Documentation
¶
Overview ¶
Package trust implements jwt-bearer grant management capabilities
JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt. Client uses jwt to request access token to act as RO.
Index ¶
- Variables
- func TestHelperGrantManagerCreateGetDeleteGrant(t1 GrantManager, km jwk.Manager, parallel bool) func(t *testing.T)
- func TestHelperGrantManagerErrors(m GrantManager, km jwk.Manager, parallel bool) func(t *testing.T)
- type Grant
- type GrantManager
- type GrantValidator
- type Handler
- type InternalRegistry
- type PublicKey
- type Registry
- type SQLData
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrMissingRequiredParameter = &fosite.RFC6749Error{ DescriptionField: "One of the required parameters is missing. Check your request parameters.", ErrorField: "missing_required_parameter", CodeField: http.StatusBadRequest, }
Functions ¶
Types ¶
type Grant ¶
type Grant struct {
ID string `json:"id"`
// Issuer identifies the principal that issued the JWT assertion (same as iss claim in jwt).
Issuer string `json:"issuer"`
// Subject identifies the principal that is the subject of the JWT.
Subject string `json:"subject"`
// AllowAnySubject indicates that the issuer is allowed to have any principal as the subject of the JWT.
AllowAnySubject bool `json:"allow_any_subject"`
// Scope contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
Scope []string `json:"scope"`
// PublicKeys contains information about public key issued by Issuer, that will be used to check JWT assertion signature.
PublicKey PublicKey `json:"public_key"`
// CreatedAt indicates, when grant was created.
CreatedAt time.Time `json:"created_at"`
// ExpiresAt indicates, when grant will expire, so we will reject assertion from Issuer targeting Subject.
ExpiresAt time.Time `json:"expires_at"`
}
type GrantManager ¶
type GrantManager interface {
CreateGrant(ctx context.Context, g Grant, publicKey jose.JSONWebKey) error
GetConcreteGrant(ctx context.Context, id string) (Grant, error)
DeleteGrant(ctx context.Context, id string) error
GetGrants(ctx context.Context, limit, offset int, optionalIssuer string) ([]Grant, error)
CountGrants(ctx context.Context) (int, error)
FlushInactiveGrants(ctx context.Context, notAfter time.Time, limit int, batchSize int) error
}
type GrantValidator ¶
type GrantValidator struct {
}
func NewGrantValidator ¶
func NewGrantValidator() *GrantValidator
func (*GrantValidator) Validate ¶
func (v *GrantValidator) Validate(request createGrantRequest) error
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler(r InternalRegistry) *Handler
func (*Handler) SetRoutes ¶
func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin)
type InternalRegistry ¶
type InternalRegistry interface {
x.RegistryWriter
x.RegistryLogger
Registry
}
type Registry ¶
type Registry interface {
GrantManager() GrantManager
GrantValidator() *GrantValidator
}
type SQLData ¶
type SQLData struct {
ID string `db:"id"`
NID uuid.UUID `db:"nid"`
Issuer string `db:"issuer"`
Subject string `db:"subject"`
AllowAnySubject bool `db:"allow_any_subject"`
Scope string `db:"scope"`
KeySet string `db:"key_set"`
KeyID string `db:"key_id"`
CreatedAt time.Time `db:"created_at"`
ExpiresAt time.Time `db:"expires_at"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.