Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrISSClaimMissing is returned when the secret ID key is missing from the JWT token claims. ErrISSClaimMissing = errors.New("ISS missing from JWT claims") // ErrCannotFindIdentity is returned when an identity cannot be located for an ISS key. ErrCannotFindIdentity = errors.New("identity cannot be located for ISS claim") // ErrScopesInvalid is returned when an error occurs parsing scopes from JWT claims ErrScopesInvalid = errors.New("invalid scopes in JWT claims") ErrScopesUnauthorized = errors.New("scopes not authorized for ISS") )
var ( // ErrContextUnexpectedScopesType is returned when the scopes embedded within a context // is not the expected slice of strings type ErrContextUnexpectedScopesType = errors.New("invalid type for scopes within context") )
Functions ¶
func ScopesFromContext ¶
ScopesFromContext retrieves the string slices for the ScopesKey within a context.Context If the value for the key ScopesKey is not a slice of strings, an error ErrContextUnexpectedScopesType is returned If the scopes are not present, then the ok boolean is false
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator performs a simple authentication flow for a given jwt token. It decorates a Fetcher implementation to fetch secrets for given keys issued within a JWT token ISS issuer claim.
type ContextKey ¶
type ContextKey string
ContextKey is a string used as a key in context and jwt transit
const ( // ScopesKey is the string scopes, used with a context and a jwt.JWT claim ScopesKey ContextKey = "scopes" )
func (ContextKey) String ¶
func (c ContextKey) String() string
String returns the underlying string type of the ContextKey
type Option ¶
type Option func(*Authenticator)
Option is a function which manipulates the state of an Authenticator
func WithAudience ¶
WithAudience enforces the audience within the JWT claims at validation
func WithExpirationLeeway ¶
WithExpirationLeeway sets the JWT validators expiration duration
func WithNotBeforeLeeway ¶
WithNotBeforeLeeway sets the JWT validators not before leeway duration
func WithSubject ¶
WithSubject enforces the subject within the JWT claims at validation