Documentation ¶
Overview ¶
Package trust implements jwt-bearer grant management capabilities
JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt. Client uses jwt to request access token to act as RO.
Index ¶
- Variables
- func TestHelperGrantManagerCreateGetDeleteGrant(m GrantManager) func(t *testing.T)
- func TestHelperGrantManagerErrors(m GrantManager) func(t *testing.T)
- type Grant
- type GrantManager
- type GrantValidator
- type Handler
- func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
- func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) List(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) SetRoutes(admin *x.RouterAdmin)
- type InternalRegistry
- type PublicKey
- type Registry
- type SQLData
Constants ¶
This section is empty.
Variables ¶
var ErrMissingRequiredParameter = &fosite.RFC6749Error{ DescriptionField: "One of the required parameters is missing. Check your request parameters.", ErrorField: "missing_required_parameter", CodeField: http.StatusBadRequest, }
Functions ¶
func TestHelperGrantManagerCreateGetDeleteGrant ¶
func TestHelperGrantManagerCreateGetDeleteGrant(m GrantManager) func(t *testing.T)
func TestHelperGrantManagerErrors ¶
func TestHelperGrantManagerErrors(m GrantManager) func(t *testing.T)
Types ¶
type Grant ¶
type Grant struct { ID string `json:"id"` // Issuer identifies the principal that issued the JWT assertion (same as iss claim in jwt). Issuer string `json:"issuer"` // Subject identifies the principal that is the subject of the JWT. Subject string `json:"subject"` // AllowAnySubject indicates that the issuer is allowed to have any principal as the subject of the JWT. AllowAnySubject bool `json:"allow_any_subject"` // Scope contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) Scope []string `json:"scope"` // PublicKeys contains information about public key issued by Issuer, that will be used to check JWT assertion signature. PublicKey PublicKey `json:"public_key"` // CreatedAt indicates, when grant was created. CreatedAt time.Time `json:"created_at"` // ExpiresAt indicates, when grant will expire, so we will reject assertion from Issuer targeting Subject. ExpiresAt time.Time `json:"expires_at"` }
type GrantManager ¶
type GrantManager interface { CreateGrant(ctx context.Context, g Grant, publicKey jose.JSONWebKey) error GetConcreteGrant(ctx context.Context, id string) (Grant, error) DeleteGrant(ctx context.Context, id string) error GetGrants(ctx context.Context, limit, offset int, optionalIssuer string) ([]Grant, error) CountGrants(ctx context.Context) (int, error) FlushInactiveGrants(ctx context.Context, notAfter time.Time, limit int, batchSize int) error }
type GrantValidator ¶
type GrantValidator struct { }
func NewGrantValidator ¶
func NewGrantValidator() *GrantValidator
func (*GrantValidator) Validate ¶
func (v *GrantValidator) Validate(request createGrantRequest) error
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler(r InternalRegistry) *Handler
func (*Handler) Create ¶
func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
swagger:route POST /trust/grants/jwt-bearer/issuers admin trustJwtGrantIssuer
Trust an OAuth2 JWT Bearer Grant Type Issuer ¶
Use this endpoint to establish a trust relationship for a JWT issuer to perform JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523).
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 201: trustedJwtGrantIssuer 400: genericError 409: genericError 500: genericError
func (*Handler) Delete ¶
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route DELETE /trust/grants/jwt-bearer/issuers/{id} admin deleteTrustedJwtGrantIssuer
Delete a Trusted OAuth2 JWT Bearer Grant Type Issuer ¶
Use this endpoint to delete trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship.
Once deleted, the associated issuer will no longer be able to perform the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grant.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 204: emptyResponse 404: genericError 500: genericError
func (*Handler) Get ¶
func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /trust/grants/jwt-bearer/issuers/{id} admin getTrustedJwtGrantIssuer
Get a Trusted OAuth2 JWT Bearer Grant Type Issuer ¶
Use this endpoint to get a trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship. /
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: trustedJwtGrantIssuer 404: genericError 500: genericError
func (*Handler) List ¶
func (h *Handler) List(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /trust/grants/jwt-bearer/issuers admin listTrustedJwtGrantIssuers
List Trusted OAuth2 JWT Bearer Grant Type Issuers ¶
Use this endpoint to list all trusted JWT Bearer Grant Type Issuers.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: trustedJwtGrantIssuers 500: genericError
func (*Handler) SetRoutes ¶
func (h *Handler) SetRoutes(admin *x.RouterAdmin)
type InternalRegistry ¶
type InternalRegistry interface { x.RegistryWriter x.RegistryLogger Registry }
type Registry ¶
type Registry interface { GrantManager() GrantManager GrantValidator() *GrantValidator }
type SQLData ¶
type SQLData struct { ID string `db:"id"` Issuer string `db:"issuer"` Subject string `db:"subject"` AllowAnySubject bool `db:"allow_any_subject"` Scope string `db:"scope"` KeySet string `db:"key_set"` KeyID string `db:"key_id"` CreatedAt time.Time `db:"created_at"` ExpiresAt time.Time `db:"expires_at"` }