token

package
v0.0.0-...-8187571 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 12, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAuthzEscaped 

func GetAuthzEscaped(ctx *gin.Context) (authzEscaped string)

Given a request, try to get a token from its "authz" query parameter or "Authorization" header

func GetJWKSFromIssUrl 

func GetJWKSFromIssUrl(issuer string) (*jwk.Set, error)

func GetJWKSURLFromIssuerURL 

func GetJWKSURLFromIssuerURL(issuerUrl string) (string, error)

Given an issuer url, lookup the JWKS URL from the openid-configuration For example, if the issuer URL is https://registry.com:8446/api/v1.0/registry/test-namespace, this function will return the key indicated by the openid-configuration JSON hosted at https://registry.com:8446/api/v1.0/registry/test-namespace/.well-known/openid-configuration.

func GetNSIssuerURL 

func GetNSIssuerURL(prefix string) (string, error)

For a given prefix, get the prefix's issuer URL, where we consider that the openid endpoint we use to look up a key location. Note that this is NOT the same as the issuer key -- to find that, follow openid-style discovery using the issuer URL as a base.

func LookupIssuerJwksUrl 

func LookupIssuerJwksUrl(ctx context.Context, issuerUrlStr string) (jwksUrl *url.URL, err error)

Given an issuer URL, lookup the corresponding JWKS URL using OAuth2 metadata discovery

func Verify 

func Verify(ctx *gin.Context, authOption AuthOption) (status int, verified bool, err error)

Check token authentication with token obtained from authOption.Sources, found the first token available and proceed to check against a list of authOption.Issuers with authOption.Scopes, return true and set "User" context to the issuer if any of the issuer check succeed

Scope check will pass if your token has ANY of the scopes in authOption.Scopes

Types

type AuthCheckImpl 

type AuthCheckImpl struct{}

type AuthChecker 

type AuthChecker interface {
	// contains filtered or unexported methods
}

type AuthOption 

type AuthOption struct {
	Sources   []TokenSource
	Issuers   []TokenIssuer
	Scopes    []token_scopes.TokenScope
	AllScopes bool
}

type TokenConfig 

type TokenConfig struct {
	Lifetime time.Duration // Lifetime is used to set 'exp' claim from now
	Issuer   string        // Issuer is 'iss' claim

	Subject string            // Subject is 'sub' claim
	Claims  map[string]string // Additional claims
	// contains filtered or unexported fields
}

func NewScitoken 

func NewScitoken() (tc TokenConfig)

func NewTokenConfig 

func NewTokenConfig(tokenProfile TokenProfile) (tc TokenConfig, err error)

func NewWLCGToken 

func NewWLCGToken() (tc TokenConfig)

func (*TokenConfig) AddAudienceAny 

func (config *TokenConfig) AddAudienceAny()

Add audience="any" to the config based on the token profile.

For WLCG profile, it will be "https://wlcg.cern.ch/jwt/v1/any". For Scitokens profile, it will be "ANY"

func (*TokenConfig) AddAudiences 

func (config *TokenConfig) AddAudiences(audiences ...string)

func (*TokenConfig) AddGroups 

func (config *TokenConfig) AddGroups(groups ...string)

func (*TokenConfig) AddRawScope 

func (config *TokenConfig) AddRawScope(scope string)

AddRawScope appends a space-delimited, case-sensitive scope string to the Scope field.

Examples for valid scopes:

  • "storage:read"
  • "storage:read storage:write"

func (*TokenConfig) AddResourceScopes 

func (config *TokenConfig) AddResourceScopes(scopes ...token_scopes.ResourceScope)

AddResourceScopes appends multiple token_scopes.TokenScope to the Scope field.

func (*TokenConfig) AddScopes 

func (config *TokenConfig) AddScopes(scopes ...token_scopes.TokenScope)

AddScopes appends multiple token_scopes.TokenScope to the Scope field.

func (*TokenConfig) CreateToken 

func (tokenConfig *TokenConfig) CreateToken() (string, error)

CreateToken validates a JWT TokenConfig and if it's valid, create and sign a token based on the TokenConfig.

func (*TokenConfig) CreateTokenWithKey 

func (tokenConfig *TokenConfig) CreateTokenWithKey(key jwk.Key) (string, error)

Variant of CreateToken with a JWT provided by the caller

func (*TokenConfig) GetAudiences 

func (config *TokenConfig) GetAudiences() []string

func (*TokenConfig) GetGroups 

func (config *TokenConfig) GetGroups() []string

func (*TokenConfig) GetScope 

func (config *TokenConfig) GetScope() string

GetScope returns a list of space-delimited, case-sensitive strings from TokenConfig.scope

func (*TokenConfig) GetVersion 

func (config *TokenConfig) GetVersion() string

func (*TokenConfig) SetVersion 

func (config *TokenConfig) SetVersion(ver string) error

func (*TokenConfig) Validate 

func (config *TokenConfig) Validate() (bool, error)

Validate a TokenConfig given its profile and checks if the required claims are present per profile requirement and if provided config values are legal.

type TokenIssuer 

type TokenIssuer string
const (
	FederationIssuer TokenIssuer = "FederationIssuer"
	LocalIssuer      TokenIssuer = "LocalIssuer"
)

type TokenProfile 

type TokenProfile string
const (
	TokenProfileWLCG       TokenProfile = "wlcg"
	TokenProfileScitokens2 TokenProfile = "scitokens2"
	TokenProfileNone       TokenProfile = "none"
)

func (TokenProfile) String 

func (p TokenProfile) String() string

type TokenSource 

type TokenSource string
const (
	Header TokenSource = "AuthorizationHeader" // "Authorization" header
	Cookie TokenSource = "Cookie"              // "login" cookie
	Authz  TokenSource = "AuthzQueryParameter" // "authz" query parameter
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.