Documentation ¶
Index ¶
- Constants
- Variables
- func ConsumeAuthCode(ctx context.Context, code string) (isValid bool, identityId string, err error)
- func GenerateAccessToken(ctx context.Context, identityId string) (string, time.Duration, error)
- func NewAuthCode(ctx context.Context, identityId string) (string, error)
- func NewRefreshToken(ctx context.Context, identityId string) (string, error)
- func RevokeRefreshToken(ctx context.Context, refreshTokenRaw string) error
- func RotateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, refreshToken string, identityId string, err error)
- func ValidateAccessToken(ctx context.Context, tokenString string) (string, string, error)
- func ValidateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, identityId string, err error)
- func VerifyIdToken(ctx context.Context, idTokenRaw string) (*oidc.IDToken, error)
- type AccessTokenClaims
- type IdTokenClaims
- type UserClaims
Constants ¶
const (
// Issuer 'iss' claim for access tokens issued by Keel
KeelIssuer = "https://keel.so"
)
Variables ¶
var ( ErrInvalidToken = common.NewAuthenticationFailedMessageErr("cannot be parsed or verified as a valid JWT") ErrTokenExpired = common.NewAuthenticationFailedMessageErr("token has expired") ErrIdentityNotFound = common.NewAuthenticationFailedMessageErr("identity not found") )
Functions ¶
func ConsumeAuthCode ¶ added in v0.373.0
ConsumeAuthCode checks that the provided auth code has not expired, consumes it (making it unusable again), and returning the identity it is associated with.
func GenerateAccessToken ¶
func NewAuthCode ¶ added in v0.373.0
NewAuthCode generates a new auth code for the identity using the configured or default expiry time.
func NewRefreshToken ¶
NewRefreshToken generates a new refresh token for the identity using the configured or default expiry time.
func RevokeRefreshToken ¶
RevokeRefreshToken will delete (revoke) the provided refresh token, which will prevent it from being used again.
func RotateRefreshToken ¶
func RotateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, refreshToken string, identityId string, err error)
RotateRefreshToken validates that the provided refresh token has not expired, and then rotates it for a new refresh token with the exact same expiry time and identity. The original refresh token is then revoked from future use.
func ValidateAccessToken ¶
func ValidateRefreshToken ¶
func ValidateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, identityId string, err error)
ValidateRefreshToken validates that the provided refresh token has no expired, and also returns the identity it is associated with. The refresh token is not revoked.
Types ¶
type AccessTokenClaims ¶
type AccessTokenClaims struct {
jwt.RegisteredClaims
}
https://pkg.go.dev/github.com/golang-jwt/jwt/v4#RegisteredClaims
type IdTokenClaims ¶
type IdTokenClaims struct { jwt.RegisteredClaims UserClaims }
type UserClaims ¶
type UserClaims struct { // default 'email' scope claims Email string `json:"email,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` // default 'profile' scope claims Name string `json:"name,omitempty"` GivenName string `json:"given_name,omitempty"` FamilyName string `json:"family_name,omitempty"` MiddleName string `json:"middle_name,omitempty"` NickName string `json:"nick_name,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` Profile string `json:"profile,omitempty"` Picture string `json:"picture,omitempty"` Website string `json:"website,omitempty"` Gender string `json:"gender,omitempty"` ZoneInfo string `json:"zoneinfo,omitempty"` Locale string `json:"locale,omitempty"` // default 'phone' scope claims PhoneNumber string `json:"phone_number,omitempty"` PhoneNumberVerified bool `json:"phone_number_verified,omitempty"` }
https://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims