Documentation ¶
Overview ¶
Package auth provides authentication and authorization support.
Index ¶
Constants ¶
const ( RoleAdmin = "ADMIN" RoleMaster = "MASTER" RoleOperator = "OPERATOR" )
These are the expected values for Claims.Roles.
const Key ctxKey = 1
Key is used to store/retrieve a Claims value from a context.Context.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.
func New ¶
func New(algorithm string, lookupFunc PublicKeyLookup, keys Keys) (*Auth, error)
New creates an *Authenticator.
An authenticator maintains the state required to handle JWT processing.
It requires a set of keys (Keys) for generating tokens. The algorithms to use (RS256 | HS256), and the key lookup function to perform the job of retrieving a public key for a given KID.
func (*Auth) AddKey ¶
func (a *Auth) AddKey(privateKey *rsa.PrivateKey, kid string)
AddKey adds a private key and kid to the local store.
func (*Auth) GenerateToken ¶
GenerateToken generates a JWT using the provided claims based on a given KID
type Claims ¶
type Claims struct { jwt.RegisteredClaims Roles []string `json:"roles"` }
Claims represents the authorization claims transmitted via a JWT.
type PublicKeyLookup ¶
KeyLookupFunc defines the signature of a function to lookup public keys.
In a production system, a key id (KID) is used to retrieve the correct public key to parse a JWT for auth and claims. A key lookup function is provided for retrieving a public key for a given KID.
A key lookup function is required for creating an Authenticator (type Auth).
* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by KID.
* KID to public key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.