The highest tagged major version is
Documentation
¶
Overview ¶
Package role represents the processing logic of role token.
Index ¶
Constants ¶
const (
CONFIRM_METHOD_MEMBER = "x5t#S256"
)
Variables ¶
var ( // ErrRoleTokenInvalid "Access denied due to invalid RoleToken" ErrRoleTokenInvalid = errors.New("Access denied due to invalid RoleToken") // ErrRoleTokenExpired "Access denied due to expired RoleToken" ErrRoleTokenExpired = errors.New("Access denied due to expired RoleToken") )
Functions ¶
This section is empty.
Types ¶
type BaseClaim ¶ added in v2.2.0
type BaseClaim struct {
jwt.StandardClaims
}
type Option ¶
type Option func(*rtp) error
Option represents a functional options pattern interface
func WithClientCertificateGoBackSeconds ¶ added in v2.2.0
WithClientCertificateGoBackSeconds represents set clientCertificateGoBackSeconds functional option
func WithClientCertificateOffsetSeconds ¶ added in v2.2.0
WithClientCertificateOffsetSeconds represents set clientCertificateOffsetSeconds functional option
func WithEnableMTLSCertificateBoundAccessToken ¶ added in v2.2.0
WithEnableMTLSCertificateBoundAccessToken represents set enableMTLSCertificateBoundAccessToken functional option
func WithJWKProvider ¶
WithJWKProvider represents set pubkey provider functional option
func WithPubkeyProvider ¶
WithPubkeyProvider represents set pubkey provider functional option
type Processor ¶
type Processor interface {
ParseAndValidateRoleToken(tok string) (*Token, error)
ParseAndValidateRoleJWT(cred string) (*RoleJWTClaim, error)
ParseAndValidateZTSAccessToken(cred string, cert *x509.Certificate) (*ZTSAccessTokenClaim, error)
}
Processor represents the role token parser interface.
type RoleJWTClaim ¶ added in v2.2.0
type RoleJWTClaim struct {
Domain string `json:"d"`
Email string `json:"email"`
KeyID string `json:"k"`
MFA string `json:"mfa"`
Role string `json:"r"`
Salt string `json:"a"`
UserID string `json:"u"`
UserName string `json:"n"`
Version string `json:"v"`
BaseClaim
}
RoleJWTClaim represents role jwt claim data.
type Token ¶
type Token struct {
// Version string // required
Domain string // required
Roles []string // required
// Principal string // required
// Host string
// Salt string // required
// TimeStamp time.Time // required
ExpiryTime time.Time // required
KeyID string // required
// IP string
// ProxyUser string
Signature string // required
UnsignedToken string
}
Token represents role token data.
type ZTSAccessTokenClaim ¶ added in v2.2.0
type ZTSAccessTokenClaim struct {
AuthTime int64 `json:"auth_time"`
Version int `json:"ver"`
ClientID string `json:"client_id"`
UserID string `json:"uid"`
ProxyPrincipal string `json:"proxy,omitempty"`
Scope []string `json:"scp"`
Confirm map[string]string `json:"cnf"`
BaseClaim
}
ZTSAccessTokenClaim represents access token claim data. based on https://github.com/yahoo/athenz/blob/0e7335dbfa9d41eef0b049c07e7f846bff0f3169/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/token/AccessToken.java#L382
Source Files