The highest tagged major version is
Documentation
¶
Overview ¶
Package auth provides authentication and authorization capability
Index ¶
- Constants
- Variables
- func ContextWithAccount(ctx context.Context, account *Account) context.Context
- type Access
- type Account
- type Auth
- type GenerateOption
- type GenerateOptions
- type Option
- func Addrs(addrs ...string) Option
- func ClientToken(token *Token) Option
- func Credentials(id, secret string) Option
- func LoginURL(url string) Option
- func Namespace(n string) Option
- func PrivateKey(key string) Option
- func Provider(p provider.Provider) Option
- func PublicKey(key string) Option
- func Store(s store.Store) Option
- func WithClient(c client.Client) Option
- type Options
- type Resource
- type Rule
- type RulesOption
- type RulesOptions
- type Token
- type TokenOption
- type TokenOptions
- type VerifyOption
- type VerifyOptions
Constants ¶
View Source
const ( // BearerScheme used for Authorization header BearerScheme = "Bearer " // ScopePublic is the scope applied to a rule to allow access to the public ScopePublic = "" // ScopeAccount is the scope applied to a rule to limit to users with any valid account ScopeAccount = "*" )
Variables ¶
View Source
var ( // ErrInvalidToken is when the token provided is not valid ErrInvalidToken = errors.New("invalid token provided") // ErrForbidden is when a user does not have the necessary scope to access a resource ErrForbidden = errors.New("resource forbidden") )
View Source
var (
DefaultAuth = NewAuth()
)
Functions ¶
Types ¶
type Account ¶ added in v2.1.0
type Account struct {
// ID of the account e.g. email
ID string `json:"id"`
// Type of the account, e.g. service
Type string `json:"type"`
// Issuer of the account
Issuer string `json:"issuer"`
// Any other associated metadata
Metadata map[string]string `json:"metadata"`
// Scopes the account has access to
Scopes []string `json:"scopes"`
// Secret for the account, e.g. the password
Secret string `json:"secret"`
}
Account provided by an auth provider
func AccountFromContext ¶ added in v2.3.0
AccountFromContext gets the account from the context, which is set by the auth wrapper at the start of a call. If the account is not set, a nil account will be returned. The error is only returned when there was a problem retrieving an account
type Auth ¶
type Auth interface {
// Init the auth
Init(opts ...Option)
// Options set for auth
Options() Options
// Generate a new account
Generate(id string, opts ...GenerateOption) (*Account, error)
// Verify an account has access to a resource using the rules
Verify(acc *Account, res *Resource, opts ...VerifyOption) error
// Inspect a token
Inspect(token string) (*Account, error)
// Token generated using refresh token or credentials
Token(opts ...TokenOption) (*Token, error)
// Grant access to a resource
Grant(rule *Rule) error
// Revoke access to a resource
Revoke(rule *Rule) error
// Rules returns all the rules used to verify requests
Rules(...RulesOption) ([]*Rule, error)
// String returns the name of the implementation
String() string
}
Auth provides authentication and authorization
type GenerateOption ¶ added in v2.1.0
type GenerateOption func(o *GenerateOptions)
func WithMetadata ¶ added in v2.4.0
func WithMetadata(md map[string]string) GenerateOption
WithMetadata for the generated account
func WithProvider ¶ added in v2.5.0
func WithProvider(p string) GenerateOption
WithProvider for the generated account
func WithScopes ¶ added in v2.8.0
func WithScopes(s ...string) GenerateOption
WithScopes for the generated account
func WithSecret ¶ added in v2.5.0
func WithSecret(s string) GenerateOption
WithSecret for the generated account
func WithType ¶ added in v2.5.0
func WithType(t string) GenerateOption
WithType for the generated account
type GenerateOptions ¶ added in v2.1.0
type GenerateOptions struct {
// Metadata associated with the account
Metadata map[string]string
// Scopes the account has access too
Scopes []string
// Provider of the account, e.g. oauth
Provider string
// Type of the account, e.g. user
Type string
// Secret used to authenticate the account
Secret string
}
func NewGenerateOptions ¶ added in v2.1.0
func NewGenerateOptions(opts ...GenerateOption) GenerateOptions
NewGenerateOptions from a slice of options
type Option ¶ added in v2.1.0
type Option func(o *Options)
func ClientToken ¶ added in v2.6.0
ClientToken sets the auth token to use when making requests
func Credentials ¶ added in v2.5.0
Credentials sets the auth credentials
func PrivateKey ¶ added in v2.1.0
PrivateKey is the JWT private key
func WithClient ¶ added in v2.7.0
WithClient sets the client to use when making requests
type Options ¶ added in v2.1.0
type Options struct {
// Namespace the service belongs to
Namespace string
// ID is the services auth ID
ID string
// Secret is used to authenticate the service
Secret string
// Token is the services token used to authenticate itself
Token *Token
// PublicKey for decoding JWTs
PublicKey string
// PrivateKey for encoding JWTs
PrivateKey string
// Provider is an auth provider
Provider provider.Provider
// LoginURL is the relative url path where a user can login
LoginURL string
// Store to back auth
Store store.Store
// Client to use for RPC
Client client.Client
// Addrs sets the addresses of auth
Addrs []string
}
func NewOptions ¶ added in v2.5.0
type Resource ¶ added in v2.1.0
type Resource struct {
// Name of the resource, e.g. go.micro.service.notes
Name string `json:"name"`
// Type of resource, e.g. service
Type string `json:"type"`
// Endpoint resource e.g NotesService.Create
Endpoint string `json:"endpoint"`
}
Resource is an entity such as a user or
type Rule ¶ added in v2.8.0
type Rule struct {
// ID of the rule, e.g. "public"
ID string
// Scope the rule requires, a blank scope indicates open to the public and * indicates the rule
// applies to any valid account
Scope string
// Resource the rule applies to
Resource *Resource
// Access determines if the rule grants or denies access to the resource
Access Access
// Priority the rule should take when verifying a request, the higher the value the sooner the
// rule will be applied
Priority int32
}
Rule is used to verify access to a resource
type RulesOption ¶ added in v2.8.0
type RulesOption func(o *RulesOptions)
func RulesContext ¶ added in v2.8.0
func RulesContext(ctx context.Context) RulesOption
type RulesOptions ¶ added in v2.8.0
type Token ¶
type Token struct {
// The token to be used for accessing resources
AccessToken string `json:"access_token"`
// RefreshToken to be used to generate a new token
RefreshToken string `json:"refresh_token"`
// Time of token creation
Created time.Time `json:"created"`
// Time of token expiry
Expiry time.Time `json:"expiry"`
}
Token can be short or long lived
type TokenOption ¶ added in v2.4.0
type TokenOption func(o *TokenOptions)
func WithCredentials ¶ added in v2.5.0
func WithCredentials(id, secret string) TokenOption
func WithExpiry ¶ added in v2.5.0
func WithExpiry(ex time.Duration) TokenOption
WithExpiry for the token
func WithToken ¶ added in v2.5.0
func WithToken(rt string) TokenOption
type TokenOptions ¶ added in v2.4.0
type TokenOptions struct {
// ID for the account
ID string
// Secret for the account
Secret string
// RefreshToken is used to refesh a token
RefreshToken string
// Expiry is the time the token should live for
Expiry time.Duration
}
func NewTokenOptions ¶ added in v2.4.0
func NewTokenOptions(opts ...TokenOption) TokenOptions
NewTokenOptions from a slice of options
type VerifyOption ¶ added in v2.8.0
type VerifyOption func(o *VerifyOptions)
func VerifyContext ¶ added in v2.8.0
func VerifyContext(ctx context.Context) VerifyOption
type VerifyOptions ¶ added in v2.8.0
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.