iap

package
v0.0.0-...-eee4e15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2025 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Overview

Package iap implements auth.Method for GCP's Identity Aware Proxy. It does payload verification according to the guide for using signed headers: https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AudForGAE

func AudForGAE(numericProjectID, appID string) string

AudForGAE returns an audience string for the GAE application as it will be formatted by IAP in the aseertion headers. This is a convenience method. For production use, one should use the cloud.google.com/go/compute/metadata to get the NumericProjectID and AppID properties on process startup.

func AudForGlobalBackendService

func AudForGlobalBackendService(projectNumber, backendServiceID string) string

AudForGlobalBackendService returns an audience string for a GCE or GKE application as it will be formatted by IAP in the aseertion headers. This is a convenience method.

Types

type IAPAuthMethod

type IAPAuthMethod struct {
	// Aud is the audience string as it should appear in JWTs intended for
	// validation by your service.
	Aud string
	// contains filtered or unexported fields
}

IAPAuthMethod implements auth.Method for use with GCP's Identity Aware Proxy.

func (*IAPAuthMethod) Authenticate

func (a *IAPAuthMethod) Authenticate(ctx context.Context, r auth.RequestMetadata) (*auth.User, auth.Session, error)

Authenticate returns nil if no IAP assertion header is present, a User if authentication is successful, or an error if unable to validate and identify a user from the assertion header.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL