handler

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package handler implements the TokenEngine gRPC service handlers. All RPC handlers are Unimplemented stubs in v0.1 — real implementations begin in v0.2. It does not own observability wiring or interceptor chain assembly. Primary dependency: gen/v1 for the generated TokenEngineServer interface.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func JWKSHandler added in v0.3.0 

func JWKSHandler(km keys.KeyManager, tenantID string, cfg *config.Config, metrics observability.Metrics) http.HandlerFunc

JWKSHandler returns an http.HandlerFunc that serves the JWKS endpoint. On each request, GetAllKeyInfo is called to emit the JWKS key count gauge before the JWKS fetch — labeled with tenantID. A GetAllKeyInfo error is non-fatal; the handler proceeds to GetJWKS regardless without setting the gauge.

Three response paths — in order:

  1. km.GetJWKS(ctx) returns error → 503, body {"error":"key manager unavailable"}
  2. JWKS.Keys is empty → 503, body {"error":"no signing keys available"}
  3. success → 200, Cache-Control, JSON-encoded JWKS body

Cache-Control is written ONLY on the success path. Content-Type: application/json is written on ALL three paths.

Types

type TokenHandler 

type TokenHandler struct {
	tokenv1.UnimplementedTokenEngineServer
	// contains filtered or unexported fields
}

TokenHandler implements the TokenEngine gRPC service.

func NewTokenHandler 

func NewTokenHandler(
	registry registry.TenantRegistry,
	auditStore audit.Store,
	logger observability.Logger,
	tracer observability.Tracer,
	metrics observability.Metrics,
) *TokenHandler

NewTokenHandler returns a new TokenHandler wired with the given dependencies. V0.3: auditStore parameter added — second positional argument. V0.2: NewTokenHandler(registry, logger, tracer, metrics) — 4 args. V0.3: NewTokenHandler(registry, auditStore, logger, tracer, metrics) — 5 args. All parameters are required and must not be nil.

func (*TokenHandler) IssueToken 

func (h *TokenHandler) IssueToken(ctx context.Context, req *tokenv1.IssueTokenRequest) (*tokenv1.TokenPair, error)

IssueToken issues a new access/refresh token pair for the requesting tenant.

func (*TokenHandler) RefreshToken 

func (h *TokenHandler) RefreshToken(ctx context.Context, req *tokenv1.RefreshTokenRequest) (*tokenv1.TokenPair, error)

RefreshToken issues a new access token using a valid refresh token.

func (*TokenHandler) RevokeAllForAudience 

func (h *TokenHandler) RevokeAllForAudience(ctx context.Context, req *tokenv1.RevokeAudienceRequest) (*tokenv1.RevokeTokenResponse, error)

RevokeAllForAudience revokes all tokens issued for the given audience.

func (*TokenHandler) RevokeAllForUserAndAudience added in v0.5.0 

func (h *TokenHandler) RevokeAllForUserAndAudience(ctx context.Context, req *tokenv1.RevokeUserAndAudienceRequest) (*tokenv1.RevokeTokenResponse, error)

RevokeAllForUserAndAudience revokes all tokens for the given user and audience combination. Gated on audit store availability — returns codes.Unavailable if audit store is unreachable.

func (*TokenHandler) RevokeAllUserTokens 

func (h *TokenHandler) RevokeAllUserTokens(ctx context.Context, req *tokenv1.RevokeUserRequest) (*tokenv1.RevokeTokenResponse, error)

RevokeAllUserTokens revokes all tokens issued for the given user.

func (*TokenHandler) RevokeToken 

func (h *TokenHandler) RevokeToken(ctx context.Context, req *tokenv1.RevokeTokenRequest) (*tokenv1.RevokeTokenResponse, error)

RevokeToken revokes a specific refresh token by resolving its token ID and revoking it.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.