Documentation
¶
Overview ¶
Package jwtauthn is a generated GoMock package.
Index ¶
- Constants
- Variables
- func CreateJwtAuthnFilterFactory(cfg map[string]interface{}) (api.StreamFilterChainFactory, error)
- func ParseJWTAuthnFilter(cfg map[string]interface{}) (*jwtauthnv3.JwtAuthentication, error)
- type Authenticator
- type Extractor
- type FilterConfig
- type FilterConfigFactory
- type HeaderLocationSpec
- type JwksCache
- type JwksData
- type JwksFetcher
- type JwtLocation
- type JwtParamLocation
- type Matcher
- type MatcherVerifierPair
- type MockJwksFetcher
- type MockJwksFetcherMockRecorder
- type ParamLocationSpec
- type Verifier
Constants ¶
const PubkeyCacheExpirationSec = 600
PubkeyCacheExpirationSec is the default cache expiration time in 5 minutes.
Variables ¶
var ( ErrInvalidToken = errors.New("invalid token") ErrJwtNotFound = errors.New("jwt token not found") ErrJwtBadFormat = errors.New("jwt bad format") ErrJwtAudienceNotAllowed = errors.New("jwt audience not allowed") ErrJwtExpired = errors.New("jwt expired") ErrJwtNotYetValid = errors.New("jwt not yet valid") ErrJwksNoValidKeys = errors.New("jwks no valid keys") ErrJwtUnknownIssuer = errors.New("jwt unknown issuer") ErrJwksFetch = errors.New("failed to fetch jwks") )
sentinal errors
Functions ¶
func CreateJwtAuthnFilterFactory ¶
func CreateJwtAuthnFilterFactory(cfg map[string]interface{}) (api.StreamFilterChainFactory, error)
CreateJwtAuthnFilterFactory creates a new JwtAuthnFilterFactory.
func ParseJWTAuthnFilter ¶
func ParseJWTAuthnFilter(cfg map[string]interface{}) (*jwtauthnv3.JwtAuthentication, error)
ParseJWTAuthnFilter parses cfg parse to *jwtauthnv3.JwtAuthentication
Types ¶
type Authenticator ¶
type Authenticator interface {
Verify(headers api.HeaderMap, tokens []JwtLocation) error
}
Authenticator object to handle all JWT authentication flow.
type Extractor ¶
type Extractor interface {
Extract(headers api.HeaderMap, requestArg string) []JwtLocation
}
Extractor extracts JWT from locations specified in the config.
func NewExtractor ¶
func NewExtractor(providers []*jwtauthnv3.JwtProvider) Extractor
NewExtractor creates a new Extractor.
type FilterConfig ¶
type FilterConfig interface {
BypassCorsPreflightRequest() bool
// Finds the matcher that matched the request
FindVerifier(headers api.HeaderMap, requestArg, requestPath string) Verifier
}
FilterConfig is the filter config interface.
func NewFilterConfig ¶
func NewFilterConfig(config *jwtauthnv3.JwtAuthentication) (FilterConfig, error)
NewFilterConfig creates a new filter config.
type FilterConfigFactory ¶
type FilterConfigFactory struct {
// contains filtered or unexported fields
}
FilterConfigFactory -
func (*FilterConfigFactory) CreateFilterChain ¶
func (f *FilterConfigFactory) CreateFilterChain(context context.Context, callbacks api.StreamFilterChainFactoryCallbacks)
CreateFilterChain creates a JwtAuthnFilter
type HeaderLocationSpec ¶
type HeaderLocationSpec struct {
// contains filtered or unexported fields
}
HeaderLocationSpec value type to store prefix and issuers that specified this header.
type JwksCache ¶
type JwksCache interface {
FindByIssuer(issuer string) JwksData
FindByProvider(provider string) JwksData
}
JwksCache is an interface to access all configured Jwt rules and their cached Jwks objects. It only caches Jwks specified in the config.
func NewJwksCache ¶
func NewJwksCache(providers map[string]*jwtauthnv3.JwtProvider) JwksCache
NewJwksCache creates a new JwksCache.
type JwksData ¶
type JwksData interface {
GetJwtProvider() *jwtauthnv3.JwtProvider
GetJwksObj() *jwk.Set
SetRemoteJwks(jwks *jwk.Set)
IsExpired() bool
AreAudiencesAllowed(aud string) bool
}
JwksData is an Interface to access a Jwks config rule and its cached Jwks object.
func NewJwksData ¶
func NewJwksData(provider *jwtauthnv3.JwtProvider) JwksData
NewJwksData creates a new JwksData.
type JwksFetcher ¶
type JwksFetcher interface {
Fetch(uri *envoycorev3.HttpUri) (*jwk.Set, error)
}
JwksFetcher is and interface can be used to retrieve remote JWKS.
type JwtLocation ¶
type JwtLocation interface {
// Get the token string
Token() string
// Check if an issuer has specified the location.
IsIssuerSpecified(issuer string) bool
// Remove the token from the headers
RemoveJwt(headers api.HeaderMap)
}
JwtLocation stores following token information: 1. extracted token string 2. list of issuers specified the location.
type JwtParamLocation ¶
type JwtParamLocation struct {
// contains filtered or unexported fields
}
JwtParamLocation is the JwtLocation for param extraction.
func (*JwtParamLocation) IsIssuerSpecified ¶
func (*JwtParamLocation) RemoveJwt ¶
func (j *JwtParamLocation) RemoveJwt(headers api.HeaderMap)
RemoveJwt removes JWT from parameter
type Matcher ¶
Matcher supports matching a HTTP requests with JWT requirements.
func NewMatcher ¶
func NewMatcher(rule *jwtauthnv3.RequirementRule) Matcher
NewMatcher creates a new Matcher.
type MatcherVerifierPair ¶
type MatcherVerifierPair struct {
// contains filtered or unexported fields
}
MatcherVerifierPair is a pair of matcher and Verifier.
type MockJwksFetcher ¶
type MockJwksFetcher struct {
// contains filtered or unexported fields
}
MockJwksFetcher is a mock of JwksFetcher interface
func NewMockJwksFetcher ¶
func NewMockJwksFetcher(ctrl *gomock.Controller) *MockJwksFetcher
NewMockJwksFetcher creates a new mock instance
func (*MockJwksFetcher) EXPECT ¶
func (m *MockJwksFetcher) EXPECT() *MockJwksFetcherMockRecorder
EXPECT returns an object that allows the caller to indicate expected use
type MockJwksFetcherMockRecorder ¶
type MockJwksFetcherMockRecorder struct {
// contains filtered or unexported fields
}
MockJwksFetcherMockRecorder is the mock recorder for MockJwksFetcher
func (*MockJwksFetcherMockRecorder) Fetch ¶
func (mr *MockJwksFetcherMockRecorder) Fetch(uri interface{}) *gomock.Call
Fetch indicates an expected call of Fetch
type ParamLocationSpec ¶
type ParamLocationSpec struct {
// contains filtered or unexported fields
}
ParamLocationSpec value type to store issuers that specified this header.
type Verifier ¶
Verifier supports verification of JWTs with configured requirements.
func NewVerifier ¶
func NewVerifier(require *jwtauthnv3.JwtRequirement, providers map[string]*jwtauthnv3.JwtProvider, parentProviderNames []string, fetcher JwksFetcher) (Verifier, error)
NewVerifier creates a new Verifier.
Source Files