authn

package

v1.2.1 Latest Latest Go to latest Published: Jan 29, 2024 License: LGPL-3.0 Imports: 13 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/keratin/authn-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Configure(config Config) error
func SubjectFrom(idToken string) (string, error)
type Account
type Claims
type Client
- func NewClient(config Config) (*Client, error)
type Config
type ErrorResponse
type FieldError
- func (f FieldError) String() string
type JWKProvider
type JWTClaimsExtractor
- func NewIDTokenVerifier(issuer, audience string, keychain JWKProvider) (JWTClaimsExtractor, error)

Constants ¶

View Source

const (
	DefaultKeychainTTL = 60
)

Variables ¶

View Source

var ErrInvalidOptions = errors.New("invalid options for SubjectFrom")

ErrInvalidOptions is returned by SubjectFrom if invalid options are used

View Source

var ErrNoKey = errors.New("No keys found")

Functions ¶

func Configure ¶

func Configure(config Config) error

Configure initializes the default AuthN client with the given config. This is necessary to use authn.SubjectFrom without keeping a reference to your own AuthN client.

func SubjectFrom ¶

func SubjectFrom(idToken string) (string, error)

SubjectFrom will use the the client configured by Configure to extract a subject from the given idToken.

Types ¶

type Account ¶ added in v1.0.0

type Account struct {
	ID       int    `json:"id"`
	Username string `json:"username"`
	Locked   bool   `json:"locked"`
	Deleted  bool   `json:"deleted"`
}

Account is an AuthN user account

type Claims ¶ added in v1.2.0

type Claims struct {
	AuthTime  *jwt.NumericDate `json:"auth_time"`
	SessionID string           `json:"sid"`
	jwt.Claims
}

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client provides JWT verification for ID tokens generated by the AuthN server. In the future it will also implement the server's private APIs (aka admin actions).

var DefaultClient *Client

DefaultClient can be initialized by Configure and used by SubjectFrom.

func NewClient ¶

func NewClient(config Config) (*Client, error)

NewClient returns an initialized and configured Client.

func (*Client) ArchiveAccount ¶ added in v1.0.0

func (ac *Client) ArchiveAccount(id string) error

ArchiveAccount archives the account with the associated id

func (*Client) ClaimsFrom ¶ added in v1.2.0

func (ac *Client) ClaimsFrom(idToken string) (*Claims, error)

ClaimsFrom will return all verified claims inside the given idToken if and only if the token is a valid JWT that passes all verification requirements. If the JWT does not verify, the returned error will explain why. This is for debugging purposes.

func (*Client) ClaimsFromWithAudience ¶ added in v1.2.0

func (ac *Client) ClaimsFromWithAudience(idToken string, audience jwt.Audience) (*Claims, error)

ClaimsFromWithAudience works like ClaimsFrom but allows specifying a different JWT audience.

func (*Client) ExpirePassword ¶ added in v1.0.0

func (ac *Client) ExpirePassword(id string) error

ExpirePassword expires the password of the account with the associated id

func (*Client) GetAccount ¶ added in v1.0.0

func (ac *Client) GetAccount(id string) (*Account, error)

GetAccount gets the account with the associated id

func (*Client) ImportAccount ¶ added in v1.0.0

func (ac *Client) ImportAccount(username, password string, locked bool) (int, error)

ImportAccount imports an account with the provided information, returns the imported account id

func (*Client) LockAccount ¶ added in v1.0.0

func (ac *Client) LockAccount(id string) error

LockAccount locks the account with the associated id

func (*Client) ServerStats ¶ added in v1.0.0

func (ac *Client) ServerStats() (*http.Response, error)

ServerStats gets the http response object from calling the server stats endpoint

func (*Client) ServiceStats ¶ added in v1.0.0

func (ac *Client) ServiceStats() (*http.Response, error)

ServiceStats gets the http response object from calling the service stats endpoint

func (*Client) SubjectFrom ¶

func (ac *Client) SubjectFrom(idToken string) (string, error)

SubjectFrom will return the subject inside the given idToken if and only if the token is a valid JWT that passes all verification requirements. The returned value is the AuthN server's account ID and should be used as a unique foreign key in your users data.

If the JWT does not verify, the returned error will explain why. This is for debugging purposes.

func (*Client) SubjectFromWithAudience ¶ added in v1.1.0

func (ac *Client) SubjectFromWithAudience(idToken string, audience jwt.Audience) (string, error)

SubjectFromWithAudience works like SubjectFrom but allows specifying a different JWT audience.

func (*Client) UnlockAccount ¶ added in v1.0.0

func (ac *Client) UnlockAccount(id string) error

UnlockAccount unlocks the account with the associated id

func (*Client) Update ¶ added in v1.0.0

func (ac *Client) Update(id, username string) error

Update updates the account with the associated id

type Config ¶

type Config struct {
	Issuer         string //the base url of the service handling authentication
	PrivateBaseURL string //overrides the base url for private endpoints
	Audience       string //the domain (host) of the main application
	Username       string //the http basic auth username for accessing private endpoints of the authn issuer
	Password       string //the http basic auth password for accessing private endpoints of the authn issuer
	KeychainTTL    int    //TTL for a key in keychain in minutes
}

Config is a configuration struct for Client

type ErrorResponse ¶ added in v1.1.0

type ErrorResponse struct {
	StatusCode int          `json:"-"`
	URL        string       `json:"-"`
	Errors     []FieldError `json:"errors"`
}

ErrorResponse is returned together with 4xx and 5xx HTTP status codes and contains a list of error conditions encountered while processing an API request It implements the error interface

func (*ErrorResponse) Error ¶ added in v1.1.0

func (e *ErrorResponse) Error() string

Error implements the error interface

func (*ErrorResponse) Field ¶ added in v1.1.0

func (e *ErrorResponse) Field(field string) (string, bool)

Field returns the error message for field if any

func (*ErrorResponse) HasField ¶ added in v1.1.0

func (e *ErrorResponse) HasField(field string) bool

HasField returns true if field caused an error

type FieldError ¶ added in v1.1.0

type FieldError struct {
	Field   string `json:"field"`
	Message string `json:"message"`
}

FieldError is a returned for each field in an API request that does not match the expectations. Examples are MISSING, TAKEN, INSECURE, ...

func (FieldError) String ¶ added in v1.1.0

func (f FieldError) String() string

String returns a string representation of f and implements fmt.Stringer

type JWKProvider ¶

type JWKProvider interface {
	Key(kid string) ([]jose.JSONWebKey, error)
}

Provides a JSON Web Key from a Key ID Wanted to use function signature from go-jose.v2 but that would make us lose error information

type JWTClaimsExtractor ¶

type JWTClaimsExtractor interface {
	GetVerifiedClaims(idToken string) (*Claims, error)
}

Extracts verified in-built claims from a jwt idToken

func NewIDTokenVerifier ¶

func NewIDTokenVerifier(issuer, audience string, keychain JWKProvider) (JWTClaimsExtractor, error)

NewIDTokenVerifier creates a new idTokenVerifier object by using keychain as the JWK provider Claims are verified against the values specified in config

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL