Documentation
¶
Index ¶
- func AuthServiceAccountSigner(ctx context.Context) (client.Signer, error)
- func CheckClaims(claims *TokenClaims) error
- func ContextIdentity(ctx context.Context) (*uuid.UUID, error)
- func ContextWithTokenManager(ctx context.Context, tm interface{}) context.Context
- func InjectTokenManager(tokenManager TokenManager) goa.Middleware
- func NumberToInt(number interface{}) (int64, error)
- type Permissions
- type TokenClaims
- type TokenManager
- type TokenManagerConfiguration
- type TokenSet
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthServiceAccountSigner ¶
AuthServiceAccountSigner returns a new JWT signer which uses the Auth Service Account token
func CheckClaims ¶
func CheckClaims(claims *TokenClaims) error
CheckClaims checks if all the required claims are present in the access token
func ContextIdentity ¶
ContextIdentity returns the identity's ID found in given context Uses tokenManager.Locate to fetch the identity of currently logged in user
func ContextWithTokenManager ¶
ContextWithTokenManager injects tokenManager in the context for every incoming request Accepts Token.Manager in order to make sure that correct object is set in the context. Only other possible value is nil
func InjectTokenManager ¶
func InjectTokenManager(tokenManager TokenManager) goa.Middleware
InjectTokenManager is a middleware responsible for setting up tokenManager in the context for every request.
func NumberToInt ¶
NumberToInt convert interface{} to int64
Types ¶
type Permissions ¶
type Permissions struct {
ResourceSetName *string `json:"resource_set_name"`
ResourceSetID *string `json:"resource_set_id"`
Scopes []string `json:"scopes"`
Expiry int64 `json:"exp"`
}
Permissions represents a "permissions" claim in the AuthorizationPayload
type TokenClaims ¶
type TokenClaims struct {
Name string `json:"name"`
Username string `json:"preferred_username"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Company string `json:"company"`
SessionState string `json:"session_state"`
Approved bool `json:"approved"`
Permissions *[]Permissions `json:"permissions"`
jwt.StandardClaims
}
TokenClaims represents access token claims
type TokenManager ¶
type TokenManager interface {
Parse(ctx context.Context, tokenString string) (*jwt.Token, error)
PublicKeys() []*rsa.PublicKey
Locate(ctx context.Context) (uuid.UUID, error)
ParseToken(ctx context.Context, tokenString string) (*TokenClaims, error)
ParseTokenWithMapClaims(ctx context.Context, tokenString string) (jwt.MapClaims, error)
PublicKey(keyID string) *rsa.PublicKey
JSONWebKeys() token.JSONKeys
PemKeys() token.JSONKeys
KeyFunction(context.Context) jwt.Keyfunc
AuthServiceAccountToken() string
GenerateServiceAccountToken(saID string, saName string) (string, error)
GenerateUnsignedServiceAccountToken(saID string, saName string) *jwt.Token
GenerateUserTokenForAPIClient(ctx context.Context, providerToken oauth2.Token) (*oauth2.Token, error)
GenerateUserTokenForIdentity(ctx context.Context, identity repository.Identity, offlineToken bool) (*oauth2.Token, error)
GenerateTransientUserAccessTokenForIdentity(ctx context.Context, identity repository.Identity) (*string, error)
GenerateUserTokenUsingRefreshToken(ctx context.Context, refreshTokenString string, identity *repository.Identity, permissions []Permissions) (*oauth2.Token, error)
GenerateUnsignedRPTTokenForIdentity(ctx context.Context, tokenClaims *TokenClaims, identity repository.Identity, permissions *[]Permissions) (*jwt.Token, error)
SignRPTToken(ctx context.Context, rptToken *jwt.Token) (string, error)
ConvertTokenSet(tokenSet TokenSet) *oauth2.Token
ConvertToken(oauthToken oauth2.Token) (*TokenSet, error)
AddLoginRequiredHeader(rw http.ResponseWriter)
AuthServiceAccountSigner() client.Signer
}
TokenManager generates and manages auth tokens
func DefaultManager ¶
func DefaultManager(config TokenManagerConfiguration) (TokenManager, error)
DefaultManager creates the default manager if it has not created yet. This function must be called in main to make sure the default manager is created during service startup. It will try to create the default manager only once even if called multiple times.
func NewTokenManager ¶
func NewTokenManager(config TokenManagerConfiguration) (TokenManager, error)
NewTokenManager returns a new token Manager for handling tokens
func ReadTokenManagerFromContext ¶
func ReadTokenManagerFromContext(ctx context.Context) (TokenManager, error)
ReadTokenManagerFromContext extracts the token manager from the context and returns it
type TokenManagerConfiguration ¶
type TokenManagerConfiguration interface {
GetServiceAccountPrivateKey() ([]byte, string)
GetDeprecatedServiceAccountPrivateKey() ([]byte, string)
GetUserAccountPrivateKey() ([]byte, string)
GetDeprecatedUserAccountPrivateKey() ([]byte, string)
GetDevModePublicKey() (bool, []byte, string)
IsPostgresDeveloperModeEnabled() bool
GetAccessTokenExpiresIn() int64
GetRefreshTokenExpiresIn() int64
GetTransientTokenExpiresIn() int64
GetAuthServiceURL() string
}
TokenManagerConfiguration represents configuration needed to construct a token manager
type TokenSet ¶
type TokenSet struct {
AccessToken *string `json:"access_token,omitempty"`
ExpiresIn *int64 `json:"expires_in,omitempty"`
NotBeforePolicy *int64 `json:"not-before-policy,omitempty"`
RefreshExpiresIn *int64 `json:"refresh_expires_in,omitempty"`
RefreshToken *string `json:"refresh_token,omitempty"`
TokenType *string `json:"token_type,omitempty"`
}
TokenSet represents a set of Access and Refresh tokens
Source Files