Documentation
¶
Index ¶
- type AuthenticatorBase
- type IAuthnAuthenticator
- type JWTAuthenticator
- func (srv *JWTAuthenticator) AddSecurityScheme(tdoc *td.TD)
- func (svc *JWTAuthenticator) CreateToken(clientID string, validity time.Duration) (token string, validUntil time.Time, err error)
- func (svc *JWTAuthenticator) DecodeToken(token string, signedNonce string, nonce string) (clientID string, issuedAt time.Time, validUntil time.Time, err error)
- func (svc *JWTAuthenticator) GetAlg() (string, string)
- func (svc *JWTAuthenticator) SetAuthServerURI(serverURI string)
- func (svc *JWTAuthenticator) ValidateToken(token string) (clientID string, issuedAt time.Time, validUntil time.Time, err error)
- type PasetoAuthenticator
- func (srv *PasetoAuthenticator) AddSecurityScheme(tdoc *td.TD)
- func (svc *PasetoAuthenticator) CreateToken(clientID string, validity time.Duration) (token string, validUntil time.Time, err error)
- func (svc *PasetoAuthenticator) DecodeToken(sessionKey string, signedNonce string, nonce string) (clientID string, issuedAt time.Time, validUntil time.Time, err error)
- func (svc *PasetoAuthenticator) GetAlg() (string, string)
- func (svc *PasetoAuthenticator) SetAuthServerURI(serverURI string)
- func (svc *PasetoAuthenticator) ValidateToken(token string) (clientID string, issuedAt time.Time, validUntil time.Time, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticatorBase ¶
type AuthenticatorBase struct {
}
type IAuthnAuthenticator ¶
type IAuthnAuthenticator interface {
transports.IAuthenticator
// AddSecurityScheme adds the wot securityscheme to the given TD
AddSecurityScheme(tdoc *td.TD)
// CreateToken creates a signed authentication token for a client.
//
// The client must be a known client.
//
// If no session has started, a new one will be created. This is intended for
// issuing agent tokens (devices, services) where login is not applicable.
//
// Note that accidentally created tokens can be invalidated by invoking Logout.
// The authenticator tracks a sessionStart time and only tokens created
// after the sessionStart times are valid.
//
// clientID identifies the client
// validity is the duration of the token starting
//
// This returns an error if clientID is missing or validity is 0
CreateToken(clientID string, validity time.Duration) (token string, validUntil time.Time, err error)
// DecodeToken and return its claims
DecodeToken(token string, signedNonce string, nonce string) (
clientID string, issuedAt time.Time, validUntil time.Time, err error)
}
IAuthnAuthenticator is the interface of the authentication capability to obtain and validate authentication tokens.
type JWTAuthenticator ¶
type JWTAuthenticator struct {
AuthenticatorBase
//
AgentTokenValidityDays int
ConsumerTokenValidityDays int
ServiceTokenValidityDays int
// contains filtered or unexported fields
}
JWTAuthenticator for generating and validating session tokens. This implements the IAuthenticator interface
Sessions are stored in-memory by their 'sessionStart' time.
func NewJWTAuthenticator ¶
func NewJWTAuthenticator( authnStore authnstore.IAuthnStore, signingKey *ecdsa.PrivateKey, authServerURI string) *JWTAuthenticator
NewJWTAuthenticator returns a new instance of a JWT token authenticator
func (*JWTAuthenticator) AddSecurityScheme ¶
func (srv *JWTAuthenticator) AddSecurityScheme(tdoc *td.TD)
AddSecurityScheme adds the security scheme that this authenticator supports. http supports bearer tokens for request authentication, basic and digest authentication for logging in.
func (*JWTAuthenticator) CreateToken ¶
func (svc *JWTAuthenticator) CreateToken( clientID string, validity time.Duration) (token string, validUntil time.Time, err error)
CreateSessionToken creates a new session token for the client
clientID is the account ID of a known client sessionID for which this token is valid. Use clientID to allow no session (agents) validity is the token validity period.
This returns the token.
func (*JWTAuthenticator) DecodeToken ¶
func (svc *JWTAuthenticator) DecodeToken(token string, signedNonce string, nonce string) ( clientID string, issuedAt time.Time, validUntil time.Time, err error)
DecodeToken decodeds the given JWT token and returns its claims. optionally verify the signed nonce using the client's public key. This returns the auth info stored in the token.
nonce based verification to prevent replay attacks is intended for future version.
token is the jwt token string containing a session token This returns the authenticated clientID stored in the token and its expiry time, or an error if invalid.
func (*JWTAuthenticator) GetAlg ¶
func (svc *JWTAuthenticator) GetAlg() (string, string)
GetAlg returns the authentication scheme (jwt) and algorithm
func (*JWTAuthenticator) SetAuthServerURI ¶
func (svc *JWTAuthenticator) SetAuthServerURI(serverURI string)
SetAuthServerURI this sets the server endpoint needed to login. This is included when adding the TD security scheme in AddSecurityScheme()
func (*JWTAuthenticator) ValidateToken ¶
func (svc *JWTAuthenticator) ValidateToken(token string) ( clientID string, issuedAt time.Time, validUntil time.Time, err error)
ValidateToken verifies the token and client are valid.
type PasetoAuthenticator ¶
type PasetoAuthenticator struct {
AgentTokenValidityDays int
ConsumerTokenValidityDays int
ServiceTokenValidityDays int
// contains filtered or unexported fields
}
PasetoAuthenticator for generating and validating session tokens. This implements the IAuthenticator interface
Sessions are stored in-memory by their 'sessionStart' time.
func NewPasetoAuthenticator ¶
func NewPasetoAuthenticator( authnStore authnstore.IAuthnStore, signingKey ed25519.PrivateKey) *PasetoAuthenticator
NewPasetoAuthenticator returns a new instance of a Paseto token authenticator using the given signing key the session manager is used
func (*PasetoAuthenticator) AddSecurityScheme ¶
func (srv *PasetoAuthenticator) AddSecurityScheme(tdoc *td.TD)
AddSecurityScheme adds this authenticator's security scheme to the given TD. This authenticator uses paseto tokens as bearer tokens that can be obtained from the login authentication service.
func (*PasetoAuthenticator) CreateToken ¶
func (svc *PasetoAuthenticator) CreateToken(clientID string, validity time.Duration) ( token string, validUntil time.Time, err error)
CreateSessionToken creates a new token for the client
clientID is the account ID of a known client validity is the token validity period.
This returns the token
func (*PasetoAuthenticator) DecodeToken ¶
func (svc *PasetoAuthenticator) DecodeToken( sessionKey string, signedNonce string, nonce string) ( clientID string, issuedAt time.Time, validUntil time.Time, err error)
DecodeSessionToken verifies the given token and returns its claims. optionally verify the signed nonce using the client's public key. (todo) This returns the auth info stored in the token.
nonce based verification to prevent replay attacks is intended for future version.
token is the token string containing a session token This returns the authenticated clientID stored in the token and its expiry time, or an error if invalid.
func (*PasetoAuthenticator) GetAlg ¶
func (svc *PasetoAuthenticator) GetAlg() (string, string)
GetAlg returns the authentication scheme and algorithm
func (*PasetoAuthenticator) SetAuthServerURI ¶
func (svc *PasetoAuthenticator) SetAuthServerURI(serverURI string)
SetAuthServerURI this sets the server endpoint starting the authorization flow. This is included when adding the TD security scheme in AddSecurityScheme()
func (*PasetoAuthenticator) ValidateToken ¶
func (svc *PasetoAuthenticator) ValidateToken(token string) ( clientID string, issuedAt time.Time, validUntil time.Time, err error)
ValidateToken verifies the token and client are valid.
Source Files