auth

Documentation

Index

• Variables
• func RequireBearerToken(verifier TokenVerifier, opts *RequireBearerTokenOptions) func(http.Handler) http.Handler
• type RequireBearerTokenOptions
• type TokenInfo
  • func TokenInfoFromContext(ctx context.Context) *TokenInfo
• type TokenVerifier

Variables

var ErrInvalidToken = errors.New("invalid token")

The error that a TokenVerifier should return if the token cannot be verified.

Functions

func RequireBearerToken

func RequireBearerToken(verifier TokenVerifier, opts *RequireBearerTokenOptions) func(http.Handler) http.Handler

RequireBearerToken returns a piece of middleware that verifies a bearer token using the verifier. If verification succeeds, the TokenInfo is added to the request's context and the request proceeds. If verification fails, the request fails with a 401 Unauthenticated, and the WWW-Authenticate header is populated to enable protected resource metadata.

Types

type RequireBearerTokenOptions

type RequireBearerTokenOptions struct {
	// The URL for the resource server metadata OAuth flow, to be returned as part
	// of the WWW-Authenticate header.
	ResourceMetadataURL string
	// The required scopes.
	Scopes []string
}

RequireBearerTokenOptions are options for RequireBearerToken.

type TokenInfo

type TokenInfo struct {
	Scopes     []string
	Expiration time.Time
	// TODO: add standard JWT fields
	Extra map[string]any
}

TokenInfo holds information from a bearer token.

func TokenInfoFromContext

func TokenInfoFromContext(ctx context.Context) *TokenInfo

TokenInfoFromContext returns the TokenInfo stored in ctx, or nil if none.

type TokenVerifier

type TokenVerifier func(ctx context.Context, token string) (*TokenInfo, error)

A TokenVerifier checks the validity of a bearer token, and extracts information from it. If verification fails, it should return an error that unwraps to ErrInvalidToken.