Documentation ¶
Index ¶
- Variables
- func AuthenticationRequiredInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
- func ClientTokenAuthenticationInterceptor(logger *zap.Logger, authenticator ClientTokenAuthenticator, ...) grpc.UnaryServerInterceptor
- func ClientTokenInterceptorSelector() selector.Matcher
- func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context
- func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, ...) grpc.UnaryServerInterceptor
- func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
- func JWTAuthenticationInterceptor(logger *zap.Logger, validator jwt.Validator, expected jwt.Expected, ...) grpc.UnaryServerInterceptor
- func JWTInterceptorSelector() selector.Matcher
- func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
- func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
- type ClientTokenAuthenticator
- type InterceptorOptions
- type ScopedAuthenticationServer
- type SkipsAuthenticationServer
Constants ¶
This section is empty.
Variables ¶
var ErrUnauthenticated = status.Error(codes.Unauthenticated, "request was not authenticated")
Functions ¶
func AuthenticationRequiredInterceptor ¶ added in v1.35.0
func AuthenticationRequiredInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
AuthenticationRequiredInterceptor is a grpc.UnaryServerInterceptor which requires that all requests contain an Authentication instance on the context.
func ClientTokenAuthenticationInterceptor ¶ added in v1.35.0
func ClientTokenAuthenticationInterceptor(logger *zap.Logger, authenticator ClientTokenAuthenticator, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
ClientTokenAuthenticationInterceptor is a grpc.UnaryServerInterceptor which extracts a clientToken found within the authorization field on the incoming requests metadata. The fields value is expected to be in the form "Bearer <clientToken>".
func ClientTokenInterceptorSelector ¶ added in v1.35.0
func ContextWithAuthentication ¶
ContextWithAuthentication returns a context with the specified authentication
func EmailMatchingInterceptor ¶
func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
EmailMatchingInterceptor is a grpc.UnaryServerInterceptor only used in the case where the user is using OIDC and wants to whitelist a group of users issuing operations against the Flipt server.
func GetAuthenticationFrom ¶
func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
GetAuthenticationFrom is a utility for extracting an Authentication stored on a context.Context instance
func JWTAuthenticationInterceptor ¶ added in v1.35.0
func JWTAuthenticationInterceptor(logger *zap.Logger, validator jwt.Validator, expected jwt.Expected, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
func JWTInterceptorSelector ¶ added in v1.35.0
JWTInterceptorSelector is a grpc.UnaryServerInterceptor which selects requests which contain a JWT in the authorization header.
func NamespaceMatchingInterceptor ¶
func NamespaceMatchingInterceptor(logger *zap.Logger, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor
func WithServerSkipsAuthentication ¶
func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
WithServerSkipsAuthentication can be used to configure an auth unary interceptor which skips authentication when the provided server instance matches the intercepted calls parent server instance. This allows the caller to registers servers which explicitly skip authentication (e.g. OIDC).
Types ¶
type ClientTokenAuthenticator ¶ added in v1.35.0
type ClientTokenAuthenticator interface {
GetAuthenticationByClientToken(ctx context.Context, clientToken string) (*authrpc.Authentication, error)
}
ClientTokenAuthenticator is the minimum subset of an authentication provider required by the middleware to perform lookups for Authentication instances using a obtained clientToken.
type InterceptorOptions ¶
type InterceptorOptions struct {
// contains filtered or unexported fields
}
InterceptorOptions configure the basic AuthUnaryInterceptors
type ScopedAuthenticationServer ¶
type ScopedAuthenticationServer interface {
AllowsNamespaceScopedAuthentication(ctx context.Context) bool
}
ScopedAuthenticationServer is a grpc.Server which allows for specific scoped authentication.
type SkipsAuthenticationServer ¶
SkipsAuthenticationServer is a grpc.Server which should always skip authentication.