authentication

package
v0.0.0-...-902bda8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2025 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Overview

Package authentication implements the types and functions used to load and validate user authentication

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewContext 

func NewContext(ctx context.Context, auth Authentication) context.Context

NewContext returns a new context.Context with the given Authentication attached

func NewValidationStore 

func NewValidationStore(logger *zap.Logger, inner jwkset.Storage, algs []string) jwkset.Storage

func WebsocketInitialPayloadFromContext 

func WebsocketInitialPayloadFromContext(ctx context.Context) json.RawMessage

func WithWebsocketInitialPayloadContextKey 

func WithWebsocketInitialPayloadContextKey(ctx context.Context, initialPayload json.RawMessage) context.Context

Types

type Authentication 

type Authentication interface {
	// Authenticator returns the name of the Authenticator that authenticated
	// the request.
	Authenticator() string
	// Claims returns the claims of the authenticated request, as returned by
	// the Authenticator.
	Claims() Claims
	// SetScopes sets the scopes of the authenticated request. It will replace the scopes already parsed from the claims.
	// If users desire to append the scopes, they can first run `Scopes` to get the current scopes, and then append the new scopes
	SetScopes(scopes []string)
	// Scopes returns the scopes of the authenticated request, as returned by
	// the Authenticator.
	Scopes() []string
}

func Authenticate 

func Authenticate(ctx context.Context, authenticators []Authenticator, p Provider) (Authentication, error)

Authenticate tries to authenticate the given Provider using the given authenticators. If any of the authenticators succeeds, the Authentication result is returned with no error. If the Provider has no authentication information, the Authentication result is nil with no error. If the authentication information is present but some or all of the authenticators fail to validate it, then a non-nil error will be produced.

func AuthenticateHTTPRequest 

func AuthenticateHTTPRequest(ctx context.Context, authenticators []Authenticator, r *http.Request) (Authentication, error)

AuthenticateHTTPRequest is a convenience function that calls Authenticate when the authentication information is provided by an *http.Request

func FromContext 

func FromContext(ctx context.Context) Authentication

FromContext returns the Authentication attached to the given context.Context, or nil if there's none.

func NewEmptyAuthentication 

func NewEmptyAuthentication() Authentication

type Authenticator 

type Authenticator interface {
	Name() string
	Authenticate(ctx context.Context, p Provider) (Claims, error)
}

Authenticator represents types that given a Provider, can authenticate it. If no authentication information is available, the Authenticate method should return nil without any errors.

func NewHttpHeaderAuthenticator 

func NewHttpHeaderAuthenticator(opts HttpHeaderAuthenticatorOptions) (Authenticator, error)

NewHttpHeaderAuthenticator returns a HttpHeader based authenticator. See HttpHeaderAuthenticatorOptions for the available options.

func NewWebsocketInitialPayloadAuthenticator 

func NewWebsocketInitialPayloadAuthenticator(opts WebsocketInitialPayloadAuthenticatorOptions) (Authenticator, error)

NewWebsocketInitialPayloadAuthenticator returns an InitialPayload based authenticator. See WebsocketInitialPayloadAuthenticatorOptions for the available options.

type Claims 

type Claims map[string]any

type HttpHeaderAuthenticatorOptions 

type HttpHeaderAuthenticatorOptions struct {
	// Name is the authenticator name. It cannot be empty.
	Name string
	// HeaderSourcePrefixes are the headers and their prefixes to use for retrieving the token.
	// It defaults to Authorization and Bearer
	HeaderSourcePrefixes map[string][]string
	// TokenDecoder is the token decoder to use for decoding the token. It cannot be nil.
	TokenDecoder TokenDecoder
}

HttpHeaderAuthenticatorOptions contains the available options for the HttpHeader authenticator

type JWKSConfig 

type JWKSConfig struct {
	URL               string
	RefreshInterval   time.Duration
	AllowedAlgorithms []string
}

type Provider 

type Provider interface {
	AuthenticationHeaders() http.Header
}

Provider is an interface that represents entities that might provide authentication information. If no authentication information is available, the AuthenticationHeaders method should return nil.

type TokenDecoder 

type TokenDecoder interface {
	Decode(token string) (Claims, error)
}

func NewJwksTokenDecoder 

func NewJwksTokenDecoder(ctx context.Context, logger *zap.Logger, configs []JWKSConfig) (TokenDecoder, error)

type WebsocketInitialPayloadAuthenticatorOptions 

type WebsocketInitialPayloadAuthenticatorOptions struct {
	// TokenDecoder is the token decoder to use for decoding the token.
	TokenDecoder TokenDecoder
	// Key represents the property name in the initial payload that contains the token.
	Key string
	// HeaderValuePrefixes are the prefixes to use for retrieving the token. It defaults to
	// Bearer
	HeaderValuePrefixes []string
}

WebsocketInitialPayloadAuthenticatorOptions contains the available options for the InitialPayload authenticator

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.