authn

package

v0.0.0-...-e1ceea9 Latest Latest Go to latest Published: Jan 13, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bruno-cc/encryptonize-core

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

type AccessToken
- func (a *AccessToken) HasScopes(scopes ScopeType) bool
- func (a *AccessToken) New(userID uuid.UUID, userScopes ScopeType) error
type Authenticator
- func (a *Authenticator) ParseAccessToken(token string) (*AccessToken, error)
- func (a *Authenticator) SerializeAccessToken(accessToken *AccessToken) (string, error)
type AuthenticatorInterface
type ScopeType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessToken ¶

type AccessToken struct {
	UserID uuid.UUID
	// contains filtered or unexported fields
}

func (*AccessToken) HasScopes ¶

func (a *AccessToken) HasScopes(scopes ScopeType) bool

func (*AccessToken) New ¶

func (a *AccessToken) New(userID uuid.UUID, userScopes ScopeType) error

creates an access token only if the arguments are valid

type Authenticator ¶

type Authenticator struct {
	MessageAuthenticator *crypt.MessageAuthenticator
}

Authenticator represents a MessageAuthenticator used for signing and checking the access token

func (*Authenticator) ParseAccessToken ¶

func (a *Authenticator) ParseAccessToken(token string) (*AccessToken, error)

this function takes a user facing token and parses it into the internal access token format. It assumes that if the mac is valid the token information also is.

func (*Authenticator) SerializeAccessToken ¶

func (a *Authenticator) SerializeAccessToken(accessToken *AccessToken) (string, error)

serializes an access token together with a random value. The random value ensures unique user facing token even if the actual access token would be equal. It also checks the validity of the access token as this is last function every token has to go through before the token are presented to an API. If this method only signs valid token we can then assume that any signed token is valid. This may not hold in when an encryption server was compromised. The returned token has three parts. Each part is individually base64url encoded the first part (data) is a serialized protobuf message containing the user ID and a set of scopes. The structure of the assembled token is <data>.<nonce>.HMAC(nonce||data)

type AuthenticatorInterface ¶

type AuthenticatorInterface interface {
	SerializeAccessToken(accessToken *AccessToken) (string, error)
	ParseAccessToken(token string) (*AccessToken, error)
}

type ScopeType ¶

type ScopeType uint64

ScopeType represents the different scopes a user could be granted

const (
	ScopeRead ScopeType = 1 << iota
	ScopeCreate
	ScopeIndex
	ScopeObjectPermissions
	ScopeUserManagement
	ScopeEnd
)

const ScopeNone ScopeType = 0

Source Files ¶

View all Source files

authn.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL