oauth

package

v0.1.16 Latest Latest Go to latest Published: Mar 7, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/viamrobotics/goutils

Links

Open Source Insights

Documentation ¶

Overview ¶

Package oauth contains rpc AuthHandler for oauth/oidc JWT tokens.

Index ¶

Constants
func WithWebOAuthTokenAuthHandler(opts WebOAuthOptions) rpc.ServerOption
type WebOAuthClaims
type WebOAuthOptions

Constants ¶

View Source

const (
	// CredentialsTypeOAuthWeb for jwt access tokens signed by oidc/oauth backend.
	CredentialsTypeOAuthWeb = rpc.CredentialsType("oauth-web-auth")
)

Variables ¶

This section is empty.

Functions ¶

func WithWebOAuthTokenAuthHandler ¶

func WithWebOAuthTokenAuthHandler(opts WebOAuthOptions) rpc.ServerOption

WithWebOAuthTokenAuthHandler returns a rpc server option configured for the AuthHandler. The WebAuth handler will validate jwt access tokens signed by OIDC provider. The jwts are validated for the aud standard claim.

This allows auth handler allows for a dynamic set of signing keys provided through OIDC configuration endpoint.

Entity verification is deleged to the EntityVerifier method in the options.

Types ¶

type WebOAuthClaims ¶ added in v0.1.13

type WebOAuthClaims struct {
	rpc.JWTClaims
	// contains filtered or unexported fields
}

WebOAuthClaims is the claims struct used during WebOauth flows. Validates the audience matches one of the allowed audiences set.

func (*WebOAuthClaims) Entity ¶ added in v0.1.13

func (c *WebOAuthClaims) Entity() (string, error)

Entity returns the Viam Entity. This is the user's email and not always the subject of the JWTs. If rpc_auth_md.email is not set a error is returned.

func (*WebOAuthClaims) Subject ¶ added in v0.1.13

func (c *WebOAuthClaims) Subject() string

Subject returns the Viam Entity. This is the user's email and not always the subject of the JWTs. If not available falls back to the jwt's subject.

func (*WebOAuthClaims) Valid ¶ added in v0.1.13

func (c *WebOAuthClaims) Valid() error

Valid returns true if the audience matches one of the allowed audiences set and all other standard claims are valid.

type WebOAuthOptions ¶

type WebOAuthOptions struct {
	// Audience claim that must be within the "aud" JWT claims presented.
	AllowedAudiences []string

	// Key provider used to provide public keys to validate the jwt basid on its "kid" header.
	KeyProvider jwks.KeyProvider

	// Underlying Entity verifier after
	EntityVerifier func(ctx context.Context, entity string) (interface{}, error)
	Logger         golog.Logger
}

WebOAuthOptions options for the WebOauth handler.

Source Files ¶

View all Source files

web_oauth.go

Directories ¶

Path	Synopsis
testutils Package testutils contains test helper methods for the rpc/oauth package	Package testutils contains test helper methods for the rpc/oauth package

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL