Documentation
¶
Overview ¶
Package iap implements auth.Method for GCP's Identity Aware Proxy. It does payload verification according to the guide for using signed headers: https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AudForGAE ¶
AudForGAE returns an audience string for the GAE application as it will be formatted by IAP in the aseertion headers. This is a convenience method. For production use, one should use the cloud.google.com/go/compute/metadata to get the NumericProjectID and AppID properties on process startup.
func AudForGlobalBackendService ¶
AudForGlobalBackendService returns an audience string for a GCE or GKE application as it will be formatted by IAP in the aseertion headers. This is a convenience method.
Types ¶
type IAPAuthMethod ¶
type IAPAuthMethod struct {
// Aud is the audience string as it should appear in JWTs intended for
// validation by your service.
Aud string
// contains filtered or unexported fields
}
IAPAuthMethod implements auth.Method for use with GCP's Identity Aware Proxy.
func (*IAPAuthMethod) Authenticate ¶
func (a *IAPAuthMethod) Authenticate(ctx context.Context, r auth.RequestMetadata) (*auth.User, auth.Session, error)
Authenticate returns nil if no IAP assertion header is present, a User if authentication is successful, or an error if unable to validate and identify a user from the assertion header.
Source Files