auth

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// MultiTenancyField the field name for a specific tenant
	MultiTenancyField = "AccountID"
)

Variables

View Source
var (
	// ErrInternal indicates a server-side error occured during authorization
	ErrInternal = grpc.Errorf(codes.Internal, "unable to process request")
	// ErrUnauthorized indicates that a given request has been denied
	ErrUnauthorized = grpc.Errorf(codes.PermissionDenied, "unauthorized")
)

Functions

func GetAccountID

func GetAccountID(ctx context.Context, keyfunc jwt.Keyfunc) (string, error)

GetAccountID gets the JWT from a context and returns the AccountID field

func GetJWTField

func GetJWTField(ctx context.Context, field string, keyfunc jwt.Keyfunc) (string, error)

GetJWTField gets the JWT from a context and returns the specified field

func UnaryServerInterceptor

func UnaryServerInterceptor(authzAddress, appID string) grpc.UnaryServerInterceptor

func WithCallback

func WithCallback(attr attributer) option

WithCallback allows developers to pass their own attributer to the authorization service. It gives them the flexibility to add customization to the auth process without needing to write a Builder from scratch.

func WithJWT

func WithJWT(keyfunc jwt.Keyfunc) option

WithJWT allows for token-based authorization using JWT. When WithJWT has been added as a build parameter, every field in the token payload will be included in the request to Themis

func WithRequest

func WithRequest(appID string) option

WithRequest takes metadata from the incoming request and passes it to Themis in the authorization request. Specifically, this includes the gRPC service name (e.g. AddressBook) and the corresponding function that is called by the client (e.g. ListPersons)

func WithTLS added in v0.5.0

func WithTLS() option

WithTLS gathers metadata from a TLS-authenticated client

Types

type Authorizer

type Authorizer struct {
	PDPAddress string
	Bldr       Builder
	Hdlr       Handler
}

Authorizer glues together a Builder and a Handler. It is responsible for sending requests and receiving responses to/from Themis

func (Authorizer) AuthFunc

func (a Authorizer) AuthFunc() grpc_auth.AuthFunc

AuthFunc builds the "AuthFunc" using the pep client that comes with Themis

type Builder

type Builder interface {
	// contains filtered or unexported methods
}

Builder is responsible for creating requests to Themis. The response from Themis will determine if a request is authorized or unauthorized

func NewBuilder

func NewBuilder(opts ...option) Builder

NewBuilder returns an instance of the default Builder that includes all of of the user-provided options

type Handler

type Handler interface {
	// contains filtered or unexported methods
}

Handler decides whether or not a request from Themis is authorized

func NewHandler

func NewHandler() Handler

NewHandler returns an instance of the default handler

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL