auth

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AudienceAPI     = "m8api"
	AudienceK8sAuth = "k8sauth"
)
View Source 
const (
	HeaderAuthId              = "x-auth-id"
	HeaderAuthName            = "x-auth-name"
	HeaderAuthEmail           = "x-auth-email"
	HeaderAuthNotBefore       = "x-auth-not-before"
	HeaderAuthNotBeforeFormat = time.RFC3339
	HeaderForwardedClientCert = "x-forwarded-client-cert"
	HeaderAuthorization       = "authorization"
	AuthScheme                = "bearer"
)

Variables

This section is empty.

Functions

func NewApiToken added in v0.3.0 

func NewApiToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration, scopes []gateway.AuthorizationScope) *jwt.AuthToken

func NewAuthToken added in v0.3.0 

func NewAuthToken(claims *jwt.StandardClaims, issuer, userId string, validity time.Duration) *jwt.AuthToken

func NewKubernetesAuthToken added in v0.3.0 

func NewKubernetesAuthToken(claims *jwt.StandardClaims, clusterClaim *jwt.ClusterClaim, issuer, userId string, validity time.Duration) *jwt.AuthToken

Types

type Client added in v0.3.0 

type Client struct {
	// contains filtered or unexported fields
}

Implements an OIDC client which authenticates to an upstream IDP

func NewClient added in v0.3.0 

func NewClient(config *ClientConfig) *Client

func (*Client) Exchange added in v0.3.0 

func (n *Client) Exchange(ctx context.Context, code, state string) (*jwt.StandardClaims, error)

Exchange exchanges the auth code with a token of the upstream IDP and verifies the claims

func (*Client) GetAuthCodeURL added in v0.3.0 

func (n *Client) GetAuthCodeURL(redirectUrl string) (string, string, error)

AuthCodeURL returns a URL to OAuth 2.0 provider's consent page that asks for permissions for the required scopes explicitly.

func (*Client) SetupOIDC added in v0.3.0 

func (n *Client) SetupOIDC(ctx context.Context) error

type ClientConfig added in v0.3.0 

type ClientConfig struct {
	IdentityProvider string // URL of the upstream identity provider
	Scopes           []string
	OfflineAsScope   bool
	Nonce            string
	ClientId         string
	ClientSecret     string
	RedirectURIs     []string
}

type Server added in v0.3.0 

type Server struct {
	// contains filtered or unexported fields
}

Server implements a very basic OIDC server which issues and validates tokens

func NewServer added in v0.3.0 

func NewServer(config *ServerConfig, signer jwt.JWTSigner, verifier jwt.JWTVerifier) *Server

NewServer creates a new OIDC server

func (*Server) Authorize added in v0.3.0 

func (n *Server) Authorize(ctx context.Context, token string, claims interface{}) error

Authorize parses the raw JWT, verifies the content against the public key of the verifier and parses the claims

func (*Server) IssueToken added in v0.3.0 

func (n *Server) IssueToken(ctx context.Context, upstreamClaims *jwt.StandardClaims, userId string) (string, *jwt.AuthToken, error)

IssueToken wraps the upstream claims in a JWT signed by Monoskope

func (*Server) Keys added in v0.3.0 

func (n *Server) Keys() *jose.JSONWebKeySet

type ServerConfig added in v0.3.0 

type ServerConfig struct {
	URL           string
	TokenValidity time.Duration
}

type State 

type State struct {
	Callback string `form:"callback" json:"callback,omitempty"`
}

func DecodeState 

func DecodeState(encoded string) (*State, error)

func (*State) Encode 

func (state *State) Encode() (string, error)

func (*State) IsValid 

func (state *State) IsValid() bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.