Documentation
¶
Index ¶
Constants ¶
const (
// DiscoveryPath is the path to the discovery endpoint
DiscoveryPath = "/.well-known/openid-configuration"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AuthNConfig ¶
type AuthNConfig struct {
EnforceDPoP bool `yaml:"enforceDPoP" json:"enforceDPoP" default:"true"`
Issuer string `yaml:"issuer" json:"issuer"`
Audience string `yaml:"audience" json:"audience"`
OIDCConfiguration `yaml:"-" json:"-"`
Policy PolicyConfig `yaml:"policy" json:"policy" mapstructure:"policy"`
CacheRefresh string `mapstructure:"cache_refresh_interval"`
}
AuthNConfig is the configuration need for the platform to validate tokens
type Authentication ¶
type Authentication struct {
// contains filtered or unexported fields
}
Authentication holds a jwks cache and information about the openid configuration
func NewAuthenticator ¶
func NewAuthenticator(ctx context.Context, cfg Config) (*Authentication, error)
Creates new authN which is used to verify tokens for a set of given issuers
func (Authentication) MuxHandler ¶
func (a Authentication) MuxHandler(handler http.Handler) http.Handler
verifyTokenHandler is a http handler that verifies the token
func (Authentication) UnaryServerInterceptor ¶
func (a Authentication) UnaryServerInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)
UnaryServerInterceptor is a grpc interceptor that verifies the token in the metadata
type CasbinConfig ¶
type CasbinConfig struct {
PolicyConfig
}
type Config ¶
type Config struct {
Enabled bool `yaml:"enabled" default:"true" `
PublicRoutes []string `mapstructure:"-"`
AuthNConfig `mapstructure:",squash"`
}
AuthConfig pulls AuthN and AuthZ together
type Enforcer ¶
type Enforcer struct {
*casbin.Enforcer
Config CasbinConfig
Policy string
}
func NewCasbinEnforcer ¶
func NewCasbinEnforcer(c CasbinConfig) (*Enforcer, error)
newCasbinEnforcer creates a new casbin enforcer
type OIDCConfiguration ¶
type OIDCConfiguration struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
JwksURI string `json:"jwks_uri"`
ResponseTypesSupported []string `json:"response_types_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
RequireRequestURIRegistration bool `json:"require_request_uri_registration"`
}
OIDCConfiguration holds the openid configuration for the issuer. Currently only required fields are included (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata)
func DiscoverOIDCConfiguration ¶
func DiscoverOIDCConfiguration(ctx context.Context, issuer string) (*OIDCConfiguration, error)
DiscoverOPENIDConfiguration discovers the openid configuration for the issuer provided
Source Files