server

package
v0.0.0-...-5d2cd60 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const FakeAudience = "example-users"
View Source 
const FakeIssuer = "fake-issuer"
View Source 
const JWTClaimsContextKey = "jwt_claims"
View Source 
const KeyID = `fake-key-id`
View Source 
const PermissionsClaim = "perm"
View Source 
const PrivateKey = `` /* 226-byte string literal not displayed */

PrivateKey is an ECDSA private key which was generated with the following command: 

openssl ecparam -name prime256v1 -genkey -noout -out ecprivatekey.pem

We are using a hard coded key here in this example, but in real applications, you would never do this. Your JWT signing key must never be in your application, only the public key.

Variables

View Source 
var (
	ErrNoAuthHeader      = errors.New("Authorization header is missing")
	ErrInvalidAuthHeader = errors.New("Authorization header is malformed")
	ErrClaimsInvalid     = errors.New("Provided claims do not match expected scopes")
)

Functions

func Authenticate 

func Authenticate(v JWSValidator, ctx context.Context, input *openapi3filter.AuthenticationInput) error

Authenticate uses the specified validator to ensure a JWT is valid, then makes sure that the claims provided by the JWT match the scopes as required in the API.

func CheckTokenClaims 

func CheckTokenClaims(expectedClaims []string, t jwt.Token) error

func CreateMiddleware 

func CreateMiddleware(v JWSValidator) ([]echo.MiddlewareFunc, error)

func GetClaimsFromToken 

func GetClaimsFromToken(t jwt.Token) ([]string, error)

GetClaimsFromToken returns a list of claims from the token. We store these as a list under the "perms" claim, short for permissions, to keep the token shorter.

func GetJWSFromRequest 

func GetJWSFromRequest(req *http.Request) (string, error)

GetJWSFromRequest extracts a JWS string from an Authorization: Bearer <jws> header

func NewAuthenticator 

func NewAuthenticator(v JWSValidator) openapi3filter.AuthenticationFunc

func NewServer 

func NewServer() *server

Types

type FakeAuthenticator 

type FakeAuthenticator struct {
	PrivateKey *ecdsa.PrivateKey
	KeySet     jwk.Set
}

func NewFakeAuthenticator 

func NewFakeAuthenticator() (*FakeAuthenticator, error)

NewFakeAuthenticator creates an authenticator example which uses a hard coded ECDSA key to validate JWT's that it has signed itself.

func (*FakeAuthenticator) CreateJWSWithClaims 

func (f *FakeAuthenticator) CreateJWSWithClaims(claims []string) ([]byte, error)

CreateJWSWithClaims is a helper function to create JWT's with the specified claims.

func (*FakeAuthenticator) SignToken 

func (f *FakeAuthenticator) SignToken(t jwt.Token) ([]byte, error)

SignToken takes a JWT and signs it with our private key, returning a JWS.

func (*FakeAuthenticator) ValidateJWS 

func (f *FakeAuthenticator) ValidateJWS(jwsString string) (jwt.Token, error)

ValidateJWS ensures that the critical JWT claims needed to ensure that we trust the JWT are present and with the correct values.

type JWSValidator 

type JWSValidator interface {
	ValidateJWS(jws string) (jwt.Token, error)
}

JWSValidator is used to validate JWS payloads and return a JWT if they're valid

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.