auth

package
v2.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 1, 2020 License: Apache-2.0 Imports: 7 Imported by: 49

Documentation

Overview

Package auth provides authentication and authorization capability

Index

Constants

View Source 
const (
	// DefaultNamespace used for auth
	DefaultNamespace = "go.micro"
	// TokenCookieName is the name of the cookie which stores the auth token
	TokenCookieName = "micro-token"
	// BearerScheme used for Authorization header
	BearerScheme = "Bearer "
)

Variables

View Source 
var (
	// ErrNotFound is returned when a resouce cannot be found
	ErrNotFound = errors.New("not found")
	// ErrEncodingToken is returned when the service encounters an error during encoding
	ErrEncodingToken = errors.New("error encoding the token")
	// ErrInvalidToken is returned when the token provided is not valid
	ErrInvalidToken = errors.New("invalid token provided")
	// ErrInvalidRole is returned when the role provided was invalid
	ErrInvalidRole = errors.New("invalid role")
	// ErrForbidden is returned when a user does not have the necessary roles to access a resource
	ErrForbidden = errors.New("resource forbidden")
)
View Source 
var (
	DefaultAuth = NewAuth()
)

Functions

func ContextWithAccount added in v2.3.0 

func ContextWithAccount(ctx context.Context, account *Account) context.Context

ContextWithAccount sets the account in the context

Types

type Account added in v2.1.0 

type Account struct {
	// ID of the account e.g. email
	ID string `json:"id"`
	// Type of the account, e.g. service
	Type string `json:"type"`
	// Provider who issued the account
	Provider string `json:"provider"`
	// Roles associated with the Account
	Roles []string `json:"roles"`
	// Any other associated metadata
	Metadata map[string]string `json:"metadata"`
	// Namespace the account belongs to
	Namespace string `json:"namespace"`
	// Secret for the account, e.g. the password
	Secret string `json:"secret"`
}

Account provided by an auth provider

func AccountFromContext added in v2.3.0 

func AccountFromContext(ctx context.Context) (*Account, bool)

AccountFromContext gets the account from the context, which is set by the auth wrapper at the start of a call. If the account is not set, a nil account will be returned. The error is only returned when there was a problem retrieving an account

type Auth 

type Auth interface {
	// Init the auth
	Init(opts ...Option)
	// Options set for auth
	Options() Options
	// Generate a new account
	Generate(id string, opts ...GenerateOption) (*Account, error)
	// Grant access to a resource
	Grant(role string, res *Resource) error
	// Revoke access to a resource
	Revoke(role string, res *Resource) error
	// Verify an account has access to a resource
	Verify(acc *Account, res *Resource) error
	// Inspect a token
	Inspect(token string) (*Account, error)
	// Token generated using refresh token
	Token(opts ...TokenOption) (*Token, error)
	// String returns the name of the implementation
	String() string
}

Auth providers authentication and authorization

func NewAuth added in v2.1.2 

func NewAuth(opts ...Option) Auth

type GenerateOption added in v2.1.0 

type GenerateOption func(o *GenerateOptions)

func WithMetadata added in v2.4.0 

func WithMetadata(md map[string]string) GenerateOption

WithMetadata for the generated account

func WithNamespace added in v2.4.0 

func WithNamespace(n string) GenerateOption

WithNamespace for the generated account

func WithProvider added in v2.5.0 

func WithProvider(p string) GenerateOption

WithProvider for the generated account

func WithRoles added in v2.4.0 

func WithRoles(rs ...string) GenerateOption

WithRoles for the generated account

func WithSecret added in v2.5.0 

func WithSecret(s string) GenerateOption

WithSecret for the generated account

func WithType added in v2.5.0 

func WithType(t string) GenerateOption

WithType for the generated account

type GenerateOptions added in v2.1.0 

type GenerateOptions struct {
	// Metadata associated with the account
	Metadata map[string]string
	// Roles/scopes associated with the account
	Roles []string
	// Namespace the account belongs too
	Namespace string
	// Provider of the account, e.g. oauth
	Provider string
	// Type of the account, e.g. user
	Type string
	// Secret used to authenticate the account
	Secret string
}

func NewGenerateOptions added in v2.1.0 

func NewGenerateOptions(opts ...GenerateOption) GenerateOptions

NewGenerateOptions from a slice of options

type Option added in v2.1.0 

type Option func(o *Options)

func ClientToken added in v2.6.0 

func ClientToken(token *Token) Option

ClientToken sets the auth token to use when making requests

func Credentials added in v2.5.0 

func Credentials(id, secret string) Option

Credentials sets the auth credentials

func LoginURL added in v2.3.0 

func LoginURL(url string) Option

LoginURL sets the auth LoginURL

func Namespace added in v2.5.0 

func Namespace(n string) Option

Namespace the service belongs to

func PrivateKey added in v2.1.0 

func PrivateKey(key string) Option

PrivateKey is the JWT private key

func Provider added in v2.3.0 

func Provider(p provider.Provider) Option

Provider set the auth provider

func PublicKey added in v2.1.0 

func PublicKey(key string) Option

PublicKey is the JWT public key

func Store added in v2.4.0 

func Store(s store.Store) Option

Store to back auth

type Options added in v2.1.0 

type Options struct {
	// Namespace the service belongs to
	Namespace string
	// ID is the services auth ID
	ID string
	// Secret is used to authenticate the service
	Secret string
	// Token is the services token used to authenticate itself
	Token *Token
	// PublicKey for decoding JWTs
	PublicKey string
	// PrivateKey for encoding JWTs
	PrivateKey string
	// Provider is an auth provider
	Provider provider.Provider
	// LoginURL is the relative url path where a user can login
	LoginURL string
	// Store to back auth
	Store store.Store
}

func NewOptions added in v2.5.0 

func NewOptions(opts ...Option) Options

type Resource added in v2.1.0 

type Resource struct {
	// Name of the resource
	Name string `json:"name"`
	// Type of resource, e.g.
	Type string `json:"type"`
	// Endpoint resource e.g NotesService.Create
	Endpoint string `json:"endpoint"`
	// Namespace the resource belongs to
	Namespace string `json:"namespace"`
}

Resource is an entity such as a user or

type Token 

type Token struct {
	// The token to be used for accessing resources
	AccessToken string `json:"access_token"`
	// RefreshToken to be used to generate a new token
	RefreshToken string `json:"refresh_token"`
	// Time of token creation
	Created time.Time `json:"created"`
	// Time of token expiry
	Expiry time.Time `json:"expiry"`
}

Token can be short or long lived

type TokenOption added in v2.4.0 

type TokenOption func(o *TokenOptions)

func WithCredentials added in v2.5.0 

func WithCredentials(id, secret string) TokenOption

func WithExpiry added in v2.5.0 

func WithExpiry(ex time.Duration) TokenOption

WithExpiry for the token

func WithToken added in v2.5.0 

func WithToken(rt string) TokenOption

type TokenOptions added in v2.4.0 

type TokenOptions struct {
	// ID for the account
	ID string
	// Secret for the account
	Secret string
	// RefreshToken is used to refesh a token
	RefreshToken string
	// Expiry is the time the token should live for
	Expiry time.Duration
}

func NewTokenOptions added in v2.4.0 

func NewTokenOptions(opts ...TokenOption) TokenOptions

NewTokenOptions from a slice of options

Source Files

View all Source files

Directories

Path Synopsis
Package provider is an external auth provider e.g oauth
 Package provider is an external auth provider e.g oauth
basic
oauth
proto
basic
jwt

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.