trust

package
v2.2.0-pre.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 1, 2024 License: Apache-2.0 Imports: 19 Imported by: 2

Documentation

Overview

Package trust implements jwt-bearer grant management capabilities

JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt. Client uses jwt to request access token to act as RO.

Index

Constants

This section is empty.

Variables

View Source
var ErrMissingRequiredParameter = &fosite.RFC6749Error{
	DescriptionField: "One of the required parameters is missing. Check your request parameters.",
	ErrorField:       "missing_required_parameter",
	CodeField:        http.StatusBadRequest,
}

Functions

func TestHelperGrantManagerCreateGetDeleteGrant

func TestHelperGrantManagerCreateGetDeleteGrant(t1 GrantManager, km jwk.Manager, parallel bool) func(t *testing.T)

func TestHelperGrantManagerErrors

func TestHelperGrantManagerErrors(m GrantManager, km jwk.Manager, parallel bool) func(t *testing.T)

Types

type Grant

type Grant struct {
	ID string `json:"id"`

	// Issuer identifies the principal that issued the JWT assertion (same as iss claim in jwt).
	Issuer string `json:"issuer"`

	// Subject identifies the principal that is the subject of the JWT.
	Subject string `json:"subject"`

	// AllowAnySubject indicates that the issuer is allowed to have any principal as the subject of the JWT.
	AllowAnySubject bool `json:"allow_any_subject"`

	// Scope contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
	Scope []string `json:"scope"`

	// PublicKeys contains information about public key issued by Issuer, that will be used to check JWT assertion signature.
	PublicKey PublicKey `json:"public_key"`

	// CreatedAt indicates, when grant was created.
	CreatedAt time.Time `json:"created_at"`

	// ExpiresAt indicates, when grant will expire, so we will reject assertion from Issuer targeting Subject.
	ExpiresAt time.Time `json:"expires_at"`
}

type GrantManager

type GrantManager interface {
	CreateGrant(ctx context.Context, g Grant, publicKey jose.JSONWebKey) error
	GetConcreteGrant(ctx context.Context, id string) (Grant, error)
	DeleteGrant(ctx context.Context, id string) error
	GetGrants(ctx context.Context, limit, offset int, optionalIssuer string) ([]Grant, error)
	CountGrants(ctx context.Context) (int, error)
	FlushInactiveGrants(ctx context.Context, notAfter time.Time, limit int, batchSize int) error
}

type GrantValidator

type GrantValidator struct {
}

func NewGrantValidator

func NewGrantValidator() *GrantValidator

func (*GrantValidator) Validate

func (v *GrantValidator) Validate(request createGrantRequest) error

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler

func NewHandler(r InternalRegistry) *Handler

func (*Handler) SetRoutes

func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin)

type InternalRegistry

type InternalRegistry interface {
	x.RegistryWriter
	x.RegistryLogger
	Registry
}

type PublicKey

type PublicKey struct {
	// Set is basically a name for a group(set) of keys. Will be the same as Issuer in grant.
	Set string `json:"set"`

	// KeyID is key unique identifier (same as kid header in jws/jwt).
	KeyID string `json:"kid"`
}

type Registry

type Registry interface {
	GrantManager() GrantManager
	GrantValidator() *GrantValidator
}

type SQLData

type SQLData struct {
	ID              string    `db:"id"`
	NID             uuid.UUID `db:"nid"`
	Issuer          string    `db:"issuer"`
	Subject         string    `db:"subject"`
	AllowAnySubject bool      `db:"allow_any_subject"`
	Scope           string    `db:"scope"`
	KeySet          string    `db:"key_set"`
	KeyID           string    `db:"key_id"`
	CreatedAt       time.Time `db:"created_at"`
	ExpiresAt       time.Time `db:"expires_at"`
}

func (SQLData) TableName

func (SQLData) TableName() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL