oidc

Documentation

Index

• Variables
• func Authenticate(v Validator) openapi3filter.AuthenticationFunc
• func GetJWSFromRequest(req *http.Request) (string, error)
• func GetJWTFromContext(ctx context.Context) (*authn.AuthClaims, bool)
• type RemoteOidcValidator
  • func NewRemoteOidcValidator(mainIssuer string, issuerAliases []string, audience string) (*RemoteOidcValidator, error)
  • func (oidc *RemoteOidcValidator) Close()
  • func (oidc *RemoteOidcValidator) GetConfiguration() (*authn.OidcConfig, error)
  • func (oidc *RemoteOidcValidator) GetKeys() (*keyfunc.JWKS, error)
  • func (oidc *RemoteOidcValidator) Validate(req *http.Request) (*authn.AuthClaims, error)
• type Validator

Variables

var (
	ErrNoAuthHeader      = fiber.NewError(fiber.StatusUnauthorized, "Authorization header is missing")
	ErrInvalidAuthHeader = fiber.NewError(fiber.StatusUnauthorized, "Authorization header is invalid")
	ErrInvalidToken      = fiber.NewError(fiber.StatusUnauthorized, "token is invalid")
	ErrInvalidIssuer     = fiber.NewError(fiber.StatusUnauthorized, "issuer is invalid")
	ErrClaimsInvalid     = fiber.NewError(fiber.StatusUnauthorized, "claims are invalid")
	ErrInvalidAudiance   = fiber.NewError(fiber.StatusUnauthorized, "audience is invalid")
	ErrInvalidSubject    = fiber.NewError(fiber.StatusUnauthorized, "subject is invalid")
)

Functions

func Authenticate

func Authenticate(v Validator) openapi3filter.AuthenticationFunc

Authenticate returns a nil error and the AuthClaims info (if available) if the subject is authenticated or a

func GetJWSFromRequest

func GetJWSFromRequest(req *http.Request) (string, error)

GetJWSFromRequest extracts a JWS string from an Authorization: Bearer <jws> header

func GetJWTFromContext

func GetJWTFromContext(ctx context.Context) (*authn.AuthClaims, bool)

GetJWTFromContext extracts the JWT token from the context.

Types

type RemoteOidcValidator

type RemoteOidcValidator struct {
	MainIssuer    string
	IssuerAliases []string
	Audience      string

	JwksURI string
	JWKs    *keyfunc.JWKS
	// contains filtered or unexported fields
}

RemoteOidcValidator is an OIDC validator that validates tokens using a remote OIDC provider.

func NewRemoteOidcValidator

func NewRemoteOidcValidator(mainIssuer string, issuerAliases []string, audience string) (*RemoteOidcValidator, error)

NewRemoteOidcValidator creates a new RemoteOidcValidator.

func (*RemoteOidcValidator) Close

func (oidc *RemoteOidcValidator) Close()

func (*RemoteOidcValidator) GetConfiguration

func (oidc *RemoteOidcValidator) GetConfiguration() (*authn.OidcConfig, error)

GetConfiguration fetches the OIDC configuration from the issuer. nolint:noctx

func (*RemoteOidcValidator) GetKeys

func (oidc *RemoteOidcValidator) GetKeys() (*keyfunc.JWKS, error)

func (*RemoteOidcValidator) Validate

func (oidc *RemoteOidcValidator) Validate(req *http.Request) (*authn.AuthClaims, error)

Validate validates the provided token. nolint:gocyclo

type Validator

type Validator interface {
	// Validate validates the provided token.
	Validate(req *http.Request) (*authn.AuthClaims, error)
}

Validator is an interface for validating tokens