auth

package
v0.0.0-...-fbf9a92 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2021 License: GPL-3.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RoleAdmin     = "ADMIN"
	RolePowerUser = "POWERUSER"
	RoleUser      = "USER"
	RoleOrgAdmin  = "ORGADMIN"
)

These are the expected values for Claims.Roles.

View Source 
const Key ctxKey = 1

Key is used to store/retrieve a Claims value from a context.Context.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.

func NewAuthenticator 

func NewAuthenticator(key *rsa.PrivateKey, keyID, algorithm string, publicKeyFunc KeyFunc) (*Authenticator, error)

NewAuthenticator creates an *Authenticator for use. It will error if: - The private key is nil. - The public key func is nil. - The key ID is blank. - The specified algorithm is unsupported.

func (*Authenticator) GenerateToken 

func (a *Authenticator) GenerateToken(claims Claims) (string, error)

GenerateToken generates a signed JWT token string representing the user Claims.

func (*Authenticator) ParseClaims 

func (a *Authenticator) ParseClaims(tknStr string) (Claims, error)

ParseClaims recreates the Claims that were used to generate a token. It verifies that the token was signed using our key.

type Claims 

type Claims struct {
	Roles        []string `json:"roles"`
	User         string   `json:"user"`
	Organization string   `json:"organization"`
	jwt.StandardClaims
}

Claims represents the authorization claims transmitted via a JWT. TODO: add scope to claims

func NewClaims 

func NewClaims(subject string, user string, roles []string, organization string, now time.Time, expires time.Duration) Claims

NewClaims constructs a Claims value for the identified user. The Claims expire within a specified duration of the provided time. Additional fields of the Claims can be set after calling NewClaims is desired.

func (Claims) HasRole 

func (c Claims) HasRole(roles ...string) bool

HasRole returns true if the claims has at least one of the provided roles.

func (Claims) Valid 

func (c Claims) Valid() error

Valid is called during the parsing of a token.

type KeyFunc 

type KeyFunc func(keyID string) (*rsa.PublicKey, error)

KeyFunc is used to map a JWT key id (kid) to the corresponding public key. It is a requirement for creating an Authenticator.

* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by key id (kid).

* Key-id-to-public-key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.

func NewSingleKeyFunc 

func NewSingleKeyFunc(id string, key *rsa.PublicKey) KeyFunc

NewSingleKeyFunc is a simple implementation of KeyFunc that only ever supports one key. This is easy for development but in production should be replaced with a caching layer that calls a JWKS endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.