Documentation ¶
Index ¶
- Constants
- func GetKeyFunc(pubKey *ecdsa.PublicKey) func(token *jwt.Token) (interface{}, error)
- func NewAuthMiddleware(pubKey func() *ecdsa.PublicKey, validations ...ClaimValidation) func(ctx *gin.Context)
- func NewAuthServerMiddleware() func(ctx *gin.Context)
- func NewBasicMiddleware(pubKey func() *ecdsa.PublicKey, appID string) func(ctx *gin.Context)
- func WithScopes(handler gin.HandlerFunc, scopes string) gin.HandlerFunc
- type Authorizer
- type Claim
- type ClaimProvider
- type ClaimValidation
- type Credentials
- type GinAuth
- type GinAuthConfig
- type InvalidGrant
- type InvalidToken
- type InvalidUser
- type RequestAuthData
- type ScopeProvider
- type Scopes
- type SignerConfig
- type TokenCredentials
- type TokenServer
- type TokenServerConfig
- type TokenSigner
- type Unexpected
- type UnknownAudience
- type UserAudValidator
Constants ¶
const AuthorizationHeader = "Authorization"
AuthorizationHeader http Authorization header
const ClientCredentials = "client_credentials"
ClientCredentials is a grant type
const GrantTypeHeader = "GRANT-TYPE"
GrantTypeHeader use to indicate the grant type in the request headers
const PasswordCredentials = "password_credentials"
PasswordCredentials is a grant type
const RefreshToken = "refreshToken"
RefreshToken key to find the refresh token in the gin context
const RefreshTokenScope = "auth/refresh"
RefreshTokenScope scope assign to the refresh token
const ReqAuthData = "requestAuthData"
ReqAuthData key to find the RequestAuthData in the gin context
Variables ¶
This section is empty.
Functions ¶
func GetKeyFunc ¶
GetKeyFunc retrieves a function which validate the signing method of a token and returns the public key
func NewAuthMiddleware ¶
func NewAuthMiddleware(pubKey func() *ecdsa.PublicKey, validations ...ClaimValidation) func(ctx *gin.Context)
NewAuthMiddleware retrieves a middleware to validate the access token ton the resource server side. pubKey: public key corresponding to private key used by the auth server to sign the token validations: additional validations the user might want to perform over the tokens claims
func NewAuthServerMiddleware ¶
NewAuthServerMiddleware used for AuthServer to extract the Authorization header data.
func NewBasicMiddleware ¶
NewBasicMiddleware retrieves a default middleware. it will validate the jwt. The only validation done to the claims is that the audience matches the appID pubKey: public key corresponding to private key used by the auth server to sign the token appId: resource service external identifier
func WithScopes ¶
func WithScopes(handler gin.HandlerFunc, scopes string) gin.HandlerFunc
WithScopes creates a handler to validate the given scopes before calling the intended handler
Types ¶
type Authorizer ¶
type Authorizer func(uc Credentials) error
Authorizer should try to authorize an user/client using the provided credentials. It returns an error if something went wrong
type ClaimProvider ¶
ClaimProvider provides additional claims for a given user and audience
type ClaimValidation ¶
type ClaimValidation func(claims jwt.MapClaims) error
ClaimValidation perform validation over the tokens claims
func ValidateAudience ¶
func ValidateAudience(identifier string) ClaimValidation
ValidateAudience retrieves a ClaimValidation which validates that the 'aud' claim matches the identifier
type Credentials ¶
Credentials data to identify an user
type GinAuth ¶
type GinAuth interface { // AddAuthenticationEndpoint register an endpoint in the given path to perform the authentication AddAuthenticationEndpoint(route gin.IRouter, relativePath string) // AddAccessTokenEndpoint register an endpoint in the given path to generate a new AccessToken AddAccessTokenEndpoint(route gin.IRouter, authMiddleware func(ctx *gin.Context), relativePath string) // AddRefreshEndpoint register an endpoint in the given path to refresh both the RefreshToken and the AccessToken AddRefreshEndpoint(route gin.IRouter, authMiddleware func(ctx *gin.Context), relativePath string) // AddPubKeyEndpoint register an endpoint to retrieve the AddPubKeyEndpoint(route gin.IRouter, relativePath string) // AddAuthProtocol adds all previous endpoints AddAuthProtocol(route gin.IRouter, middleware func(ctx *gin.Context)) }
GinAuth is an abstraction to create a Auth server using the 'Gin' Framework
func BasicGinAuth ¶
func BasicGinAuth(c *GinAuthConfig) (GinAuth, error)
BasicGinAuth retrieves a new GinAuth using the basic configuration
func NewGinAuth ¶
func NewGinAuth(authorizers map[string]Authorizer, clProv ClaimProvider, signer TokenSigner, scopes ScopeProvider, clients UserAudValidator) (GinAuth, error)
NewGinAuth retrieves a new GinAuth
type GinAuthConfig ¶
type GinAuthConfig struct { UsrAuthorizer Authorizer ClientAuthorizer Authorizer ScopeProvider ScopeProvider AudValidator UserAudValidator ClaimProvider ClaimProvider SigningKey *ecdsa.PrivateKey AccessTknDuration time.Duration RefreshTknDuration time.Duration AppID string }
GinAuthConfig basic configuration to setup a GinAuth
type InvalidUser ¶
type InvalidUser error
InvalidUser indicates an error for the user authentication
type RequestAuthData ¶
RequestAuthData basic data extracted from the access token
type ScopeProvider ¶
type ScopeProvider func(userID string, grant string, resourceID string, requested Scopes) (Scopes, error)
ScopeProvider retrieves, from the requested scopes, the ones that are actually granted for the user
type Scopes ¶
type Scopes []string
Scopes is a mechanism in OAuth 2.0 to limit an application's access to a user's account.
type SignerConfig ¶
type SignerConfig struct { SigningKey *ecdsa.PrivateKey AccessTknDuration time.Duration RefreshTknDuration time.Duration SignerIdentifier string }
SignerConfig configuration for a new TokenSigner
type TokenCredentials ¶
type TokenCredentials struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` }
TokenCredentials access_token + refresh_token (signed)
type TokenServer ¶
type TokenServer interface { Authorize(credentials Credentials, scopes Scopes, aud string) (*TokenCredentials, error) Refresh(refreshToken string, scopes Scopes) (*TokenCredentials, error) AccessToken(refreshToken string, scopes Scopes) (string, error) GetEncodedPubKey() string }
TokenServer is an Abstraction to authorize and generate credentials for a token base auth system
func NewTokenServer ¶
func NewTokenServer(c *TokenServerConfig) (TokenServer, error)
NewTokenServer retrieves a TokenServer
type TokenServerConfig ¶
type TokenServerConfig struct { Authorizers map[string]Authorizer Signer TokenSigner ScopesProvider ScopeProvider ClientValidator UserAudValidator ClaimProvider ClaimProvider }
TokenServerConfig parameters needed to invoke NewTokenServer
type TokenSigner ¶
type TokenSigner interface { GetAccessToken(userID string, scopes Scopes, grantType string, aud string, claims ...Claim) (string, error) GetRefreshToken(userID string, grantType string, aud string, claims ...Claim) (string, error) ParseToken(token string) (jwt.MapClaims, error) GetSigningKey() ecdsa.PrivateKey }
TokenSigner abstraction to handle token creation
func NewTokenSigner ¶
func NewTokenSigner(c *SignerConfig) TokenSigner
NewTokenSigner return an instance of TokenSigner
type UnknownAudience ¶
type UnknownAudience error
UnknownAudience indicates an error related with the audience requested