Documentation ¶
Index ¶
- func FromAuthHeader(r *http.Request) (string, error)
- func OnError(w http.ResponseWriter, r *http.Request, err string)
- type AccessControl
- type IsUserAdminFunc
- type JSONWebKey
- type JWTMiddleware
- func (m *JWTMiddleware) CheckJWTFromRequest(w http.ResponseWriter, r *http.Request) error
- func (m *JWTMiddleware) Handler(h http.Handler) http.Handler
- func (m *JWTMiddleware) HandlerWithNext(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
- func (m *JWTMiddleware) ValidateAndParse(token string) (*jwt.Token, error)
- type Jwks
- type Options
- type TokenExtractor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FromAuthHeader ¶
FromAuthHeader is a "TokenExtractor" that takes a give request and extracts the JWT token from the Authorization header.
Types ¶
type AccessControl ¶ added in v0.10.4
type AccessControl struct {
// contains filtered or unexported fields
}
AccessControl middleware to restrict to make POST/PUT/DELETE requests by admin only
func NewAccessControl ¶ added in v0.10.4
func NewAccessControl(audience, userIDClaim string, isUserAdmin IsUserAdminFunc) *AccessControl
NewAccessControl instance constructor
type IsUserAdminFunc ¶ added in v0.6.0
type IsUserAdminFunc func(claims jwtclaims.AuthorizationClaims) (bool, error)
type JSONWebKey ¶ added in v0.11.5
type JSONWebKey struct { Kty string `json:"kty"` Kid string `json:"kid"` Use string `json:"use"` N string `json:"n"` E string `json:"e"` X5c []string `json:"x5c"` }
JSONWebKey is a representation of a Jason Web Key
type JWTMiddleware ¶
type JWTMiddleware struct {
Options Options
}
func New ¶
func New(options ...Options) *JWTMiddleware
New constructs a new Secure instance with supplied options.
func NewJwtMiddleware ¶
func NewJwtMiddleware(issuer string, audience string, keysLocation string) (*JWTMiddleware, error)
NewJwtMiddleware creates new middleware to verify the JWT token sent via Authorization header
func (*JWTMiddleware) CheckJWTFromRequest ¶
func (m *JWTMiddleware) CheckJWTFromRequest(w http.ResponseWriter, r *http.Request) error
func (*JWTMiddleware) HandlerWithNext ¶
func (m *JWTMiddleware) HandlerWithNext(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
HandlerWithNext is a special implementation for Negroni, but could be used elsewhere.
func (*JWTMiddleware) ValidateAndParse ¶
func (m *JWTMiddleware) ValidateAndParse(token string) (*jwt.Token, error)
ValidateAndParse validates and parses a given access token against jwt standards and signing methods
type Jwks ¶
type Jwks struct {
Keys []JSONWebKey `json:"keys"`
}
Jwks is a collection of JSONWebKey obtained from Config.HttpServerConfig.AuthKeysLocation
type Options ¶
type Options struct { // The function that will return the Key to validate the JWT. // It can be either a shared secret or a public key. // Default value: nil ValidationKeyGetter jwt.Keyfunc // The name of the property in the request where the user information // from the JWT will be stored. // Default value: "user" UserProperty string // The function that will be called when there's an error validating the token // Default value: ErrorHandler errorHandler // A boolean indicating if the credentials are required or not // Default value: false CredentialsOptional bool // A function that extracts the token from the request // Default: FromAuthHeader (i.e., from Authorization header as bearer token) Extractor TokenExtractor // Debug flag turns on debugging output // Default: false Debug bool // When set, all requests with the OPTIONS method will use authentication // Default: false EnableAuthOnOptions bool // When set, the middelware verifies that tokens are signed with the specific signing algorithm // If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks // Important to avoid security issues described here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ // Default: nil SigningMethod jwt.SigningMethod }
Options is a struct for specifying configuration options for the middleware.
type TokenExtractor ¶
TokenExtractor is a function that takes a request as input and returns either a token or an error. An error should only be returned if an attempt to specify a token was found, but the information was somehow incorrectly formed. In the case where a token is simply not present, this should not be treated as an error. An empty string should be returned in that case.
func FromFirst ¶
func FromFirst(extractors ...TokenExtractor) TokenExtractor
FromFirst returns a function that runs multiple token extractors and takes the first token it finds
func FromParameter ¶
func FromParameter(param string) TokenExtractor
FromParameter returns a function that extracts the token from the specified query string parameter