auth

package
v0.4.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2024 License: BSD-3-Clause-Clear Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DiscoveryPath is the path to the discovery endpoint
	DiscoveryPath = "/.well-known/openid-configuration"
)

Variables

This section is empty.

Functions

func ContextWithAuthNInfo added in v0.4.2

func ContextWithAuthNInfo(ctx context.Context, key jwk.Key, accessToken jwt.Token, raw string) context.Context

func GetAccessTokenFromContext added in v0.4.1

func GetAccessTokenFromContext(ctx context.Context) jwt.Token

func GetJWKFromContext

func GetJWKFromContext(ctx context.Context) jwk.Key

func GetRawAccessTokenFromContext added in v0.4.1

func GetRawAccessTokenFromContext(ctx context.Context) string

Types

type AuthNConfig

type AuthNConfig struct {
	EnforceDPoP  bool         `yaml:"enforceDPoP" json:"enforceDPoP" mapstructure:"enforceDPoP" default:"false"`
	Issuer       string       `yaml:"issuer" json:"issuer"`
	Audience     string       `yaml:"audience" json:"audience"`
	Policy       PolicyConfig `yaml:"policy" json:"policy" mapstructure:"policy"`
	CacheRefresh string       `mapstructure:"cache_refresh_interval"`
}

AuthNConfig is the configuration need for the platform to validate tokens

type Authentication

type Authentication struct {
	// contains filtered or unexported fields
}

Authentication holds a jwks cache and information about the openid configuration

func NewAuthenticator

func NewAuthenticator(ctx context.Context, cfg Config, logr *logger.Logger) (*Authentication, error)

Creates new authN which is used to verify tokens for a set of given issuers

func (Authentication) MuxHandler

func (a Authentication) MuxHandler(handler http.Handler) http.Handler

verifyTokenHandler is a http handler that verifies the token

func (Authentication) UnaryServerInterceptor

func (a Authentication) UnaryServerInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

UnaryServerInterceptor is a grpc interceptor that verifies the token in the metadata

type CasbinConfig

type CasbinConfig struct {
	PolicyConfig
}

type Config

type Config struct {
	Enabled      bool     `yaml:"enabled" default:"true" `
	PublicRoutes []string `mapstructure:"-"`
	AuthNConfig  `mapstructure:",squash"`
}

AuthConfig pulls AuthN and AuthZ together

type Enforcer

type Enforcer struct {
	*casbin.Enforcer
	Config CasbinConfig
	Policy string
}

func NewCasbinEnforcer

func NewCasbinEnforcer(c CasbinConfig) (*Enforcer, error)

newCasbinEnforcer creates a new casbin enforcer

func (Enforcer) Enforce

func (e Enforcer) Enforce(token jwt.Token, resource, action string) (bool, error)

casbinEnforce is a helper function to enforce the policy with casbin TODO implement a common type so this can be used for both http and grpc

type OIDCConfiguration

type OIDCConfiguration struct {
	Issuer                           string   `json:"issuer"`
	AuthorizationEndpoint            string   `json:"authorization_endpoint"`
	TokenEndpoint                    string   `json:"token_endpoint"`
	JwksURI                          string   `json:"jwks_uri"`
	ResponseTypesSupported           []string `json:"response_types_supported"`
	SubjectTypesSupported            []string `json:"subject_types_supported"`
	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
	RequireRequestURIRegistration    bool     `json:"require_request_uri_registration"`
}

OIDCConfiguration holds the openid configuration for the issuer. Currently only required fields are included (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata)

func DiscoverOIDCConfiguration

func DiscoverOIDCConfiguration(ctx context.Context, issuer string) (*OIDCConfiguration, error)

DiscoverOPENIDConfiguration discovers the openid configuration for the issuer provided

type PolicyConfig

type PolicyConfig struct {
	Default   string            `yaml:"default" json:"default"`
	RoleClaim string            `yaml:"claim" json:"claim" mapstructure:"claim"`
	RoleMap   map[string]string `yaml:"map" json:"map" mapstructure:"map"`
	Csv       string            `yaml:"csv" json:"csv"`
	Model     string            `yaml:"model" json:"model"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL