Documentation
¶
Index ¶
- Constants
- func DecodeTokenWithKey(nerdToken string, key *ecdsa.PublicKey) (*jwt.StandardClaims, error)
- func DecodeTokenWithPEM(nerdToken, pem string) (*jwt.StandardClaims, error)
- func ParseECDSAPublicKeyFromPemBytes(pemb []byte) (*ecdsa.PublicKey, error)
- type AuthAPIProvider
- type ConfigProvider
- type EnvProvider
- type ProviderBasis
Constants ¶
const ( //NerdTokenEnvVar is the environment variable used to set the JWT NerdTokenEnvVar = "NERD_JWT" //NerdSecretEnvVar is the environment variable used for the JWT refresh secret NerdSecretEnvVar = "NERD_JWT_REFRESH_TOKEN" )
const DefaultExpireWindow = 20
DefaultExpireWindow is the default amount of seconds that a nerd token is assumed to be expired, before it's actually expired. This will prevent the server from declining the token because it was just expired.
Variables ¶
This section is empty.
Functions ¶
func DecodeTokenWithKey ¶
DecodeTokenWithKey decodes a nerd token (JWT) and verifies it with the given public key.
func DecodeTokenWithPEM ¶
func DecodeTokenWithPEM(nerdToken, pem string) (*jwt.StandardClaims, error)
DecodeTokenWithPEM decodes a nerd token (JWT) and verifies it with the given public key in PEM format.
Types ¶
type AuthAPIProvider ¶
type AuthAPIProvider struct {
*ProviderBasis
Client *v1auth.Client
Session conf.SessionInterface
}
AuthAPIProvider provides nerdalize credentials by making a request to the nerdalize auth server. The UserPassProvider is used to retrieve the username and password required to authenticate with the auth server.
func NewAuthAPIProvider ¶
func NewAuthAPIProvider(pub *ecdsa.PublicKey, session conf.SessionInterface, c *v1auth.Client) *AuthAPIProvider
NewAuthAPIProvider creates a new AuthAPIProvider provider.
func (*AuthAPIProvider) Retrieve ¶
func (p *AuthAPIProvider) Retrieve() (string, error)
Retrieve retrieves the token from the authentication server.
type ConfigProvider ¶
type ConfigProvider struct {
*ProviderBasis
Session conf.SessionInterface
Client v1auth.TokenClientInterface
}
ConfigProvider provides a JWT from the config file. For the default file location please see TokenFilename().
func NewConfigProvider ¶
func NewConfigProvider(pub *ecdsa.PublicKey, session conf.SessionInterface, client v1auth.TokenClientInterface) *ConfigProvider
NewConfigProvider creates a new ConfigProvider provider.
func (*ConfigProvider) Retrieve ¶
func (e *ConfigProvider) Retrieve() (string, error)
Retrieve retrieves the token from the nerd config file.
type EnvProvider ¶
type EnvProvider struct {
*ProviderBasis
Client v1auth.TokenClientInterface
Session conf.SessionInterface
}
EnvProvider provides nerdalize credentials from the `credentials.NerdTokenEnvVar` environment variable.
func NewEnvProvider ¶
func NewEnvProvider(pub *ecdsa.PublicKey, session conf.SessionInterface, client v1auth.TokenClientInterface) *EnvProvider
NewEnvProvider creates a new EnvProvider provider.
func (*EnvProvider) Retrieve ¶
func (e *EnvProvider) Retrieve() (string, error)
Retrieve retrieves the jwt from the env variable.
type ProviderBasis ¶
type ProviderBasis struct {
CurrentTime func() time.Time
AlwaysValid bool
ExpireWindow time.Duration
Pub *ecdsa.PublicKey
// contains filtered or unexported fields
}
ProviderBasis is the basis for every provider.
func (*ProviderBasis) IsExpired ¶
func (b *ProviderBasis) IsExpired() bool
IsExpired checks if the current token is expired.
func (*ProviderBasis) SetExpiration ¶
func (b *ProviderBasis) SetExpiration(expiration time.Time)
SetExpiration sets the expiration field and takes the ExpireWindow into account.
func (*ProviderBasis) SetExpirationFromJWT ¶
func (b *ProviderBasis) SetExpirationFromJWT(jwt string) error
SetExpirationFromJWT decodes the JWT and sets the provider expiration based on the JWT expiration field.
Source Files