Documentation
¶
Index ¶
- func ClientCertFromContext(ctx context.Context) (string, error)
- func ExtractClientCert(ctx context.Context, header http.Header) (context.Context, error)
- func InjectClientCert(ctx context.Context, header http.Header)
- func NewContext(ctx context.Context, info *Info) context.Context
- func NewContextWithClientCert(ctx context.Context, clientCert string) context.Context
- type Info
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractClientCert ¶
ExtractClientCert is called from the API to either propagate an existing certificate to the context, or to extract one from headers injected by TLS termination.
func InjectClientCert ¶
InjectClientCert is called by clients to propagate the client certificate that started the call chain, and thus owns the access token, to the next server.
func NewContextWithClientCert ¶
NewContextWithClientCert is used to propagate the client certificate to other clients. The client certificate parameter is passed verbatim from the TLS termination header, so should be a url encoded string.
Types ¶
type Info ¶ added in v0.2.52
type Info struct {
// Token is a copy of the access token made available to handlers.
Token string
// Userinfo is a parsed version of the token, used primarily for
// auditing etc.
Userinfo *openapi.Userinfo
// ClientID optionally records the oauth2 client that initiated
// the session, and can be used to route errors to the correct
// endpoint.
ClientID string
// ServiceAccount means this belongs explicitly to a service account.
ServiceAccount bool
}
Info contains all the information we can derive from an access token.
Source Files
Click to show internal directories.
Click to hide internal directories.