README
¶
hola - JWT authorization toolkit
Simple micro-service toolkit which uses JWT to provide OpenID style authentication components.
Components
github.com/georgemac/hola/lib/identity
Identity primitives and storage interface
This package defines the Identity "primitive", which encapsulates a key, a secret, a set of scopes and a signature method.
The package also contains an interface which models a mechanism for secret storage and retrieval. The identity.Storage interfaces
describes what is required to be exposed by a storage layer, in order for it to be useful within a hola authentication flow.
github.com/georgemac/hola/lib/auth
Simple secret retrieval and verification flow
The auth package exposes an Authenticator type, which wraps an identity.Storage and implements
a simple token retrieval, verification and scope verification flow. It uses the tokens ISS claim as a key for the storage implementation.
github.com/georgemac/hola/lib/middleware
A set of transport middleware which use the simple
holaauthentication flow.
middleware.HTTPis an implementation ofhttp.Handlerwhich decorates another implementation ofhttp.Handler. It parses a JWT token from the request and then fetches an associated identity using an embeddedauthentication.Authenticator. If the token and its scope claims are verified, the scopes are bundled in to the requests context.Context and the underlyinghttp.Handleris called. Otherwise, an appropriate http status code is formed from the error type and the middleware returns.
Directories