token

package
v0.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 13, 2025 License: MIT Imports: 5 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrUnknownTokenService is returned when a token name is
	// requested that isn't registered.
	ErrUnknownTokenService = errors.New("no token service with that name exists")

	// ErrKeyUnavailable signifies that at least one key is
	// unavailable to the token service.  For token systems that
	// use symmetric cryptography this is fatal, for token systems
	// that use asymmetric cryptography, this may be acceptable if
	// all you want to do is verify a token with a public key.
	ErrKeyUnavailable = errors.New("a required key is not available")

	// ErrKeyGenerationDisabled is returned when no keys were
	// available to load, and the option to generate keys has been
	// set false.
	ErrKeyGenerationDisabled = errors.New("key generation is disabled")

	// ErrInternalError captures all unidentified error cases
	// within various token services.
	ErrInternalError = errors.New("an unrecoverable internal error has occurred")

	// ErrTokenInvalid is returned for generic cases where the
	// token is invalid for some reason.
	ErrTokenInvalid = errors.New("the provided token is invalid")
)

Functions

func Register 

func Register(name string, impl Factory)

Register is called by implementations to register ServiceFactory functions.

func SetLifetime 

func SetLifetime(t time.Duration)

SetLifetime sets up the lifetime used by tokens that are issued later on.

func SetParentLogger 

func SetParentLogger(l hclog.Logger)

SetParentLogger sets the parent logger for this instance.

Types

type Claims 

type Claims struct {
	EntityID     string
	Capabilities []pb.Capability
}

Claims is a type that contains the claims that all tokens shall have. Implementations may embed additional messages, but these cliams must exist here.

func (*Claims) HasCapability 

func (c *Claims) HasCapability(cap pb.Capability) bool

HasCapability is a convenience function to determine if the provided token contains the requested capability. The capability GLOBAL_ROOT will cause the function to return true immediately as GLOBAL_ROOT counts for all capabilities.

type Config 

type Config struct {
	Lifetime  time.Duration
	Issuer    string
	IssuedAt  time.Time
	NotBefore time.Time
}

The Config struct contains information that should be used when generating a token.

func GetConfig 

func GetConfig() Config

GetConfig returns a struct containing the configuration for the token service to use while issuing tokens.

type Factory 

type Factory func(hclog.Logger, keyprovider.KeyProvider) (Service, error)

A Factory returns a token service when called.

type Service 

type Service interface {
	Generate(Claims, Config) (string, error)
	Validate(string) (Claims, error)
}

The Service type defines the required interface for the Token Service. The service must generate tokens, and be able to validate them.

func New 

func New(backend string, kp keyprovider.KeyProvider) (Service, error)

New returns an initialized token service based on the value of the --token_impl flag.

Source Files

View all Source files

Directories

Path Synopsis
fs
Package fs implements a filesystem based token cache.
 Package fs implements a filesystem based token cache.
memory
Package memory implements an in-memory token cache.
 Package memory implements an in-memory token cache.
fs
mock
Package null implements a testing shim for testing the token system and some higher level components.
 Package null implements a testing shim for testing the token system and some higher level components.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.