Documentation ¶
Index ¶
Constants ¶
const ( // DefaultContextKey declares default key which is used to store principal // in the echo.Context. DefaultContextKey = "user-context" // DefaultAuthHeaderName declares default header name used to update // access token on client web app. DefaultAuthHeaderName = "X-App-Auth" )
Variables ¶
This section is empty.
Functions ¶
func AccessToken ¶
func AccessToken( privateProviderID string, us authkit.MiddlewareUserService, tv authkit.TokenValidator) echo.MiddlewareFunc
AccessToken used to create middleware with mostly default configuration.
func AccessTokenWithConfig ¶
func AccessTokenWithConfig(config AccessTokenConfig) echo.MiddlewareFunc
AccessTokenWithConfig used to create middleware with provided configuration.
Types ¶
type AccessTokenConfig ¶
type AccessTokenConfig struct { // OAuth2 provider ID used to store and retrieve token from UserService. // Required. PrivateProviderID string // Context key to store user info into context. // Optional. Default value is "user-context". ContextKey string // Optional. Default value is DefaultPermissionMapper PermissionMapper authkit.PermissionMapper // Required. TokenValidator authkit.TokenValidator // Required. UserService authkit.MiddlewareUserService // OAuth2Config used to refresh OAuth2 token. // Optional. Default value is nil, which disables token refresh. OAuth2Config authkit.OAuth2Config // ContextCreator used to obtain context to store and refresh OAuth2 token. // Optional. Default value is nil, which disables token refresh. ContextCreator authkit.ContextCreator // AuthHeaderName is a name of header to be used to update auth token on // the client. AuthHeaderName string // RefreshAllowedInterval is an interval since access token expiration // during which it is allowed to refresh expired access token. // It is not quite similar to traditional HTTP session timeout, but // used for the same purpose. RefreshAllowedInterval time.Duration }
AccessTokenConfig is a configuration for AccessTokenWithConfig middleware.
type DefaultPermission ¶
DefaultPermission is a permission descriptor for Hydra-backed TokenValidator. Fields of this struct should be passed along with token to Hydra (or similar) API.
type DefaultPermissionMapper ¶
type DefaultPermissionMapper struct { // DefaultScopes added to calculated scope. DefaultScopes []string // ScopePrefix prefixes calculated scope name. ScopePrefix string // RootResName used for root path ("/"). RootResName string // DefaultScopes, ScopePrefix and RootResName are ignored when explicit // mapping exists for route. Mapping map[Route]DefaultPermission }
DefaultPermissionMapper maps method and path of request to DefaultPermission. See unit tests for additional info.
func (DefaultPermissionMapper) RequiredPermissioin ¶
func (m DefaultPermissionMapper) RequiredPermissioin(method, path string) (interface{}, error)
RequiredPermissioin maps method and path to Resource, Action and Scopes according to following rules. Resource is created from path with "rn:" prefix and slashes replaced to colons. Root resource replaced with "rn:root" or with "rn:" + RootResName. Scopes added to slice of DefaultScopes. Scope names created from path with slashes replaced with dots. Every created scope name is prefixed with ScopePrefix and postfixed with lower-cased http method name. Action is a lower-cased method name. See tests for examples.