Documentation ¶
Index ¶
- Constants
- func TokenPublicKeysURL(issuer string) string
- func TokenSource(ctx context.Context, clientID, clientSecret string, opts ...TokenOption) oauth2.TokenSource
- func UnverifiedNetworkIdentifier(token string) (*ttnpb.PacketBrokerNetworkIdentifier, error)
- type IAMTokenClaims
- type PublicKeyProvider
- type PublicKeyProviderFunc
- type Scope
- type TokenClaims
- type TokenNetworkClaim
- type TokenOption
Constants ¶
const ( DefaultTokenIssuer = "https://iam.packetbroker.net" DefaultTokenURL = DefaultTokenIssuer + "/token" DefaultPublicKeyCacheTTL = 10 * time.Minute )
Default values for Packet Broker IAM.
Variables ¶
This section is empty.
Functions ¶
func TokenPublicKeysURL ¶
TokenPublicKeysURL returns the URL with public keys with which a token are signed.
func TokenSource ¶
func TokenSource(ctx context.Context, clientID, clientSecret string, opts ...TokenOption) oauth2.TokenSource
TokenSource returns a new OAuth 2.0 token source using Packet Broker credentials.
func UnverifiedNetworkIdentifier ¶
func UnverifiedNetworkIdentifier(token string) (*ttnpb.PacketBrokerNetworkIdentifier, error)
UnverifiedNetworkIdentifier returns the Packet Broker network identifier from the given token. This function does not verify the token.
Types ¶
type IAMTokenClaims ¶
type IAMTokenClaims struct { Cluster bool `json:"c,omitempty"` Networks []TokenNetworkClaim `json:"ns,omitempty"` Rights []int32 `json:"rights,omitempty"` }
IAMTokenClaims defines the claims from Packet Broker IAM.
type PublicKeyProvider ¶
PublicKeyProvider provides a set of public keys.
func CachePublicKey ¶
func CachePublicKey(provider PublicKeyProvider, ttl time.Duration) PublicKeyProvider
CachePublicKey caches the result from the given PublicKeyProvider with the TTL.
func PublicKeyFromURL ¶
func PublicKeyFromURL(client *http.Client, url string) PublicKeyProvider
PublicKeyFromURL loads the public keys from the given URL.
type PublicKeyProviderFunc ¶
PublicKeyProviderFunc is a function that implements PublicKeyProvider.
func (PublicKeyProviderFunc) PublicKeys ¶
func (f PublicKeyProviderFunc) PublicKeys(ctx context.Context) (*jose.JSONWebKeySet, error)
PublicKeys implements PublicKeyProvider.
type Scope ¶
type Scope string
Scope defines a scope of claims to request in the token.
const (
ScopeNetworks Scope = "networks"
)
type TokenClaims ¶
type TokenClaims struct { jwt.Claims PacketBroker IAMTokenClaims `json:"https://iam.packetbroker.net/claims,omitempty"` }
TokenClaims defines the Packet Broker JSON Web Token (JWT) claims.
func ParseAndVerify ¶
func ParseAndVerify(ctx context.Context, token *oauth2.Token, keyProvider PublicKeyProvider, issuer, audience string) (TokenClaims, error)
ParseAndVerify parses and verifies the token and returns the claims. See Verify for the verification process.
func Verify ¶
func Verify(ctx context.Context, token *jwt.JSONWebToken, keyProvider PublicKeyProvider, issuer, audience string) (TokenClaims, error)
Verify verifies the token and returns the claims. If issuer is non-empty, the token's issuer must match the issuer. If audience is non-empty, one of the token's audiences must match the audience. The current system timestamp is used as reference to verify not before, issued at and expiry.
type TokenNetworkClaim ¶
TokenNetworkClaims defines a Packet Broker network identifier.
type TokenOption ¶
type TokenOption func(o *tokenOptions)
TokenOption customizes fetching a Packet Broker token.
func WithAudienceFromAddresses ¶
func WithAudienceFromAddresses(addresses ...string) TokenOption
WithAudienceFromAddresses provides the service addresses for which the token will be valid. The host parts of the addresses are used as the token audience.
func WithTokenURL ¶
func WithTokenURL(tokenURL string) TokenOption
WithTokenURL customizes the token URL.