token

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2019 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultAlg = "RS256"
)

Variables

View Source
var (
	ErrRemoteURLRequired = errors.New("A URL for the remote claimer is required")
)
View Source
var (
	ErrVariableNotAllowed = errors.New("Either header/parameter or variable can specified, but not all three")
)

Functions

func DecodeRemoteClaimsResponse

func DecodeRemoteClaimsResponse(_ context.Context, response *http.Response) (interface{}, error)

func DecodeServerRequest

func DecodeServerRequest(rb RequestBuilders) func(context.Context, *http.Request) (interface{}, error)

func EncodeIssueResponse

func EncodeIssueResponse(_ context.Context, response http.ResponseWriter, value interface{}) error

func NewClaimsEndpoint

func NewClaimsEndpoint(cb ClaimBuilder) endpoint.Endpoint

NewClaimsEndpoint returns a go-kit endpoint that returns just the claims

func NewIssueEndpoint

func NewIssueEndpoint(f Factory) endpoint.Endpoint

NewIssueEndpoint returns a go-kit endpoint for a token factory's NewToken method

func Unmarshal

func Unmarshal(configKey string, b ...RequestBuilder) func(TokenIn) (TokenOut, error)

Unmarshal returns an uber/fx style factory that produces the relevant components for a single token factory.

Types

type ClaimBuilder

type ClaimBuilder interface {
	AddClaims(context.Context, *Request, map[string]interface{}) error
}

ClaimBuilder is a strategy for building token claims, given a token Request

type ClaimBuilderFunc

type ClaimBuilderFunc func(context.Context, *Request, map[string]interface{}) error

func (ClaimBuilderFunc) AddClaims

func (cbf ClaimBuilderFunc) AddClaims(ctx context.Context, tr *Request, target map[string]interface{}) error

type ClaimBuilders

type ClaimBuilders []ClaimBuilder

ClaimBuilders implements a pipeline of ClaimBuilder instances, invoked in sequence.

func NewClaimBuilders

func NewClaimBuilders(n random.Noncer, client xhttpclient.Interface, o Options) (ClaimBuilders, error)

NewClaimBuilders constructs a ClaimBuilders from configuration. The returned instance is typically used in configuration a token Factory. It can be used as a standalone service component with an endpoint.

The returned builders do not include those claims derived from HTTP requests. Claims derived from HTTP requests are handled by NewRequestBuilders and DecodeServerRequest.

func (ClaimBuilders) AddClaims

func (cbs ClaimBuilders) AddClaims(ctx context.Context, r *Request, target map[string]interface{}) error

type ClaimsHandler

type ClaimsHandler http.Handler

type DecodeClaimsError added in v0.3.0

type DecodeClaimsError struct {
	URL        string
	StatusCode int
	Err        error
}

func (*DecodeClaimsError) Error added in v0.3.0

func (dce *DecodeClaimsError) Error() string

func (*DecodeClaimsError) MarshalJSON added in v0.3.0

func (dce *DecodeClaimsError) MarshalJSON() ([]byte, error)

func (*DecodeClaimsError) Unwrap added in v0.3.0

func (dce *DecodeClaimsError) Unwrap() error

type Factory

type Factory interface {
	// NewToken uses a Request to produce a signed JWT token
	NewToken(context.Context, *Request) (string, error)
}

Factory is a creation strategy for signed JWT tokens

func NewFactory

func NewFactory(o Options, cb ClaimBuilder, kr key.Registry) (Factory, error)

NewFactory creates a token Factory from a Descriptor. The supplied Noncer is used if and only if d.Nonce is true. Alternatively, supplying a nil Noncer will disable nonce creation altogether. The token's key pair is registered with the given key Registry.

type IssueHandler

type IssueHandler http.Handler

func NewIssueHandler

func NewIssueHandler(e endpoint.Endpoint, rb RequestBuilders) IssueHandler

type Options

type Options struct {
	// Alg is the required JWT signing algorithm to use
	Alg string

	// Key describes the signing key to use
	Key key.Descriptor

	// Claims is an optional map of claims to add to every token emitted by this factory.
	// Any claims here can be overridden by claims within a token Request.
	Claims map[string]Value

	// Metadata describes non-claim data, which can be statically configured or supplied via a request
	Metadata map[string]Value

	// Nonce indicates whether a nonce (jti) should be applied to each token emitted
	// by this factory.
	Nonce bool

	// DisableTime completely disables all time-based claims, such as iat.  Setting this to true
	// also causes Duration and NotBeforeDelta to be ignored.
	DisableTime bool

	// Duration specifies how long the token should be valid for.  An exp claim is set
	// using this duration from the current time if this field is positive.
	Duration time.Duration

	// DisableNotBefore specifically controls the nbf claim.
	DisableNotBefore bool

	// NotBeforeDelta is a golang duration that determines the nbf field.  This field
	// is parsed and added to the current time at the moment a token is issued.  The result
	// is set as an nbf claim.  Note that the duration may be zero or negative.
	//
	// If either DisableTime or DisableNotBefore are true, this field is ignored and no nbf claim is emitted.
	NotBeforeDelta time.Duration

	// Remote specifies an optional external system that takes metadata from a token request
	// and returns a set of claims to be merged into tokens returned by the Factory.  Returned
	// claims from the remote system do not override claims configured on the Factory.
	Remote *RemoteClaims
}

Options holds the configurable information for a token Factory

type RemoteClaims

type RemoteClaims struct {
	// Method is the HTTP method used to invoke the URL
	Method string

	// URL is the remote endpoint that is expected to receive Request.Metadata and return a JSON document
	// which is merged into the token claims
	URL string
}

RemoteClaims describes a remote HTTP endpoint that can produce claims given the metadata from a token request.

type Request

type Request struct {
	// Claims holds the extra claims to add to tokens.  These claims will override any configured claims in a Factory,
	// but will not override time-based claims such as nbf or exp.
	Claims map[string]interface{}

	// Metadata holds non-claim information about the request, usually garnered from the original HTTP request.  This
	// metadata is available to lower levels of infrastructure used by the Factory.
	Metadata map[string]interface{}
}

Request is a token creation request. Clients can pass in arbitrary claims, typically things like "iss", to merge and override anything set on the factory via configuration.

func BuildRequest

func BuildRequest(original *http.Request, rb RequestBuilders) (*Request, error)

BuildRequest applies a sequence of RequestBuilder instances to produce a token factory Request

func NewRequest

func NewRequest() *Request

NewRequest returns an empty, fully initialized token Request

type RequestBuilder

type RequestBuilder interface {
	Build(*http.Request, *Request) error
}

RequestBuilder is a strategy for building a token factory Request from an HTTP request.

Note: before invoking a RequestBuilder, calling code should parse the HTTP request form.

type RequestBuilderFunc

type RequestBuilderFunc func(*http.Request, *Request) error

func (RequestBuilderFunc) Build

func (rbf RequestBuilderFunc) Build(original *http.Request, tr *Request) error

type RequestBuilders

type RequestBuilders []RequestBuilder

RequestBuilders represents a set of RequestBuilder strategies that can be invoked in sequence.

func NewRequestBuilders

func NewRequestBuilders(o Options) (RequestBuilders, error)

NewRequestBuilders creates a RequestBuilders sequence given an Options configuration. Only claims and metadata that are HTTP-based are included in the results. Claims and metadata that are statically assigned values are handled by ClaimBuilder objects and are part of the Factory configuration.

func (RequestBuilders) Build

func (rbs RequestBuilders) Build(original *http.Request, tr *Request) error

Build invokes each request builder in sequence. Prior to invoking any of the chain of builders,

type TokenIn

type TokenIn struct {
	fx.In

	Noncer       random.Noncer `optional:"true"`
	Keys         key.Registry
	Unmarshaller config.Unmarshaller
	Client       xhttpclient.Interface `optional:"true"`
}

type TokenOut

type TokenOut struct {
	fx.Out

	ClaimBuilder  ClaimBuilder
	Factory       Factory
	IssueHandler  IssueHandler
	ClaimsHandler ClaimsHandler
}

type Value

type Value struct {
	// Header is an HTTP header from which the value is pulled
	Header string

	// Parameter is a URL query parameter (including form data) from which the value is pulled
	Parameter string

	// Variable is a URL gorilla/mux variable from with the value is pulled
	Variable string

	// Required indicates that this value is required.  Only applies to HTTP values.
	Required bool

	// Value is the statically assigned value from configuration
	Value interface{}
}

Value represents information pulled from either the HTTP request or statically, via config.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL