struct {
// Token is an auth token
Token string
// Public key base64 encoded
PublicKey string
// Private key base64 encoded
PrivateKey string
// Provider is an auth provider
Provider provider.Provider
// LoginURL is the relative url path where a user can login
LoginURL string
// Store to back auth
Store store.Store
}
type Resource ¶ added in v2.1.0
type Resource struct {
// Name of the resource
Name string
// Type of resource, e.g.
Type string
// Endpoint resource e.g NotesService.Create
Endpoint string
}
Resource is an entity such as a user or
type Token ¶
type Token struct {
// The token itself
Token string `json:"token"`
// Type of token, e.g. JWT
Type string `json:"type"`
// Time of token creation
Created time.Time `json:"created"`
// Time of token expiry
Expiry time.Time `json:"expiry"`
// Subject of the token, e.g. the account ID
Subject string `json:"subject"`
// Roles granted to the token
Roles []string `json:"roles"`
// Metadata embedded in the token
Metadata map[string]string `json:"metadata"`
// Namespace the token belongs to
Namespace string `json:"namespace"`
}
Token can be short or long lived
type TokenOption ¶ added in v2.4.0
type TokenOption func(o *TokenOptions)
func WithTokenExpiry ¶ added in v2.4.0
func WithTokenExpiry(ex time.Duration) TokenOption
WithTokenExpiry for the token
type TokenOptions ¶ added in v2.4.0
type TokenOptions struct {
// TokenExpiry is the time the token should live for
TokenExpiry time.Duration
}
func NewTokenOptions ¶ added in v2.4.0
func NewTokenOptions(opts ...TokenOption) TokenOptions
NewTokenOptions from a slice of options
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.