Documentation
¶
Index ¶
Constants ¶
const ( // TokenTypeHS256 - A constant string representing the HS256 token signing method TokenTypeHS256 string = "HS256" // TokenTypeRS256 - A constant string representing the RS256 token signing method TokenTypeRS256 string = "RS256" )
TODO: These should probably be a type alias called TokenType
Variables ¶
var ErrServerAlreadyExists = credstackError.NewError(409, "SERVER_ALREADY_EXIST", "resource_server: Resource Server already exists under the specified domain")
ErrServerAlreadyExists - Provides a named error for when you try to insert an API with a domain that already exists
var ErrServerDoesNotExist = credstackError.NewError(404, "SERVER_DOES_NOT_EXIST", "resource_server: Resource Server does not exist under the specified domain")
ErrServerDoesNotExist - Provides a named error for when you try and fetch an API with a domain that does not exist
var ErrServerMissingId = credstackError.NewError(400, "SERVER_MISSING_ID", "resource_server: Resource Server is missing a domain identifier or a name")
ErrServerMissingId - Provides a named error for when you try and insert or fetch an API with no domain or name
var TokenTypes = []string{TokenTypeHS256, TokenTypeRS256}
TokenTypes - Provides a slice of possible values for token types
Functions ¶
func Delete ¶
Delete - Completely removes the API from Credstack. A valid, non-empty domain must be provided here to serve as the lookup key. If DeletedCount == 0 here, then the API is considered not to exist. Any other errors here are propagated through the error return type
func New ¶
New - Creates a new ResourceServer for use with credstack. While the application determines your use case for authentication, the API controls both what claims get inserted into generated tokens, but also what token types you utilize. Additionally, it controls if RBAC is enforced on the ResourceServer (validation of scopes and roles). This gets disabled by default, to ensure the caller is fully aware of how the ResourceServer authenticates users.
Any errors propagated here are returned. Little validation needs to happen on this model, so it only ensures that you do not try and insert an ResourceServer with the same domain as an existing one
TODO: Update this to not generate a key everytime, only RS256 tokens need keys generated
func Update ¶
func Update(serv *server.Server, audience string, patch *ResourceServer) error
Update - Provides functionality for updating the ResourceServer connected to the given domain. Only the following fields can be updated here: Name, TokenType, EnforceRBAC, and Applications. To update any other fields, you must delete the existing API and then re-create it. The domain field is never mutable as this is used as the basis for header.Identifier
Types ¶
type ResourceServer ¶
type ResourceServer struct {
// header - The header for the API. Created at object birth
Header *header.Header `json:"header" bson:"header"`
// Name - The name of the API as defined by the user
Name string `json:"name" bson:"name"`
// Audience - A arbitrary domain used in the audience of issued tokens. Does not need to resolve to anything
Audience string `json:"audience" bson:"audience"`
// TokenType - The type of tokens that the API should validate
TokenType string `json:"token_type" bson:"token_type"`
// EnforceRBAC - If set to true, then the API will evaluate scopes and roles during validation (and will insert them as claims in the token)
EnforceRBAC bool `json:"enforce_rbac" bson:"enforce_rbac"`
}
ResourceServer - Represents the OAuth resource server and contains metadata for validating tokens
func Get ¶
func Get(serv *server.Server, audience string) (*ResourceServer, error)
Get - Fetches an ResourceServer document from the database. The domain parameter cannot be an empty string, but does not need to be a valid domain as this is used merely as an identifier. Named errors are propagated here and returned. If an error occurs, ResourceServer is returned as nil
func List ¶
func List(serv *server.Server, limit int) ([]*ResourceServer, error)
List - Lists all user defined ResourceServers present in the database. Optionally, a limit can be specified here to limit the amount of data returned at once. The maximum that can be returned in a single call is 10, and if a limit exceeds this, it will be reset to 10
func (*ResourceServer) GenerateToken ¶
func (api *ResourceServer) GenerateToken(serv *server.Server, application *client.Client, claims jwt.RegisteredClaims) (*token.Token, error)
GenerateToken - Generates a token based on the Application and ResourceServer that are passed in the parameter. Claims that are passed will be inserted into the generated token. Calling this function alone, does not store the tokens in the database and only generates the token. An instantiated server structure needs to be passed here to ensure that we can fetch the current active encryption key for token signing (RS256)
Source Files