Documentation ¶
Index ¶
- Constants
- func ContextWithAuthNInfo(ctx context.Context, key jwk.Key, accessToken jwt.Token, raw string) context.Context
- func GetAccessTokenFromContext(ctx context.Context) jwt.Token
- func GetJWKFromContext(ctx context.Context) jwk.Key
- func GetRawAccessTokenFromContext(ctx context.Context) string
- type AuthNConfig
- type Authentication
- type CasbinConfig
- type Config
- type Enforcer
- type OIDCConfiguration
- type PolicyConfig
Constants ¶
const (
// DiscoveryPath is the path to the discovery endpoint
DiscoveryPath = "/.well-known/openid-configuration"
)
Variables ¶
This section is empty.
Functions ¶
func ContextWithAuthNInfo ¶ added in v0.4.2
func GetAccessTokenFromContext ¶ added in v0.4.1
func GetRawAccessTokenFromContext ¶ added in v0.4.1
Types ¶
type AuthNConfig ¶
type AuthNConfig struct { EnforceDPoP bool `yaml:"enforceDPoP" json:"enforceDPoP" mapstructure:"enforceDPoP" default:"false"` Issuer string `yaml:"issuer" json:"issuer"` Audience string `yaml:"audience" json:"audience"` Policy PolicyConfig `yaml:"policy" json:"policy" mapstructure:"policy"` CacheRefresh string `mapstructure:"cache_refresh_interval"` }
AuthNConfig is the configuration need for the platform to validate tokens
type Authentication ¶
type Authentication struct {
// contains filtered or unexported fields
}
Authentication holds a jwks cache and information about the openid configuration
func NewAuthenticator ¶
func NewAuthenticator(ctx context.Context, cfg Config, logr *logger.Logger) (*Authentication, error)
Creates new authN which is used to verify tokens for a set of given issuers
func (Authentication) MuxHandler ¶
func (a Authentication) MuxHandler(handler http.Handler) http.Handler
verifyTokenHandler is a http handler that verifies the token
func (Authentication) UnaryServerInterceptor ¶
func (a Authentication) UnaryServerInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)
UnaryServerInterceptor is a grpc interceptor that verifies the token in the metadata
type CasbinConfig ¶
type CasbinConfig struct {
PolicyConfig
}
type Config ¶
type Config struct { Enabled bool `yaml:"enabled" default:"true" ` PublicRoutes []string `mapstructure:"-"` AuthNConfig `mapstructure:",squash"` }
AuthConfig pulls AuthN and AuthZ together
type Enforcer ¶
type Enforcer struct { *casbin.Enforcer Config CasbinConfig Policy string }
func NewCasbinEnforcer ¶
func NewCasbinEnforcer(c CasbinConfig) (*Enforcer, error)
newCasbinEnforcer creates a new casbin enforcer
type OIDCConfiguration ¶
type OIDCConfiguration struct { Issuer string `json:"issuer"` AuthorizationEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` JwksURI string `json:"jwks_uri"` ResponseTypesSupported []string `json:"response_types_supported"` SubjectTypesSupported []string `json:"subject_types_supported"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"` RequireRequestURIRegistration bool `json:"require_request_uri_registration"` }
OIDCConfiguration holds the openid configuration for the issuer. Currently only required fields are included (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata)
func DiscoverOIDCConfiguration ¶
func DiscoverOIDCConfiguration(ctx context.Context, issuer string) (*OIDCConfiguration, error)
DiscoverOPENIDConfiguration discovers the openid configuration for the issuer provided