Documentation
¶
Index ¶
- Constants
- func NewJwtTokenParser(opts ...jwt.ParseOption) (bascule.TokenParser, error)
- func NewTokenFactory(opts ...bascule.TokenFactoryOption) (bascule.TokenFactory, error)
- type Accessor
- type AuthorizationAccessor
- type BasicChallenge
- type BearerChallenge
- type Challenge
- type Challenges
- type FrontDoor
- type FrontDoorOption
Constants ¶
const ( BasicScheme bascule.Scheme = "Basic" BearerScheme bascule.Scheme = "Bearer" // WwwAuthenticateHeaderName is the HTTP header used for StatusUnauthorized challenges. WwwAuthenticateHeaderName = "WWW-Authenticate" // DefaultBasicRealm is the realm used for a basic challenge // when no realm is supplied. DefaultBasicRealm string = "bascule" // DefaultBearerRealm is the realm used for a bearer challenge // when no realm is supplied. DefaultBearerRealm string = "bascule" )
const DefaultAuthorizationHeader = "Authorization"
Variables ¶
This section is empty.
Functions ¶
func NewJwtTokenParser ¶
func NewJwtTokenParser(opts ...jwt.ParseOption) (bascule.TokenParser, error)
func NewTokenFactory ¶
func NewTokenFactory(opts ...bascule.TokenFactoryOption) (bascule.TokenFactory, error)
NewTokenFactory builds a bascule.TokenFactory with useful defaults for an HTTP environment.
A default CredentialParser and TokenParser schemes are prepended to the supplied option. This function will not return an error if those options are omitted. Any options supplied explicitly to this function can override those defaults.
Types ¶
type Accessor ¶
type Accessor interface {
// GetCredentials obtains the raw, serialized credentials from the request.
GetCredentials(*http.Request) (string, error)
}
Accessor is the strategy for extracting the raw, serialized credentials from an HTTP request.
func DefaultAccessor ¶
func DefaultAccessor() Accessor
type AuthorizationAccessor ¶
type AuthorizationAccessor struct {
// Header is the name of the Authorization header. If unset, then
// DefaultAuthorizationHeader is used.
Header string
}
AuthorizationAccessor is an Accessor that pulls the serialized credentials from an HTTP header of the format defined by https://www.rfc-editor.org/rfc/rfc7235#section-4.2. Only the single header is considered.
func (AuthorizationAccessor) GetCredentials ¶
func (aa AuthorizationAccessor) GetCredentials(r *http.Request) (serialized string, err error)
type BasicChallenge ¶
type BasicChallenge struct {
// Scheme is the name of scheme supplied in the challenge. If this
// field is unset, BasicScheme is used.
Scheme bascule.Scheme
// Realm is the name of the realm for the challenge. If this field
// is unset, DefaultBasicRealm is used.
//
// Note that this field should always be set. The default isn't very
// useful outside of development.
Realm string
// UTF8 indicates whether "charset=UTF-8" is appended to the challenge.
// This is the only charset allowed for a Basic challenge.
UTF8 bool
}
BasicChallenge represents a WWW-Authenticate basic auth challenge.
func (BasicChallenge) FormatAuthenticate ¶
func (bc BasicChallenge) FormatAuthenticate(o strings.Builder)
type BearerChallenge ¶
type BearerChallenge struct {
// Scheme is the name of scheme supplied in the challenge. If this
// field is unset, BearerScheme is used.
Scheme bascule.Scheme
// Realm is the name of the realm for the challenge. If this field
// is unset, DefaultBearerRealm is used.
//
// Note that this field should always be set. The default isn't very
// useful outside of development.
Realm string
}
func (BearerChallenge) FormatAuthenticate ¶
func (bc BearerChallenge) FormatAuthenticate(o strings.Builder)
type Challenge ¶
type Challenge interface {
// FormatAuthenticate formats the authenticate string.
FormatAuthenticate(strings.Builder)
}
Challenge represents a WWW-Authenticate challenge.
type Challenges ¶
type Challenges []Challenge
Challenges represents a sequence of challenges to associated with a StatusUnauthorized response.
func (Challenges) WriteHeader ¶
func (chs Challenges) WriteHeader(h http.Header) int
WriteHeader inserts one WWW-Authenticate header per challenge in this set. If this set is empty, the given http.Header is not modified.
This method returns the count of headers added, which will be zero (0) for an empty Challenges.
type FrontDoor ¶
FrontDoor is a server middleware that handles the full authentication workflow. Authorization is handled separately.
func NewFrontDoor ¶
func NewFrontDoor(opts ...FrontDoorOption) (FrontDoor, error)
NewFrontDoor constructs a FrontDoor middleware using the supplied options.
type FrontDoorOption ¶
type FrontDoorOption interface {
// contains filtered or unexported methods
}
func WithAccessor ¶
func WithAccessor(a Accessor) FrontDoorOption
WithAccessor associates a strategy for extracting the raw, serialized token from a request. If this option is not supplied, DefaultAccessor() is used.
func WithChallenges ¶
func WithChallenges(c ...Challenge) FrontDoorOption
WithChallenges describes challenges to be issued when no credentials are supplied. If no challenges are associated with a FrontDoor, then http.StatusForbidden is returned whenever credentials are not found in the request. Otherwise, http.StatusUnauthorized is returned along with a WWW-Authenticate header for each challenge.
func WithTokenFactory ¶
func WithTokenFactory(tf bascule.TokenFactory) FrontDoorOption
WithTokenFactory associates the given token factory with a front door.
Source Files