auth

package
v0.0.0-...-5d5787e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2017 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrISSClaimMissing is returned when the secret ID key is missing from the JWT token claims.
	ErrISSClaimMissing = errors.New("ISS missing from JWT claims")

	// ErrCannotFindIdentity is returned when an identity cannot be located for an ISS key.
	ErrCannotFindIdentity = errors.New("identity cannot be located for ISS claim")

	// ErrScopesInvalid is returned when an error occurs parsing scopes from JWT claims
	ErrScopesInvalid = errors.New("invalid scopes in JWT claims")

	// ErrScopesUnauthorized is returned when the scopes present aren't valid for ISS key.
	ErrScopesUnauthorized = errors.New("scopes not authorized for ISS")
)
View Source 
var (
	// ErrContextUnexpectedScopesType is returned when the scopes embedded within a context
	// is not the expected slice of strings type
	ErrContextUnexpectedScopesType = errors.New("invalid type for scopes within context")
)

Functions

func ScopesFromContext 

func ScopesFromContext(ctxt context.Context) (scopes []string, ok bool, err error)

ScopesFromContext retrieves the string slices for the ScopesKey within a context.Context If the value for the key ScopesKey is not a slice of strings, an error ErrContextUnexpectedScopesType is returned If the scopes are not present, then the ok boolean is false

func WithScopes 

func WithScopes(ctxt context.Context, scopes []string) context.Context

WithScopes constructs a new context with the value scopes under the ScopesKey

Types

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator performs a simple authentication flow for a given jwt token. It decorates a Fetcher implementation to fetch secrets for given keys issued within a JWT token ISS issuer claim.

func New 

func New(storage identity.Fetcher, opts ...Option) *Authenticator

New create a new(Authenticator) around an identity fetcher implementation and a variadic set of Options.

func (*Authenticator) Validate 

func (a *Authenticator) Validate(token jwt.JWT) (scopes []string, err error)

Validate looks up a secrets with the underlying Storage implementation using the secret ID found within the claims of the JWT token.

type ContextKey 

type ContextKey string

ContextKey is a string used as a key in context and jwt transit 

const (
	// ScopesKey is the string scopes, used with a context and a jwt.JWT claim
	ScopesKey ContextKey = "scopes"
)

func (ContextKey) String 

func (c ContextKey) String() string

String returns the underlying string type of the ContextKey

type Option 

type Option func(*Authenticator)

Option is a function which manipulates the state of an Authenticator

func WithAudience 

func WithAudience(aud string) Option

WithAudience enforces the audience within the JWT claims at validation

func WithExpirationLeeway 

func WithExpirationLeeway(dur time.Duration) Option

WithExpirationLeeway sets the JWT validators expiration duration

func WithNotBeforeLeeway 

func WithNotBeforeLeeway(dur time.Duration) Option

WithNotBeforeLeeway sets the JWT validators not before leeway duration

func WithSubject 

func WithSubject(sub string) Option

WithSubject enforces the subject within the JWT claims at validation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.