Documentation ¶
Overview ¶
Package zalando contains Zalando specific definitions for authorization.
Index ¶
- Variables
- func GroupCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
- func NoAuthorization() func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
- func RequestTeamInfo(tc *ginoauth2.TokenContainer, uri string) ([]byte, error)
- func UidCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
- type AccessTuple
- type TeamInfo
Constants ¶
This section is empty.
Variables ¶
var AccessTuples []AccessTuple
AccessTuples has to be set by the client to grant access.
var OAuth2Endpoint = oauth2.Endpoint{
AuthURL: "https://token.auth.zalando.com/access_token",
TokenURL: "https://info.services.auth.zalando.com/oauth2/tokeninfo",
}
OAuth2Endpoint is similar to the definitions in golang.org/x/oauth2
var TeamAPI string = "https://teams.auth.zalando.com/api/teams"
TeamAPI is a custom API
Functions ¶
func GroupCheck ¶
func GroupCheck(at []AccessTuple) func(tc *ginoauth2.TokenContainer, ctx *gin.Context) bool
GroupCheck is an authorization function that checks, if the Token was issued for an employee of a specified team. The given TokenContainer must be valid. As side effect it sets "uid" and "team" in the gin.Context to the "official" team.
func NoAuthorization ¶
NoAuthorization sets "team" and "uid" in the context without checking if the user/team is authorized.
func RequestTeamInfo ¶
RequestTeamInfo is a function that returns team information for a given token.
Types ¶
type AccessTuple ¶
type AccessTuple struct { Realm string `yaml:"realm,omitempty"` // p.e. "employees", "services" Uid string `yaml:"uid,omitempty"` // UnixName Cn string `yaml:"cn,omitempty"` // RealName }
AccessTuple is the type defined for use in AccessTuples.