Documentation ¶
Index ¶
- Constants
- Variables
- func GetAccountID(ctx context.Context, keyfunc jwt.Keyfunc) (string, error)
- func GetJWTField(ctx context.Context, field string, keyfunc jwt.Keyfunc) (string, error)
- func UnaryServerInterceptor(authzAddress, appID string) grpc.UnaryServerInterceptor
- func WithCallback(attr attributer) option
- func WithJWT(keyfunc jwt.Keyfunc) option
- func WithRequest(appID string) option
- type Authorizer
- type Builder
- type Handler
Constants ¶
const (
// MultiTenancyField the field name for a specific tenant
MultiTenancyField = "AccountID"
)
Variables ¶
var ( // ErrInternal indicates a server-side error occured during authorization ErrInternal = grpc.Errorf(codes.Internal, "unable to process request") ErrUnauthorized = grpc.Errorf(codes.PermissionDenied, "unauthorized") )
Functions ¶
func GetAccountID ¶
GetAccountID gets the JWT from a context and returns the AccountID field
func GetJWTField ¶
GetJWTField gets the JWT from a context and returns the specified field
func UnaryServerInterceptor ¶
func UnaryServerInterceptor(authzAddress, appID string) grpc.UnaryServerInterceptor
func WithCallback ¶
func WithCallback(attr attributer) option
WithCallback allows developers to pass their own attributer to the authorization service. It gives them the flexibility to add customization to the auth process without needing to write a Builder from scratch.
func WithJWT ¶
WithJWT allows for token-based authorization using JWT. When WithJWT has been added as a build parameter, every field in the token payload will be included in the request to Themis
func WithRequest ¶
func WithRequest(appID string) option
WithRequest takes metadata from the incoming request and passes it to Themis in the authorization request. Specifically, this includes the gRPC service name (e.g. AddressBook) and the corresponding function that is called by the client (e.g. ListPersons)
Types ¶
type Authorizer ¶
Authorizer glues together a Builder and a Handler. It is responsible for sending requests and receiving responses to/from Themis
func (Authorizer) AuthFunc ¶
func (a Authorizer) AuthFunc() grpc_auth.AuthFunc
AuthFunc builds the "AuthFunc" using the pep client that comes with Themis
type Builder ¶
type Builder interface {
// contains filtered or unexported methods
}
Builder is responsible for creating requests to Themis. The response from Themis will determine if a request is authorized or unauthorized
func NewBuilder ¶
func NewBuilder(opts ...option) Builder
NewBuilder returns an instance of the default Builder that includes all of of the user-provided options