Documentation ¶
Index ¶
Constants ¶
const ( RoleAdmin = "ADMIN" RoleUser = "USER" )
RoleAdmin represents admin role RoleUser represents user role
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
Authenticator is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.
func NewAuthenticator ¶
func NewAuthenticator(privateKey *rsa.PrivateKey, activeKID, algorithm string, publicKeyLookupFunc KeyLookupFunc) (*Authenticator, error)
NewAuthenticator creates an *Authenticator for use. It will error if: - The private key is nil. - The public key func is nil. - The key ID is blank. - The specified algorithm is unsupported.
func (*Authenticator) GenerateToken ¶
func (a *Authenticator) GenerateToken(claims *Claims) (string, error)
GenerateToken generates a signed JWT token string representing the user Claims.
type Claims ¶
type Claims struct { Roles []string `json:"roles"` jwt.RegisteredClaims }
Claims represents the authorization claims transmitted via a JWT
type KeyLookupFunc ¶
KeyLookupFunc is used to map a JWT key id (kid) to the corresponding public key. It is a requirement for creating an Authenticator.
* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by key id (kid).
* Key-id-to-public-key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.
func NewSimpleKeyLookupFunc ¶
func NewSimpleKeyLookupFunc(activeKID string, publicKey *rsa.PublicKey) KeyLookupFunc
NewSimpleKeyLookupFunc is a simple implementation of KeyFunc that only ever supports one key. This is easy for development but in production should be replaced with a caching layer that calls a JWKS endpoint.