Documentation ¶
Index ¶
- Constants
- Variables
- func DecodeRemoteClaimsResponse(_ context.Context, response *http.Response) (interface{}, error)
- func DecodeServerRequest(rb RequestBuilders) func(context.Context, *http.Request) (interface{}, error)
- func EncodeIssueResponse(_ context.Context, response http.ResponseWriter, value interface{}) error
- func NewClaimsEndpoint(cb ClaimBuilder) endpoint.Endpoint
- func NewIssueEndpoint(f Factory) endpoint.Endpoint
- func Unmarshal(configKey string, b ...RequestBuilder) func(TokenIn) (TokenOut, error)
- type ClaimBuilder
- type ClaimBuilderFunc
- type ClaimBuilders
- type ClaimsHandler
- type DecodeClaimsError
- type Factory
- type IssueHandler
- type Options
- type RemoteClaims
- type Request
- type RequestBuilder
- type RequestBuilderFunc
- type RequestBuilders
- type TokenIn
- type TokenOut
- type Value
Constants ¶
const (
DefaultAlg = "RS256"
)
Variables ¶
var (
ErrRemoteURLRequired = errors.New("A URL for the remote claimer is required")
)
var (
ErrVariableNotAllowed = errors.New("Either header/parameter or variable can specified, but not all three")
)
Functions ¶
func DecodeServerRequest ¶
func EncodeIssueResponse ¶
func EncodeIssueResponse(_ context.Context, response http.ResponseWriter, value interface{}) error
func NewClaimsEndpoint ¶
func NewClaimsEndpoint(cb ClaimBuilder) endpoint.Endpoint
NewClaimsEndpoint returns a go-kit endpoint that returns just the claims
func NewIssueEndpoint ¶
NewIssueEndpoint returns a go-kit endpoint for a token factory's NewToken method
Types ¶
type ClaimBuilder ¶
ClaimBuilder is a strategy for building token claims, given a token Request
type ClaimBuilderFunc ¶
type ClaimBuilders ¶
type ClaimBuilders []ClaimBuilder
ClaimBuilders implements a pipeline of ClaimBuilder instances, invoked in sequence.
func NewClaimBuilders ¶
func NewClaimBuilders(n random.Noncer, client xhttpclient.Interface, o Options) (ClaimBuilders, error)
NewClaimBuilders constructs a ClaimBuilders from configuration. The returned instance is typically used in configuration a token Factory. It can be used as a standalone service component with an endpoint.
The returned builders do not include those claims derived from HTTP requests. Claims derived from HTTP requests are handled by NewRequestBuilders and DecodeServerRequest.
type ClaimsHandler ¶
func NewClaimsHandler ¶
func NewClaimsHandler(e endpoint.Endpoint, rb RequestBuilders) ClaimsHandler
type DecodeClaimsError ¶ added in v0.3.0
func (*DecodeClaimsError) Error ¶ added in v0.3.0
func (dce *DecodeClaimsError) Error() string
func (*DecodeClaimsError) MarshalJSON ¶ added in v0.3.0
func (dce *DecodeClaimsError) MarshalJSON() ([]byte, error)
func (*DecodeClaimsError) Unwrap ¶ added in v0.3.0
func (dce *DecodeClaimsError) Unwrap() error
type Factory ¶
type Factory interface { // NewToken uses a Request to produce a signed JWT token NewToken(context.Context, *Request) (string, error) }
Factory is a creation strategy for signed JWT tokens
func NewFactory ¶
NewFactory creates a token Factory from a Descriptor. The supplied Noncer is used if and only if d.Nonce is true. Alternatively, supplying a nil Noncer will disable nonce creation altogether. The token's key pair is registered with the given key Registry.
type IssueHandler ¶
func NewIssueHandler ¶
func NewIssueHandler(e endpoint.Endpoint, rb RequestBuilders) IssueHandler
type Options ¶
type Options struct { // Alg is the required JWT signing algorithm to use Alg string // Key describes the signing key to use Key key.Descriptor // Claims is an optional map of claims to add to every token emitted by this factory. // Any claims here can be overridden by claims within a token Request. Claims map[string]Value // Metadata describes non-claim data, which can be statically configured or supplied via a request Metadata map[string]Value // Nonce indicates whether a nonce (jti) should be applied to each token emitted // by this factory. Nonce bool // DisableTime completely disables all time-based claims, such as iat. Setting this to true // also causes Duration and NotBeforeDelta to be ignored. DisableTime bool // Duration specifies how long the token should be valid for. An exp claim is set // using this duration from the current time if this field is positive. Duration time.Duration // DisableNotBefore specifically controls the nbf claim. DisableNotBefore bool // NotBeforeDelta is a golang duration that determines the nbf field. This field // is parsed and added to the current time at the moment a token is issued. The result // is set as an nbf claim. Note that the duration may be zero or negative. // // If either DisableTime or DisableNotBefore are true, this field is ignored and no nbf claim is emitted. NotBeforeDelta time.Duration // Remote specifies an optional external system that takes metadata from a token request // and returns a set of claims to be merged into tokens returned by the Factory. Returned // claims from the remote system do not override claims configured on the Factory. Remote *RemoteClaims }
Options holds the configurable information for a token Factory
type RemoteClaims ¶
type RemoteClaims struct { // Method is the HTTP method used to invoke the URL Method string // URL is the remote endpoint that is expected to receive Request.Metadata and return a JSON document // which is merged into the token claims URL string }
RemoteClaims describes a remote HTTP endpoint that can produce claims given the metadata from a token request.
type Request ¶
type Request struct { // Claims holds the extra claims to add to tokens. These claims will override any configured claims in a Factory, // but will not override time-based claims such as nbf or exp. Claims map[string]interface{} // Metadata holds non-claim information about the request, usually garnered from the original HTTP request. This // metadata is available to lower levels of infrastructure used by the Factory. Metadata map[string]interface{} }
Request is a token creation request. Clients can pass in arbitrary claims, typically things like "iss", to merge and override anything set on the factory via configuration.
func BuildRequest ¶
func BuildRequest(original *http.Request, rb RequestBuilders) (*Request, error)
BuildRequest applies a sequence of RequestBuilder instances to produce a token factory Request
func NewRequest ¶
func NewRequest() *Request
NewRequest returns an empty, fully initialized token Request
type RequestBuilder ¶
RequestBuilder is a strategy for building a token factory Request from an HTTP request.
Note: before invoking a RequestBuilder, calling code should parse the HTTP request form.
type RequestBuilderFunc ¶
type RequestBuilders ¶
type RequestBuilders []RequestBuilder
RequestBuilders represents a set of RequestBuilder strategies that can be invoked in sequence.
func NewRequestBuilders ¶
func NewRequestBuilders(o Options) (RequestBuilders, error)
NewRequestBuilders creates a RequestBuilders sequence given an Options configuration. Only claims and metadata that are HTTP-based are included in the results. Claims and metadata that are statically assigned values are handled by ClaimBuilder objects and are part of the Factory configuration.
type TokenIn ¶
type TokenIn struct { fx.In Noncer random.Noncer `optional:"true"` Keys key.Registry Unmarshaller config.Unmarshaller Client xhttpclient.Interface `optional:"true"` }
type TokenOut ¶
type TokenOut struct { fx.Out ClaimBuilder ClaimBuilder Factory Factory IssueHandler IssueHandler ClaimsHandler ClaimsHandler }
type Value ¶
type Value struct { // Header is an HTTP header from which the value is pulled Header string // Parameter is a URL query parameter (including form data) from which the value is pulled Parameter string // Variable is a URL gorilla/mux variable from with the value is pulled Variable string // Required indicates that this value is required. Only applies to HTTP values. Required bool // Value is the statically assigned value from configuration Value interface{} }
Value represents information pulled from either the HTTP request or statically, via config.