Documentation ¶
Overview ¶
Package authkit is a small library to provide a 3-legged oauth explicit flow for stateless rest services. You need a webapp for the user which communicates with a server backend. This backend uses authkit to talk to the oauth providers and generates a JWT token. All of the rest services can use authkit or any other JWT library to parse the token. When using clustered services you should distribute your private key to all of your services to check the JWT signature.
Index ¶
- Constants
- type AuthContext
- type AuthHandler
- type AuthRegistration
- type AuthUser
- type Authkit
- func (kit *Authkit) Add(r AuthRegistration)
- func (kit *Authkit) Context(rq *http.Request) (*AuthContext, error)
- func (kit *Authkit) DumpKey() string
- func (kit *Authkit) Handle(h AuthHandler) http.HandlerFunc
- func (kit *Authkit) Register(mux *http.ServeMux)
- func (kit *Authkit) RegisterDefault()
- func (kit *Authkit) ServeHTTP(w http.ResponseWriter, rq *http.Request)
- func (kit *Authkit) UseKey(r io.Reader) error
- func (kit *Authkit) WithKeyfile(kf string) *Authkit
- type Extender
- type Provider
- type ProviderRegistry
- type Token
- type Unparsed
- type Values
Constants ¶
const ( Facebook Provider = "facebook" Google = "google" Github = "github" Live = "live" LinkedIn = "linkedin" )
some constants
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthContext ¶
An AuthContext contains an authenticated user and additional claims
type AuthHandler ¶
type AuthHandler func(ac *AuthContext, w http.ResponseWriter, rq *http.Request)
An AuthHandler is a callback function with the current authenticated user and claims. The claims are all values which are stored in the JWT token. You can put your own values with a specific TokenExtender function in the Authkit.
type AuthRegistration ¶
type AuthRegistration struct { Network Provider `json:"network"` ClientID string `json:"clientid"` ClientSecret string `json:"clientsecret"` Scopes []string `json:"scopes"` AuthURL string `json:"authurl"` AccessType string `json:"access_type"` AccessTokenURL string `json:"accesstokenurl"` UserinfoURLs []string `json:"userinfo_urls"` UserinfoBase string `json:"userinfo_base"` PathEMail string `json:"pathemail"` PathID string `json:"pathid"` PathName string `json:"pathname"` PathPicture string `json:"pathpicture"` PathCover string `json:"pathcover"` }
AuthRegistration describes a provider to authenticate against.
func FillDefaults ¶
func FillDefaults(backend Provider, reg AuthRegistration) AuthRegistration
FillDefaults fills the given registration struct with the default values from the backend. The values are only overwritten if they are empty.
func GetRegistry ¶
func GetRegistry(backend Provider) AuthRegistration
GetRegistry returns a registry description for the given backend or an empty registration block.
type AuthUser ¶
type AuthUser struct { Network Provider `json:"network"` ID string `json:"id"` EMail string `json:"email"` Name string `json:"name"` BackgroundURL string `json:"backgroundurl"` ThumbnailURL string `json:"thumbnail"` Fields Unparsed `json:"fields"` }
An AuthUser is a Uid and a Name. The backgroundurl and the thumbnailurl are optional an can be empty.
type Authkit ¶
type Authkit struct { // The Finalizer will be called at the end of the authentication to // finalize the JWT token. TokenExtender Extender // contains filtered or unexported fields }
An Authkit stores a map of providers which are identified by a networkname.
func (*Authkit) Add ¶
func (kit *Authkit) Add(r AuthRegistration)
Add will add the given registration to the map of providers. If there is already a provider with the same 'Network' name, the old one will be overwritten.
func (*Authkit) Context ¶
func (kit *Authkit) Context(rq *http.Request) (*AuthContext, error)
Context returns the current authentication context from the given request.
func (*Authkit) Handle ¶
func (kit *Authkit) Handle(h AuthHandler) http.HandlerFunc
Handle turns a AuthHandler to a normal HandlerFunc
func (*Authkit) RegisterDefault ¶
func (kit *Authkit) RegisterDefault()
RegisterDefault registers the kit to the default http mux.
func (*Authkit) ServeHTTP ¶
func (kit *Authkit) ServeHTTP(w http.ResponseWriter, rq *http.Request)
The authkit is a general http handler
func (*Authkit) WithKeyfile ¶
WithKeyfile loads the given private key and stores it in the Authkit. If the file cannot be loaded this function panics. If you need more control call 'UseKey' instead.
type Extender ¶
Extender is a function which must return a expire duration for the JWT token. The function also can return a map of (string,string) pairs which will be embedded in the JWT token. If this function returns an error, the whole authentication fails.
type ProviderRegistry ¶
type ProviderRegistry map[Provider]AuthRegistration
A ProviderRegistry contains all registerd providers.
type Token ¶
type Token struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` RefreshToken string `json:"refresh_token"` Expiry time.Time `json:"expiry"` }
A Token is a response from a backend provider.