auth

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package auth authenticates incoming HTTP requests.

Index

Constants

View Source 
const HeaderUserSub = "X-User-Sub"

HeaderUserSub carries the caller's subject; with OIDC enabled it must match the validated JWT sub claim.

Variables

View Source 
var ErrUnauthenticated = errors.New("unauthenticated")

ErrUnauthenticated is returned for any authentication failure.

Functions

This section is empty.

Types

type Authenticator 

type Authenticator interface {
	// Authenticate returns the verified subject or ErrUnauthenticated.
	Authenticate(r *http.Request) (string, error)
}

Authenticator extracts and verifies the caller identity of a request.

type OIDC 

type OIDC struct {
	// contains filtered or unexported fields
}

OIDC validates RFC 6750 bearer tokens against an OIDC provider (Keycloak or any other compliant issuer) and enforces JWT.sub == X-User-Sub.

func NewOIDC 

func NewOIDC(ctx context.Context, issuer, audience string) (*OIDC, error)

NewOIDC discovers the provider configuration from the issuer URL. When audience is empty the audience check is skipped.

func (*OIDC) Authenticate 

func (o *OIDC) Authenticate(r *http.Request) (string, error)

Authenticate implements Authenticator.

type Static 

type Static struct {
	DefaultSub string
}

Static is the development/test authenticator used when auth is disabled. It trusts X-User-Sub when present and falls back to the configured default subject.

func (Static) Authenticate 

func (s Static) Authenticate(r *http.Request) (string, error)

Authenticate implements Authenticator.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.