Documentation ¶
Overview ¶
Package auth bundles up functions and types used for authenticating and authorizing incoming requests.
Index ¶
- Variables
- func ContextWithOwner(ctx context.Context, owner models.Owner) context.Context
- func MergeOperationsAndScopes(requiredScopes ...map[Operation][]Scope) map[Operation][]Scope
- func OwnerFromContext(ctx context.Context) (models.Owner, bool)
- type Authorizer
- type Configuration
- type ContextKey
- type FromFileKeyResolver
- type JWKSResolver
- type KeyResolver
- type Operation
- type Scope
Constants ¶
This section is empty.
Variables ¶
var ( // Now allows test to override with specific time values Now = time.Now )
Functions ¶
func ContextWithOwner ¶
ContextWithOwner adds "owner" to "ctx".
func MergeOperationsAndScopes ¶
MergeOperationsAndScopes merges a and be together.
Types ¶
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer authorizes incoming requests.
func NewRSAAuthorizer ¶
func NewRSAAuthorizer(ctx context.Context, configuration Configuration) (*Authorizer, error)
NewRSAAuthorizer returns an Authorizer instance using values from configuration.
func (*Authorizer) AuthInterceptor ¶
func (a *Authorizer) AuthInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)
AuthInterceptor intercepts incoming gRPC requests and extracts and verifies accompanying bearer tokens.
type Configuration ¶
type Configuration struct { KeyResolver KeyResolver // Used to initialize and periodically refresh keys. KeyRefreshTimeout time.Duration // Keys are refreshed on this cadence. RequiredScopes map[Operation][]Scope // RequiredScopes are enforced if not nil. AcceptedAudiences []string // AcceptedAudiences enforces the aud keyClaim on the jwt. An empty string allows no aud keyClaim. }
Configuration bundles up creation-time parameters for an Authorizer instance.
type ContextKey ¶
type ContextKey string
ContextKey models auth-specific keys in a context.
var ( // ContextKeyOwner is the key to an owner value. ContextKeyOwner ContextKey = "owner" )
type FromFileKeyResolver ¶
type FromFileKeyResolver struct { KeyFiles []string // contains filtered or unexported fields }
FromFileKeyResolver resolves keys from 'KeyFile'.
func (*FromFileKeyResolver) ResolveKeys ¶
func (r *FromFileKeyResolver) ResolveKeys(context.Context) ([]interface{}, error)
ResolveKeys resolves an RSA public key from file for verifying JWTs.
type JWKSResolver ¶
type JWKSResolver struct { Endpoint *url.URL // If empty, will use all the keys provided by the jwks Endpoint. KeyIDs []string }
JWKSResolver resolves the key(s) with ID 'KeyID' from 'Endpoint' serving JWK sets.
func (*JWKSResolver) ResolveKeys ¶
func (r *JWKSResolver) ResolveKeys(ctx context.Context) ([]interface{}, error)
ResolveKeys resolves an RSA public key from file for verifying JWTs.
type KeyResolver ¶
type KeyResolver interface { // ResolveKey returns a public or private key, most commonly an rsa.PublicKey. ResolveKeys(context.Context) ([]interface{}, error) }
KeyResolver abstracts resolving keys.