Documentation
¶
Index ¶
- Variables
- func AuthHeaderTokenExtractor(logger *log.Logger, r *http.Request) (string, error)
- func AuthHeaderTokenInjector(req *http.Request, signedToken string) *http.Request
- func DefaultErrorHandler(logger *log.Logger, w http.ResponseWriter, r *http.Request, err error)
- func DefaultSuccessHandler(logger *log.Logger, next http.Handler, w http.ResponseWriter, r *http.Request, ...)
- type ContextKey
- type ErrorHandler
- type Flow
- type JWTMiddleware
- type Option
- type SuccessHandler
- type TokenExtractor
- func CookieTokenExtractor(cookieName string) TokenExtractor
- func FormTokenExtractor(urlPathPrefix string, param string) TokenExtractor
- func MultiTokenExtractor(extractors ...TokenExtractor) TokenExtractor
- func OidcTokenExtractor() TokenExtractor
- func ParameterTokenExtractor(param string) TokenExtractor
- type TokenInjector
- type ValidateToken
Constants ¶
This section is empty.
Variables ¶
var ( // ErrJWTMissing is returned when the JWT is missing. ErrJWTMissing = errors.New("jwt missing") // ErrJWTInvalid is returned when the JWT is invalid. ErrJWTInvalid = errors.New("jwt invalid") )
Functions ¶
func AuthHeaderTokenExtractor ¶
AuthHeaderTokenExtractor is a TokenExtractor that takes a request and extracts the token from the Authorization header.
func AuthHeaderTokenInjector ¶
func DefaultErrorHandler ¶
DefaultErrorHandler is the default error handler implementation for the JWTMiddleware. If an error handler is not provided via the WithErrorHandler option this will be used.
func DefaultSuccessHandler ¶
func DefaultSuccessHandler(logger *log.Logger, next http.Handler, w http.ResponseWriter, r *http.Request, token string)
DefaultSuccessHandler is the default success handler implementation for the JWTMiddleware. If a success handler is not provided via the WithSuccessHandler option this will be used.
Types ¶
type ContextKey ¶
type ContextKey struct{}
ContextKey is the key used in the request context where the information from a validated JWT will be stored.
type ErrorHandler ¶
ErrorHandler is a handler which is called when an error occurs in the JWTMiddleware. Among some general errors, this handler also determines the response of the JWTMiddleware when a token is not found or is invalid. The err can be checked to be ErrJWTMissing or ErrJWTInvalid for specific cases. The default handler will return a status code of 400 for ErrJWTMissing, 401 for ErrJWTInvalid, and 500 for all other errors. If you implement your own ErrorHandler you MUST take into consideration the error types as not properly responding to them or having a poorly implemented handler could result in the JWTMiddleware not functioning as intended.
func OidcErrorHandler ¶
func OidcErrorHandler( ssoRedirectUrlTemplate *template.Template, ssoRedirectUrlMacSigningKey interface{}, ssoRedirectUrlMacStrength sso_redirector.HmacStrength, ) ErrorHandler
OidcErrorHandler is the oidc error handler implementation for the JWTMiddleware.
type JWTMiddleware ¶
type JWTMiddleware struct {
// contains filtered or unexported fields
}
func New ¶
func New(validateToken ValidateToken, opts ...Option) *JWTMiddleware
New constructs a new JWTMiddleware instance with the supplied options. It requires a ValidateToken function to be passed in, so it can properly validate tokens.
func (*JWTMiddleware) DefaultFlow ¶
func (m *JWTMiddleware) DefaultFlow(next http.Handler) Flow
DefaultFlow is jwt token extraction, jwt token validation and then either success or failure handlers
type Option ¶
type Option func(*JWTMiddleware)
Option is how options for the JWTMiddleware are set up.
func WithCredentialsOptional ¶
WithCredentialsOptional sets up if credentials are optional or not. If set to true then an empty token will be considered valid.
Default value: false.
func WithErrorHandler ¶
func WithErrorHandler(h ErrorHandler) Option
WithErrorHandler sets the handler which is called when we encounter errors in the JWTMiddleware. See the ErrorHandler type for more information.
Default value: DefaultErrorHandler.
func WithIgnorePathOptions ¶
WithIgnorePathOptions sets up requests paths that should not have their JWT validated.
Default value: nil.
func WithSuccessHandler ¶
func WithSuccessHandler(h SuccessHandler) Option
WithSuccessHandler sets the handler which is called when we encounter errors in the JWTMiddleware. See the SuccessHandler type for more information.
Default value: DefaultSuccessHandler.
func WithTokenExtractor ¶
func WithTokenExtractor(e TokenExtractor) Option
WithTokenExtractor sets up the function which extracts the JWT to be validated from the request.
Default value: AuthHeaderTokenExtractor.
func WithValidateOnOptions ¶
WithValidateOnOptions sets up if OPTIONS requests should have their JWT validated or not.
Default value: true.
type SuccessHandler ¶
type SuccessHandler func(logger *log.Logger, next http.Handler, w http.ResponseWriter, r *http.Request, token string)
SuccessHandler is a handler which is called when a token is validated in the JWTMiddleware.
func OidcSuccessHandler ¶
func OidcSuccessHandler( ssoRedirectUrlMacSigningKey interface{}, ssoRedirectUrlMacStrength sso_redirector.HmacStrength, ssoRedirectUrlMacAllowedClockSkew time.Duration, ) SuccessHandler
OidcSuccessHandler is the oidc error handler implementation for the JWTMiddleware.
type TokenExtractor ¶
TokenExtractor is a function that takes a request as input and returns either a token or an error. An error should only be returned if an attempt to specify a token was found, but the information was somehow incorrectly formed. In the case where a token is simply not present, this should not be treated as an error. An empty string should be returned in that case.
func CookieTokenExtractor ¶
func CookieTokenExtractor(cookieName string) TokenExtractor
CookieTokenExtractor builds a TokenExtractor that takes a request and extracts the token from the cookie using the passed in cookieName.
func FormTokenExtractor ¶
func FormTokenExtractor(urlPathPrefix string, param string) TokenExtractor
FormTokenExtractor returns a TokenExtractor that extracts the token from a form post.
func MultiTokenExtractor ¶
func MultiTokenExtractor(extractors ...TokenExtractor) TokenExtractor
MultiTokenExtractor returns a TokenExtractor that runs multiple TokenExtractors and takes the one that does not return an empty token. If a TokenExtractor returns an error that error is immediately returned.
func OidcTokenExtractor ¶
func OidcTokenExtractor() TokenExtractor
OidcTokenExtractor is the default token extractor implementation for the JWTMiddleware. If an token extractor is not provided via the WithTokenExtractor option this will be used.
func ParameterTokenExtractor ¶
func ParameterTokenExtractor(param string) TokenExtractor
ParameterTokenExtractor returns a TokenExtractor that extracts the token from the specified query string parameter.
type TokenInjector ¶
func CookieTokenInjector ¶
func CookieTokenInjector(cookieName string) TokenInjector
func MultiTokenInjector ¶
func MultiTokenInjector(injectors ...TokenInjector) TokenInjector
func ParameterTokenInjector ¶
func ParameterTokenInjector(param string) TokenInjector
type ValidateToken ¶
type ValidateToken func(logger *log.Logger, context context.Context, token string) (interface{}, error)
ValidateToken takes in a string JWT and makes sure it is valid and returns the valid token. If it is not valid it will return nil and an error message describing why validation failed. Inside ValidateToken things like key and alg checking can happen. In the default implementation we can add safe defaults for those.