engine

package

v1.1.1 Latest Latest Go to latest Published: Oct 21, 2024 License: MIT Imports: 3 Imported by: 8

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tx7do/kratos-authn

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ContextWithAuthClaims(parent context.Context, claims *AuthClaims) context.Context
type AuthClaims
- func AuthClaimsFromContext(ctx context.Context) (*AuthClaims, bool)
type AuthErrorCode
type Authenticator
type ContextType
type ScopeSet

Constants ¶

View Source

const (
	ContextTypeGrpc = iota
	ContextTypeKratosMetaData
)

Variables ¶

View Source

var (
	ErrInvalidSubject    = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidSubject), "invalid subject")
	ErrInvalidAudience   = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidAudience), "invalid audience")
	ErrInvalidIssuer     = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidIssuer), "invalid issuer")
	ErrInvalidExpiration = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidExpiration), "invalid expiration")
	ErrInvalidClaims     = status.Error(codes.Code(AuthErrorCodeInvalidClaims), "invalid claims")
	ErrInvalidToken      = status.Error(codes.Code(AuthErrorCodeAuthFailedInvalidBearerToken), "invalid bearer token")

	ErrMissingBearerToken       = status.Error(codes.Code(AuthErrorCodeBearerTokenMissing), "missing bearer token")
	ErrUnauthenticated          = status.Error(codes.Code(AuthErrorCodeUnauthenticated), "unauthenticated")
	ErrTokenExpired             = status.Error(codes.Code(AuthErrorCodeTokenExpired), "token expired")
	ErrUnsupportedSigningMethod = status.Error(codes.Code(AuthErrorCodeUnsupportedSigningMethod), "unsupported signing method")
	ErrMissingKeyFunc           = status.Error(codes.Code(AuthErrorCodeMissingKeyFunc), "missing keyFunc")
	ErrSignTokenFailed          = status.Error(codes.Code(AuthErrorCodeSignTokenFailed), "sign token failed")
	ErrGetKeyFailed             = status.Error(codes.Code(AuthErrorCodeGetKeyFailed), "get key failed")

	ErrNoAtHash      = status.Error(codes.Code(AuthCodeNoAtHash), "id token did not have an access token hash")
	ErrInvalidAtHash = status.Error(codes.Code(AuthCodeInvalidAtHash), "access token hash does not match value in ID token")
)

Functions ¶

func ContextWithAuthClaims ¶

func ContextWithAuthClaims(parent context.Context, claims *AuthClaims) context.Context

ContextWithAuthClaims injects the provided AuthClaims into the parent context.

Types ¶

type AuthClaims ¶

type AuthClaims struct {
	Issuer     string
	Subject    string
	Audience   string
	Expiration string

	// Scopes see: https://datatracker.ietf.org/doc/html/rfc6749#section-3.3
	Scopes ScopeSet
}

AuthClaims contains claims that are included in OIDC standard claims. See https://openid.net/specs/openid-connect-core-1_0.html#IDToken

func AuthClaimsFromContext ¶

func AuthClaimsFromContext(ctx context.Context) (*AuthClaims, bool)

AuthClaimsFromContext extracts the AuthClaims from the provided ctx (if any).

type AuthErrorCode ¶

type AuthErrorCode int32

const (
	AuthErrorCodeInvalidClaims                AuthErrorCode = 1001
	AuthErrorCodeAuthFailedInvalidBearerToken AuthErrorCode = 1002
	AuthErrorCodeAuthFailedInvalidSubject     AuthErrorCode = 1003
	AuthErrorCodeAuthFailedInvalidAudience    AuthErrorCode = 1004
	AuthErrorCodeAuthFailedInvalidIssuer      AuthErrorCode = 1005
	AuthErrorCodeAuthFailedInvalidExpiration  AuthErrorCode = 1006

	AuthErrorCodeUnauthenticated          AuthErrorCode = 1500
	AuthErrorCodeBearerTokenMissing       AuthErrorCode = 1010
	AuthErrorCodeTokenExpired             AuthErrorCode = 1011
	AuthErrorCodeUnsupportedSigningMethod AuthErrorCode = 1012
	AuthErrorCodeMissingKeyFunc           AuthErrorCode = 1014
	AuthErrorCodeSignTokenFailed          AuthErrorCode = 1015
	AuthErrorCodeGetKeyFailed             AuthErrorCode = 1016

	AuthCodeNoAtHash      AuthErrorCode = 1050
	AuthCodeInvalidAtHash AuthErrorCode = 1051
)

type Authenticator ¶

type Authenticator interface {
	// Authenticate returns a nil error and the AuthClaims info (if available).
	// if the subject is authenticated or a non-nil error with an appropriate error cause otherwise.
	Authenticate(requestContext context.Context, contextType ContextType) (*AuthClaims, error)

	// AuthenticateToken returns a nil error and the AuthClaims info (if available).
	AuthenticateToken(token string) (*AuthClaims, error)

	// CreateIdentityWithContext inject user claims into context.
	CreateIdentityWithContext(requestContext context.Context, contextType ContextType, claims AuthClaims) (context.Context, error)

	// CreateIdentity inject user claims into token string.
	CreateIdentity(claims AuthClaims) (string, error)

	// Close Cleans up the authenticator.
	Close()
}

Authenticator interface

type ContextType ¶ added in v0.0.7

type ContextType int

type ScopeSet ¶

type ScopeSet map[string]bool

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
jwt module
noop
oidc module
presharedkey module
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL