The highest tagged major version is v11.

auth

package

v10.11.0+incompatible Latest Latest Go to latest Published: Jul 25, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aporeto-inc/trireme-lib

Links

Open Source Insights

Documentation ¶

Index ¶

type Processor
- func NewProcessor(s secrets.Secrets, trustedCertificate *x509.Certificate) *Processor

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Processor ¶

type Processor struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Processor holds all the local data of the authorization engine. A processor can handle authorization for multiple services. The goal is to authenticate a request based on both service and user credentials.

func NewProcessor ¶

func NewProcessor(s secrets.Secrets, trustedCertificate *x509.Certificate) *Processor

NewProcessor creates an auth processor with PKI user tokens. The caller must provide a valid secrets structure and an optional list of trustedCertificates that can be used to validate tokens. If the list is empty, the CA from the secrets will be used for token validation.

func (*Processor) AddOrUpdateService ¶

func (p *Processor) AddOrUpdateService(name string, apis *urisearch.APICache, handler usertokens.Verifier)

AddOrUpdateService adds or replaces a service in the authorization db.

func (*Processor) Callback ¶

func (p *Processor) Callback(name string, w http.ResponseWriter, r *http.Request)

Callback is function called by and IDP auth provider will exchange the provided authorization code with a JWT token. This closes the Oauth loop.

func (*Processor) Check ¶

func (p *Processor) Check(name, method, uri string, claims []string) (bool, bool)

Check is the main method that will search API cache and validate whether the call should be allowed. It returns two values. If the access is allowed, and whether the access public or not. This allows callers to decide what to do when there is a failure, and potentially issue a redirect.

func (*Processor) DecodeAporetoClaims ¶

func (p *Processor) DecodeAporetoClaims(name, aporetoToken string, publicKey string) (string, []string)

DecodeAporetoClaims decodes the Aporeto claims

func (*Processor) DecodeUserClaims ¶

func (p *Processor) DecodeUserClaims(name, userToken string, certs []*x509.Certificate, r *http.Request) ([]string, bool, error)

DecodeUserClaims decodes the user claims with the user authorization method.

func (*Processor) RedirectURI ¶

func (p *Processor) RedirectURI(name string, originURL string) string

RedirectURI returns the redirect URI in order to start the authentication dance.

func (*Processor) RemoveService ¶

func (p *Processor) RemoveService(name string)

RemoveService removes a service from the authorization db

func (*Processor) UpdateSecrets ¶

func (p *Processor) UpdateSecrets(s secrets.Secrets, trustedCertificate *x509.Certificate)

UpdateSecrets will update the Aporeto secrets for the validation of the Aporeto tokens.

func (*Processor) UpdateServiceAPIs ¶

func (p *Processor) UpdateServiceAPIs(name string, apis *urisearch.APICache) error

UpdateServiceAPIs updates an existing service with a new API definition.

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL