iap

package
Version: v0.0.0-...-51f9457 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 9, 2021 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package iap implements auth.Method for GCP's Identity Aware Proxy. It does payload verification according to the guide for using signed headers: https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AudForGAE

func AudForGAE(numericProjectID, appID string) string

AudForGAE returns an audience string for the GAE application as it will be formatted by IAP in the aseertion headers. This is a convenience method. For production use, one should use the cloud.google.com/go/compute/metadata to get the NumericProjectID and AppID properties on process startup.

func AudForGlobalBackendService

func AudForGlobalBackendService(projectNumber, backendServiceID string) string

AudForGlobalBackendService returns an audience string for a GCE or GKE application as it will be formatted by IAP in the aseertion headers. This is a convenience method.

Types

type IAPAuthMethod

type IAPAuthMethod struct {
	// Aud is the audience string as it should appear in JWTs intended for
	// validation by your service.
	Aud string
	// contains filtered or unexported fields
}

IAPAuthMethod implements auth.Method for use with GCP's Identity Aware Proxy.

func (*IAPAuthMethod) Authenticate

func (a *IAPAuthMethod) Authenticate(ctx context.Context, r *http.Request) (*auth.User, auth.Session, error)

Authenticate returns nil if no IAP assertion header is present, a User if authentication is successful, or an error if unable to validate and identify a user from the assertion header.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL