oauth

package
v3.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 9 Imported by: 12

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidAuthorizationHeader = errors.New("invalid authorization header, must be prefixed with `Bearer`")
	ErrIntrospectionFailed        = errors.New("token introspection failed")
)

Functions

func DefaultAuthorization

func DefaultAuthorization(path string) authorization.VerifierInitializer[*IntrospectionContext]

DefaultAuthorization is a short version of [WithIntrospection[*IntrospectionContext](JWTProfileIntrospectionAuthentication)] with a key.json read from a provided path.

func WithIntrospection

WithIntrospection creates the OAuth2 Introspection implementation of the authorization.Verifier interface. The introspection endpoint itself requires some IntrospectionAuthentication of the client. Possible implementation are JWTProfileIntrospectionAuthentication and ClientIDSecretIntrospectionAuthentication.

Types

type IntrospectionAuthentication

type IntrospectionAuthentication func(ctx context.Context, issuer string) (rs.ResourceServer, error)

func ClientIDSecretIntrospectionAuthentication

func ClientIDSecretIntrospectionAuthentication(clientID, clientSecret string) IntrospectionAuthentication

ClientIDSecretIntrospectionAuthentication allows to authenticate the introspection request with the client_id and client_secret provided by ZITADEL.

func JWTProfileIntrospectionAuthentication

func JWTProfileIntrospectionAuthentication(file *client.KeyFile) IntrospectionAuthentication

JWTProfileIntrospectionAuthentication allows to authenticate the introspection request with JWT Profile using a key.json provided by ZITADEL.

type IntrospectionContext

type IntrospectionContext struct {
	oidc.IntrospectionResponse
	// contains filtered or unexported fields
}

IntrospectionContext implements the authorization.Ctx interface with the oidc.IntrospectionResponse as underlying data.

func (*IntrospectionContext) GetToken

func (c *IntrospectionContext) GetToken() string

func (*IntrospectionContext) IsAuthorized

func (c *IntrospectionContext) IsAuthorized() bool

IsAuthorized implements authorization.Ctx by checking the `active` claim of the oidc.IntrospectionResponse.

func (*IntrospectionContext) IsGrantedRole

func (c *IntrospectionContext) IsGrantedRole(role string) bool

IsGrantedRole implements authorization.Ctx by checking if the `urn:zitadel:iam:org:project:roles` claim contains the requested role.

func (*IntrospectionContext) IsGrantedRoleInOrganization

func (c *IntrospectionContext) IsGrantedRoleInOrganization(role, organizationID string) bool

IsGrantedRoleInOrganization implements authorization.Ctx by checking if the organizationID is part of the list of the `urn:zitadel:iam:org:project:roles` claim requested role.

func (*IntrospectionContext) SetToken

func (c *IntrospectionContext) SetToken(token string)

func (*IntrospectionContext) UserID

func (c *IntrospectionContext) UserID() string

UserID implements authorization.Ctx by returning the `sub` claim of the oidc.IntrospectionResponse.

type IntrospectionVerification

type IntrospectionVerification[T any] struct {
	rs.ResourceServer
}

IntrospectionVerification provides an authorization.Verifier implementation by validating the provided token with an OAuth2 Introspection call. Use WithIntrospection for implementation.

func (*IntrospectionVerification[T]) CheckAuthorization

func (i *IntrospectionVerification[T]) CheckAuthorization(ctx context.Context, authorizationToken string) (resp T, err error)

CheckAuthorization implements the authorization.Verifier interface by checking the authorizationToken on the OAuth2 introspection endpoint. On success, it will return a generic struct of type [T] of the IntrospectionVerification.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL