firewall

package

v0.3.0 Latest Latest Go to latest Published: Aug 9, 2016 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ContextLogic/hydra

Links

Open Source Insights

Documentation ¶

Overview ¶

Package firewall defines an API for validating access requests.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Context ¶

type Context struct {
	Subject       string                 `json:"sub"`
	GrantedScopes []string               `json:"scopes"`
	Issuer        string                 `json:"iss"`
	Audience      string                 `json:"aud"`
	IssuedAt      time.Time              `json:"iat"`
	ExpiresAt     time.Time              `json:"exp"`
	Extra         map[string]interface{} `json:"ext"`
}

Context contains an access token's session data

type Firewall ¶

type Firewall interface {
	Introspector

	// InspectToken checks if the given token is valid and if the requested scopes are satisfied. Returns
	// a context if the token is valid and an error if not.
	InspectToken(ctx context.Context, token string, scopes ...string) (*Context, error)

	// IsAllowed uses policies to return nil if the access request can be fulfilled or an error if not.
	IsAllowed(ctx context.Context, accessRequest *ladon.Request) error

	// TokenAllowed uses policies and a token to return a context and no error if the access request can be fulfilled or an error if not.
	TokenAllowed(ctx context.Context, token string, accessRequest *ladon.Request, scopes ...string) (*Context, error)

	// TokenFromRequest returns an access token from the HTTP Authorization header.
	TokenFromRequest(r *http.Request) string
}

Firewall offers various validation strategies for access tokens.

type Introspection ¶

type Introspection struct {
	Active    bool   `json:"active"`
	Scope     string `json:"scope,omitempty"`
	ClientID  string `json:"client_id,omitempty"`
	Subject   string `json:"sub,omitempty"`
	ExpiresAt int64  `json:"exp,omitempty"`
	IssuedAt  int64  `json:"iat,omitempty"`
	NotBefore int64  `json:"nbf,omitempty"`
	Username  int64  `json:"username,omitempty"`
	Audience  string `json:"aud,omitempty"`
	Issuer    string `json:"iss,omitempty"`
}

Introspection contains an access token's session data as specified by IETF RFC 7662.

type Introspector ¶

type Introspector interface {
	IntrospectToken(ctx context.Context, token string) (*Introspection, error)
}

Introspector is capable of introspecting an access token according to IETF RFC 7662.

Source Files ¶

View all Source files

warden.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL