authorization

package module

v0.0.8 Latest Latest Go to latest Published: Feb 11, 2026 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Repository URL not available.

Links

Open Source Insights

README ¶

Go package http/authorization

Package http/authorization provides middleware to verify whether incoming HTTP requests provide a valid bearer token in the Authorization header.

Documentation ¶

Index ¶

Variables
func FromContext(ctx context.Context) (map[string]any, bool)
type Group
- func NewGroup() Group
type Provider
- func NewProvider(ctx context.Context, issuer, audience, jwksURI string) Provider
- func NewProviderFromWellKnownURL(ctx context.Context, wellknownURL, audience string) (Provider, error)
type ProviderStatus
type State

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrAuthMissing   = errors.New("missing authorization header")
	ErrAuthMultiple  = errors.New("multiple authorization headers")
	ErrAuthMalformed = errors.New("malformed authorization header")

	ErrTokenMalformed             = jwt.ErrTokenMalformed
	ErrTokenMalformedHeader       = errors.New("jwt header is malformed")
	ErrTokenUnknownKeyID          = errors.New("jwt header contains unknown key id")
	ErrTokenMalformedPayload      = jwt.ErrTokenMalformedPayload
	ErrTokenInvalidIssuerAudience = errors.New("jwt payload contains invalid issuer audience pair")
	ErrTokenInvalidSignature      = jwt.ErrTokenInvalidSignature
)

Functions ¶

func FromContext ¶

func FromContext(ctx context.Context) (map[string]any, bool)

Types ¶

type Group ¶

type Group struct {
	// contains filtered or unexported fields
}

Group represents a group of identity providers from which an application will accept authorization tokens (JWTs).

func NewGroup ¶

func NewGroup() Group

NewGroup creates a new group.

func (Group) Deregister ¶

func (g Group) Deregister(p Provider)

Deregister deregisters a provider p from group g.

func (Group) Middleware ¶

func (g Group) Middleware(next http.Handler) http.Handler

Middleware returns group g's middleware.

The returned middleware will fail any request without a valid bearer token (from any of the registered providers for g) in the Authorization header.

func (Group) Register ¶

func (g Group) Register(p Provider)

Register registers a provider p with group g.

type Provider ¶

type Provider interface {
	// Issuer returns the identity provider's issuer for this application.
	Issuer() string
	// Audience returns the identity provider's audience for this application.
	Audience() string
	// Status indicates the identity provider's availability.
	Status() ProviderStatus
	// GetKeyByID returns the identity provider's public key associated with id.
	GetKeyByID(id string) (jwk.PublicKey, bool)
	// Claims returns the claims in the token's body. An error should be
	// returned if the token's body is not a valid json struct. Note that the
	// validity of the signature should be checked separately.
	Claims(token *jwt.Token) (map[string]any, error)
}

Provider represents an identity provider for an application.

func NewProvider ¶

func NewProvider(ctx context.Context, issuer, audience, jwksURI string) Provider

func NewProviderFromWellKnownURL ¶

func NewProviderFromWellKnownURL(ctx context.Context, wellknownURL, audience string) (Provider, error)

type ProviderStatus ¶

type ProviderStatus int

ProviderStatus represents the status of an identity provider.

const (
	StatusUp ProviderStatus = iota
	StatusDown
)

type State ¶

type State func(ctx context.Context) State

Source Files ¶

auth.go
context.go
group.go
provider.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL