Documentation
¶
Index ¶
- func RequireCapability(rlog log.Ext1FieldLogger, tx *sqlx.Tx, capability api.Capability, ...) *model.Response
- func RequireCapabilityAndRestriction(rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, ...) (*restrictions.Restriction, *model.Response)
- func RequireCapabilityAndRestrictionOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, ...) (*restrictions.Restriction, *model.Response)
- func RequireGrantType(rlog log.Ext1FieldLogger, want, got model.GrantType) *model.Response
- func RequireMatchingIssuer(rlog log.Ext1FieldLogger, mtOIDCIssuer string, requestIssuer *string) (model.Provider, *model.Response)
- func RequireMytokenIsParentOrCapability(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ...) *model.Response
- func RequireMytokenNotRevoked(rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, ...) *model.Response
- func RequireMytokensForSameUser(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id1, id2 mtid.MTID) *model.Response
- func RequireUsableRestriction(rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, ...) (*restrictions.Restriction, *model.Response)
- func RequireUsableRestrictionAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, ...) (*restrictions.Restriction, *model.Response)
- func RequireUsableRestrictionOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, ...) (*restrictions.Restriction, *model.Response)
- func RequireValidMytoken(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ...) (*mytoken.Mytoken, *model.Response)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RequireCapability ¶
func RequireCapability( rlog log.Ext1FieldLogger, tx *sqlx.Tx, capability api.Capability, mt *mytoken.Mytoken, clientData *api.ClientMetaData, ) *model.Response
RequireCapability checks that the passed mytoken.Mytoken has the required api.Capability and returns an error model.Response if not
func RequireCapabilityAndRestriction ¶ added in v0.10.0
func RequireCapabilityAndRestriction( rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, clientData *api.ClientMetaData, scopes, auds []string, capability api.Capability, ) (*restrictions.Restriction, *model.Response)
RequireCapabilityAndRestriction checks the mytoken.Mytoken's capability and restrictions
func RequireCapabilityAndRestrictionOther ¶ added in v0.10.0
func RequireCapabilityAndRestrictionOther( rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, clientData *api.ClientMetaData, capability api.Capability, ) (*restrictions.Restriction, *model.Response)
RequireCapabilityAndRestrictionOther checks the mytoken.Mytoken's capability and restrictions
func RequireGrantType ¶
RequireGrantType checks that the passed model.GrantType are the same, and returns an error model.Response if not
func RequireMatchingIssuer ¶
func RequireMatchingIssuer(rlog log.Ext1FieldLogger, mtOIDCIssuer string, requestIssuer *string) ( model.Provider, *model.Response, )
RequireMatchingIssuer checks that the OIDC issuer from a mytoken is the same as the issuer string in a request (if given). RequireMatchingIssuer also checks that the issuer is valid for this mytoken instance.
func RequireMytokenIsParentOrCapability ¶ added in v0.10.0
func RequireMytokenIsParentOrCapability( rlog log.Ext1FieldLogger, tx *sqlx.Tx, capabilityIfParent, capabilityIfNotParent api.Capability, mt *mytoken.Mytoken, momID mtid.MTID, clientData *api.ClientMetaData, ) *model.Response
RequireMytokenIsParentOrCapability checks that a mytoken has a required capability or is the parent of another mytoken
func RequireMytokenNotRevoked ¶
func RequireMytokenNotRevoked( rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, clientData *api.ClientMetaData, ) *model.Response
RequireMytokenNotRevoked checks that the passed mytoken.Mytoken was not revoked, if it was an error model.Response is returned.
func RequireMytokensForSameUser ¶ added in v0.10.0
func RequireMytokensForSameUser(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id1, id2 mtid.MTID) *model.Response
RequireMytokensForSameUser checks that the two passed mtid.MTID are mytokens for the same user and returns an error model.Response if not
func RequireUsableRestriction ¶
func RequireUsableRestriction( rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, clientData *api.ClientMetaData, scopes, auds []string, capability api.Capability, ) (*restrictions.Restriction, *model.Response)
RequireUsableRestriction checks that the mytoken.Mytoken's restrictions allow the usage
func RequireUsableRestrictionAT ¶
func RequireUsableRestrictionAT( rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, clientData *api.ClientMetaData, scopes, auds []string, ) (*restrictions.Restriction, *model.Response)
RequireUsableRestrictionAT checks that the mytoken.Mytoken's restrictions allow the AT usage
func RequireUsableRestrictionOther ¶
func RequireUsableRestrictionOther( rlog log.Ext1FieldLogger, tx *sqlx.Tx, mt *mytoken.Mytoken, clientData *api.ClientMetaData, ) (*restrictions.Restriction, *model.Response)
RequireUsableRestrictionOther checks that the mytoken.Mytoken's restrictions allow the non-AT usage
func RequireValidMytoken ¶
func RequireValidMytoken( rlog log.Ext1FieldLogger, tx *sqlx.Tx, reqToken *universalmytoken.UniversalMytoken, ctx *fiber.Ctx, ) ( *mytoken.Mytoken, *model.Response, )
RequireValidMytoken checks the passed universalmytoken.UniversalMytoken and if needed other request parameters like authorization header and cookie value for a mytoken string. The mytoken string is parsed and if not valid an error model.Response is returned. RequireValidMytoken also asserts that the mytoken.Mytoken was not revoked.
Types ¶
This section is empty.
Source Files