auth

package

v0.0.4 Latest Latest Go to latest Published: Oct 12, 2023 License: Apache-2.0 Imports: 17 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stackrox/infra-auth-lib

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth facilitates an OAuth login/logout flow.

Index ¶

func NewAccessTokenizer(claimRules *claimrule.ClaimRules) *accessTokenizer
func NewOidcTokenizer(verifier *oidc.IDTokenVerifier) *oidcTokenizer
func NewStateTokenizer(lifetime time.Duration, secret string) *stateTokenizer
func NewUserTokenizer(lifetime time.Duration, secret string) *userTokenizer
type OidcAuth
- func NewFromConfig(oidcConfigFile string) (*OidcAuth, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewAccessTokenizer ¶

func NewAccessTokenizer(claimRules *claimrule.ClaimRules) *accessTokenizer

NewAccessTokenizer creates a new tokenizer that can verify OIDC provider generated Access Token.

func NewOidcTokenizer ¶

func NewOidcTokenizer(verifier *oidc.IDTokenVerifier) *oidcTokenizer

NewOidcTokenizer creates a new tokenizer that can verify OIDC provider generated ID Token.

func NewStateTokenizer ¶

func NewStateTokenizer(lifetime time.Duration, secret string) *stateTokenizer

NewStateTokenizer creates a new stateTokenizer that can generate and verify tokens using the given lifetime and signed with the given secret.

func NewUserTokenizer ¶

func NewUserTokenizer(lifetime time.Duration, secret string) *userTokenizer

NewUserTokenizer creates a new userTokenizer that can generate and verify tokens using the given lifetime and signed with the given secret.

Types ¶

type OidcAuth ¶

type OidcAuth struct {
	// contains filtered or unexported fields
}

OidcAuth facilitates an Oauth2 login flow via http handlers.

func NewFromConfig ¶

func NewFromConfig(oidcConfigFile string) (*OidcAuth, error)

NewFromConfig reads and parses the given OIDC configuration file.

func (OidcAuth) Authorized ¶

func (a OidcAuth) Authorized(handler http.Handler) http.Handler

Authorized wraps the given http.Handler in an authorization check. The given handler is only called if the user is authorized, otherwise a 404 status code is returned.

func (OidcAuth) AuthorizedFunc ¶

func (a OidcAuth) AuthorizedFunc(handler http.HandlerFunc) http.Handler

AuthorizedFunc wraps the given http.HandlerFunc in an authorization check. The given handler is only called if the user is authorized, otherwise a 404 status code is returned.

func (OidcAuth) Endpoint ¶

func (a OidcAuth) Endpoint() string

Endpoint returns the OAuth service endpoint (host with optional port) string. Used for generating redirects.

func (OidcAuth) GenerateServiceAccountToken ¶

func (a OidcAuth) GenerateServiceAccountToken(svcacct *v1.ServiceAccount) (string, error)

GenerateServiceAccountToken generates a service account JWT containing a v1.User struct.

func (OidcAuth) Handle ¶

func (a OidcAuth) Handle(mux *http.ServeMux)

Handle adds several standard OAuth routes handlers to the given http mux.

func (OidcAuth) ValidateServiceAccountToken ¶

func (a OidcAuth) ValidateServiceAccountToken(token string) (*v1.ServiceAccount, error)

ValidateServiceAccountToken validates a service account JWT and returns the contained v1.ServiceAccount struct.

func (OidcAuth) ValidateUser ¶

func (a OidcAuth) ValidateUser(token string) (*v1.User, error)

ValidateUser validates a user JWT and returns the contained v1.User struct.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
claimrule

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL