Documentation ¶
Overview ¶
Package auth provides functions for services to issue and sign api consumer tokens. It contains several middlewares for HTTP and GRPC to aid streamlining the authentication process.
Index ¶
- Constants
- Variables
- func ContextWithConsumer(parent context.Context, consumer Consumer) context.Context
- type Claims
- type Consumer
- type Issuer
- type IssuerConfig
- type Parser
- type RSAPublicKeyCopierRenewer
- type TokenExpiredError
- type TokenInvalidError
- type TokenMalformedError
- type TokenSignatureError
- type UnexpectedSigningMethodError
Examples ¶
Constants ¶
const (
// DefaultTokenValidPeriod is the default amount of minutes a token is valid
DefaultTokenValidPeriod = 60
)
Variables ¶
var ( // ErrTokenInvalid happens when a token could not be validated because of an unknown reason ErrTokenInvalid = TokenInvalidError{fmt.Errorf("token invalid")} )
Functions ¶
func ContextWithConsumer ¶
ContextWithConsumer takes a context and a service consumer and returns a new context with the consumer embedded.
Example ¶
package main import ( "context" "github.com/LUSHDigital/core/auth" ) var ctx context.Context func main() { ctx = auth.ContextWithConsumer(context.Background(), auth.Consumer{ ID: 999, Grants: []string{"foo"}, }) }
Output:
Types ¶
type Claims ¶
type Claims struct { Consumer Consumer `json:"consumer"` jwt.StandardClaims }
Claims hold the JWT claims to user for a token
type Consumer ¶
type Consumer struct { ID int64 `json:"id"` UUID string `json:"uuid"` FirstName string `json:"first_name"` LastName string `json:"last_name"` Language string `json:"language"` Grants []string `json:"grants"` Roles []string `json:"roles"` Needs []string `json:"needs"` }
Consumer represents an API user
func ConsumerFromContext ¶
ConsumerFromContext extracts the consumer from the supplied context.
Example ¶
package main import ( "context" "github.com/LUSHDigital/core/auth" ) var ctx context.Context func main() { consumer := auth.ConsumerFromContext(ctx) consumer.IsUser(999) }
Output:
func (*Consumer) HasAnyGrant ¶
HasAnyGrant checks if a consumer possess any of a given set of grants
func (*Consumer) HasAnyNeed ¶ added in v0.10.0
HasAnyNeed checks if a consumer has any of the given needs
func (*Consumer) HasAnyRole ¶ added in v0.6.0
HasAnyRole checks if a consumer possess any of a given set of roles
type Issuer ¶
type Issuer struct {
// contains filtered or unexported fields
}
Issuer represents a set of methods for generating a JWT with a private key
func NewIssuer ¶
func NewIssuer(cfg IssuerConfig, privateKey *rsa.PrivateKey) *Issuer
NewIssuer returns a new JWT instance
func NewIssuerFromPrivateKeyPEM ¶
func NewIssuerFromPrivateKeyPEM(cfg IssuerConfig, pem []byte) (*Issuer, error)
NewIssuerFromPrivateKeyPEM will take a private key PEM file and return a token issuer
func NewMockIssuer ¶
NewMockIssuer creates a new tokeniser with a random key pair
func (*Issuer) Issue ¶
Issue generates and returns a JWT authentication token for a private key
Example ¶
consumer := &auth.Consumer{ ID: 999, FirstName: "Testy", LastName: "McTest", Grants: []string{ "testing.read", "testing.create", }, } raw, err := issuer.Issue(consumer) if err != nil { return } fmt.Println(raw)
Output:
func (*Issuer) IssueWithClaims ¶
IssueWithClaims overrides the default claims and issues a JWT token for the a private key
type IssuerConfig ¶
IssuerConfig is a set of data to configure an issuer
type Parser ¶
type Parser struct {
// contains filtered or unexported fields
}
Parser represents a set of methods for parsing and validating a JWT against a public key
func NewParserFromPublicKeyPEM ¶
NewParserFromPublicKeyPEM parses a public key to
type RSAPublicKeyCopierRenewer ¶
RSAPublicKeyCopierRenewer represents the combination of a Copier and Renewer interface
type TokenExpiredError ¶
type TokenExpiredError struct {
// contains filtered or unexported fields
}
TokenExpiredError happens when the token has expired or is not yet valid
type TokenInvalidError ¶
type TokenInvalidError struct {
// contains filtered or unexported fields
}
TokenInvalidError happens when a token could not be validated because of an unknown reason
type TokenMalformedError ¶
type TokenMalformedError struct {
// contains filtered or unexported fields
}
TokenMalformedError happens when the token is not the correct format
type TokenSignatureError ¶
type TokenSignatureError struct {
// contains filtered or unexported fields
}
TokenSignatureError happens when the signature could not be verified with the given public key
type UnexpectedSigningMethodError ¶
type UnexpectedSigningMethodError struct {
// contains filtered or unexported fields
}
UnexpectedSigningMethodError when JWT parsing encounters an unexpected signature method
func (UnexpectedSigningMethodError) Error ¶
func (e UnexpectedSigningMethodError) Error() string