token

Documentation

Index

• Variables
• func Register(name string, impl Factory)
• func SetLifetime(t time.Duration)
• func SetParentLogger(l hclog.Logger)
• type Claims
  • func (c *Claims) HasCapability(cap pb.Capability) bool
• type Config
  • func GetConfig() Config
• type Factory
• type Service
  • func New(backend string) (Service, error)

Variables

var (
	// ErrUnknownTokenService is returned when a token name is
	// requested that isn't registered.
	ErrUnknownTokenService = errors.New("no token service with that name exists")

	// ErrKeyUnavailable signifies that at least one key is
	// unavailable to the token service.  For token systems that
	// use symmetric cryptography this is fatal, for token systems
	// that use asymmetric cryptography, this may be acceptable if
	// all you want to do is verify a token with a public key.
	ErrKeyUnavailable = errors.New("a required key is not available")

	// ErrKeyGenerationDisabled is returned when no keys were
	// available to load, and the option to generate keys has been
	// set false.
	ErrKeyGenerationDisabled = errors.New("key generation is disabled")

	// ErrInternalError captures all unidentified error cases
	// within various token services.
	ErrInternalError = errors.New("an unrecoverable internal error has occurred")

	// ErrTokenInvalid is returned for generic cases where the
	// token is invalid for some reason.
	ErrTokenInvalid = errors.New("the provided token is invalid")
)

Functions

func Register

func Register(name string, impl Factory)

Register is called by implementations to register ServiceFactory functions.

func SetLifetime

func SetLifetime(t time.Duration)

SetLifetime sets up the lifetime used by tokens that are issued later on.

func SetParentLogger

func SetParentLogger(l hclog.Logger)

SetParentLogger sets the parent logger for this instance.

Types

type Claims

type Claims struct {
	EntityID     string
	Capabilities []pb.Capability
}

Claims is a type that contains the claims that all tokens shall have. Implementations may embed additional messages, but these cliams must exist here.

func (*Claims) HasCapability

func (c *Claims) HasCapability(cap pb.Capability) bool

HasCapability is a convenience function to determine if the provided token contains the requested capability. The capability GLOBAL_ROOT will cause the function to return true immediately as GLOBAL_ROOT counts for all capabilities.

type Config

type Config struct {
	Lifetime  time.Duration
	Issuer    string
	IssuedAt  time.Time
	NotBefore time.Time
}

The Config struct contains information that should be used when generating a token.

func GetConfig

func GetConfig() Config

GetConfig returns a struct containing the configuration for the token service to use while issuing tokens.

type Factory

type Factory func(hclog.Logger) (Service, error)

A Factory returns a token service when called.

type Service

type Service interface {
	Generate(Claims, Config) (string, error)
	Validate(string) (Claims, error)
}

The Service type defines the required interface for the Token Service. The service must generate tokens, and be able to validate them.

func New

func New(backend string) (Service, error)

New returns an initialized token service based on the value of the --token_impl flag.