Documentation
¶
Index ¶
- func ExtractClaims(ctx context.Context) (jwt.Claims, error)
- func ExtractPipedToken(ctx context.Context) (projectID, pipedID, pipedKey string, err error)
- func JWTUnaryServerInterceptor(verifier jwt.Verifier, authorizer RBACAuthorizer, logger *zap.Logger) grpc.UnaryServerInterceptor
- func MakePipedToken(projectID, pipedID, pipedKey string) string
- func PipedTokenStreamServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.StreamServerInterceptor
- func PipedTokenUnaryServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor
- type Credentials
- type CredentialsType
- type PipedTokenVerifier
- type RBACAuthorizer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractClaims ¶
ExtractClaims returns the claims inside a given context.
func ExtractPipedToken ¶
ExtractPipedToken returns the verified piped key inside a given context.
func JWTUnaryServerInterceptor ¶
func JWTUnaryServerInterceptor(verifier jwt.Verifier, authorizer RBACAuthorizer, logger *zap.Logger) grpc.UnaryServerInterceptor
JWTUnaryServerInterceptor ensures that the JWT credentials included in the context must be verified by verifier.
func MakePipedToken ¶
MakePipedToken builds a piped token can be used as data of Credentials. TODO: Add test for this function.
func PipedTokenStreamServerInterceptor ¶
func PipedTokenStreamServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.StreamServerInterceptor
PipedTokenStreamServerInterceptor extracts credentials from gRPC metadata and set the extracted credentials to the context with a fixed key. This interceptor will returns a gPRC error when the credentials was not set or was malformed.
func PipedTokenUnaryServerInterceptor ¶
func PipedTokenUnaryServerInterceptor(verifier PipedTokenVerifier, logger *zap.Logger) grpc.UnaryServerInterceptor
PipedTokenUnaryServerInterceptor extracts credentials from gRPC metadata and validates it by the specified Verifier. If the token was valid the parsed ProjectID, PipedID, PipedKey will be set to the context.
Types ¶
type Credentials ¶
type Credentials struct {
Type CredentialsType
Data string
}
Credentials contains the type of credentials and credentials data.
type CredentialsType ¶
type CredentialsType string
CredentialsType represents the type of credentials was set inside gRPC metadata.
const ( // IDTokenCredentials represents JWT IDToken for a web user. // They can be used for project admin, project viewer or owner. IDTokenCredentials CredentialsType = "ID-TOKEN" // PipedTokenCredentials represents a generated token for authenticating // between Piped and microservices. PipedTokenCredentials CredentialsType = "PIPED-TOKEN" // UnknownCredentials represents an unsupported credentials. // It is used as a return result in case of error. UnknownCredentials CredentialsType = "UNKNOWN" )
Source Files