Documentation
¶
Overview ¶
Package models contains structures and methods for working with JWT claims and their deserialization.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidToken represents the error that occurs when a token is invalid. ErrInvalidToken = errors.New("invalid token") // ErrAccessDenied represents the error that occurs when access is denied. ErrAccessDenied = errors.New("access denied") // ErrValidationToken represents the error that occurs when token validation fails. ErrValidationToken = errors.New("token validation failed") // ErrUnexpectedSigningMethod represents an error that occurs when the token signing method is unexpected. ErrUnexpectedSigningMethod = errors.New("unexpected signing method") )
Functions ¶
This section is empty.
Types ¶
type Account ¶
type Account struct {
// Roles is a list of roles for the account resource.
Roles []string `json:"roles,omitempty"`
}
Account represents the roles for the account resource.
type Claims ¶
type Claims struct {
// RegisteredClaims contains standard JWT fields (e.g., exp, iss, sub, etc.).
jwt.RegisteredClaims
// Typ is the type of the token.
Typ string `json:"typ,omitempty"`
// Azp is the authorized party for the token.
Azp string `json:"azp,omitempty"`
// AuthTime is the time of authentication in UNIX format.
AuthTime int `json:"auth_time,omitempty"`
// Acr is the authentication context class reference.
Acr string `json:"acr,omitempty"`
// AllowedOrigins is a list of allowed origins for requests.
AllowedOrigins []string `json:"allowed-origins,omitempty"`
// RealmAccess represents access to resources related to the realm.
RealmAccess RealmAccess `json:"realm_access,omitempty"`
// ResourceAccess represents access to resources.
ResourceAccess ResourceAccess `json:"resource_access,omitempty"`
// Scope is the scope of the token.
Scope string `json:"scope,omitempty"`
// EmailVerified indicates if the email is verified.
EmailVerified bool `json:"email_verified,omitempty"`
// Name is the user's full name.
Name string `json:"name,omitempty"`
// PreferredUsername is the preferred username of the user.
PreferredUsername string `json:"preferred_username,omitempty"`
// GivenName is the user's given name.
GivenName string `json:"given_name,omitempty"`
// FamilyName is the user's family name.
FamilyName string `json:"family_name,omitempty"`
// Email is the user's email address.
Email string `json:"email,omitempty"`
}
Claims represents the standard and additional fields that may be present in a JWT token.
type Client ¶
type Client struct {
// Roles is a list of roles for the client resource.
Roles []string `json:"roles,omitempty"`
}
Client represents the roles for a specific client.
type EndpointInfo ¶ added in v1.1.0
type EndpointInfo struct {
// Path represents the endpoint path for HTTP routes or the full method name for gRPC services.
Path string
// Method specifies the HTTP method (GET, POST, etc.). This field is only used for HTTP endpoints
// and should be left empty for gRPC endpoints.
Method string
// Roles is a list of role names that are allowed to access this endpoint.
// Users must have at least one of these roles to be granted access.
Roles []string
}
EndpointInfo defines the structure for protecting specific endpoints with role-based access control. It contains the necessary information to identify and secure an endpoint.
type ProviderType ¶ added in v1.1.0
type ProviderType int
ProviderType represents the type of service the Provider will authenticate.
const ( // HTTPProvider indicates the Provider is configured for HTTP service authentication. HTTPProvider ProviderType = iota + 1 // GRPCProvider indicates the Provider is configured for gRPC service authentication. GRPCProvider )
type RealmAccess ¶
type RealmAccess struct {
Roles []string `json:"roles,omitempty"`
}
RealmAccess represents the roles available in the realm.
type RealmManagement ¶
type RealmManagement struct {
// Roles is a list of roles for realm management.
Roles []string `json:"roles,omitempty"`
}
RealmManagement represents the roles for realm management.
type ResourceAccess ¶
type ResourceAccess struct {
// RealmManagement represents the roles for realm management.
RealmManagement RealmManagement `json:"realm-management,omitempty"`
// Account represents the roles for the account resource.
Account Account `json:"account,omitempty"`
// Client represents the roles for the client resource.
Client Client `json:"omitempty"`
// ClientID is the ID of the client.
ClientID string `json:"-"`
}
ResourceAccess represents access to specific resources.
func (*ResourceAccess) UnmarshalJSON ¶
func (r *ResourceAccess) UnmarshalJSON(bytes []byte) error
UnmarshalJSON implements custom JSON deserialization for ResourceAccess.
type SecureEndpoint ¶ added in v1.1.0
type SecureEndpoint struct {
// Path represents the endpoint path for HTTP routes or the full method name for gRPC services.
Path string
// Method specifies the HTTP method (GET, POST, etc.). This field is only used for HTTP endpoints
// and should be left empty for gRPC endpoints.
Method string
}
SecureEndpoint represents the endpoint details for secure access control. It is used to describe both HTTP routes and gRPC services, with different usage depending on the provider type.
Fields:
Path: The endpoint path for HTTP routes or the full method name for gRPC services. For HTTP endpoints, this is the URL path (e.g., "/api/users"). For gRPC services, this is the full method name (e.g., "/package.service/Method").
Method: The HTTP method (GET, POST, etc.) for the request. This field is only used for HTTP endpoints. For gRPC services, this field should be left empty.
type User ¶
type User struct {
// Roles contains a list of roles assigned to the user.
Roles []string
// UserID - unique user identifier.
UserID string
// Email - the user's email.
Email string
// Username - the username used to log in.
Username string
// Name - user name.
Name string
// FamilyName - user's last name.
FamilyName string
}
User represents the user of the system with their roles and personal information.
Source Files