The highest tagged major version is
Documentation
¶
Overview ¶
Package trust implements jwt-bearer grant management capabilities
JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt. Client uses jwt to request access token to act as RO.
Index ¶
- Variables
- func TestHelperGrantManagerCreateGetDeleteGrant(m GrantManager) func(t *testing.T)
- func TestHelperGrantManagerErrors(m GrantManager) func(t *testing.T)
- type Grant
- type GrantManager
- type GrantValidator
- type Handler
- func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
- func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) List(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
- func (h *Handler) SetRoutes(admin *x.RouterAdmin)
- type InternalRegistry
- type PublicKey
- type Registry
- type SQLData
Constants ¶
This section is empty.
Variables ¶
var ErrMissingRequiredParameter = &fosite.RFC6749Error{ DescriptionField: "One of the required parameters is missing. Check your request parameters.", ErrorField: "missing_required_parameter", CodeField: http.StatusBadRequest, }
Functions ¶
func TestHelperGrantManagerCreateGetDeleteGrant ¶
func TestHelperGrantManagerCreateGetDeleteGrant(m GrantManager) func(t *testing.T)
func TestHelperGrantManagerErrors ¶
func TestHelperGrantManagerErrors(m GrantManager) func(t *testing.T)
Types ¶
type Grant ¶
type Grant struct {
ID string `json:"id"`
// Issuer identifies the principal that issued the JWT assertion (same as iss claim in jwt).
Issuer string `json:"issuer"`
// Subject identifies the principal that is the subject of the JWT.
Subject string `json:"subject"`
// Scope contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
Scope []string `json:"scope"`
// PublicKeys contains information about public key issued by Issuer, that will be used to check JWT assertion signature.
PublicKey PublicKey `json:"public_key"`
// CreatedAt indicates, when grant was created.
CreatedAt time.Time `json:"created_at"`
// ExpiresAt indicates, when grant will expire, so we will reject assertion from Issuer targeting Subject.
ExpiresAt time.Time `json:"expires_at"`
}
type GrantManager ¶
type GrantManager interface {
CreateGrant(ctx context.Context, g Grant, publicKey jose.JSONWebKey) error
GetConcreteGrant(ctx context.Context, id string) (Grant, error)
DeleteGrant(ctx context.Context, id string) error
GetGrants(ctx context.Context, limit, offset int, optionalIssuer string) ([]Grant, error)
CountGrants(ctx context.Context) (int, error)
FlushInactiveGrants(ctx context.Context, notAfter time.Time, limit int, batchSize int) error
}
type GrantValidator ¶
type GrantValidator struct {
}
func NewGrantValidator ¶
func NewGrantValidator() *GrantValidator
func (*GrantValidator) Validate ¶
func (v *GrantValidator) Validate(request createGrantRequest) error
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler(r InternalRegistry) *Handler
func (*Handler) Create ¶
func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
swagger:route POST /trust/grants/jwt-bearer/issuers admin trustJwtGrantIssuer
Trust an OAuth2 JWT Bearer Grant Type Issuer ¶
Use this endpoint to establish a trust relationship for a JWT issuer to perform JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523).
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 201: trustedJwtGrantIssuer 400: genericError 409: genericError 500: genericError
func (*Handler) Delete ¶
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route DELETE /trust/grants/jwt-bearer/issuers/{id} admin deleteTrustedJwtGrantIssuer
Delete a Trusted OAuth2 JWT Bearer Grant Type Issuer ¶
Use this endpoint to delete trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship.
Once deleted, the associated issuer will no longer be able to perform the JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grant.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 204: emptyResponse 404: genericError 500: genericError
func (*Handler) Get ¶
func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /trust/grants/jwt-bearer/issuers/{id} admin getTrustedJwtGrantIssuer
Get a Trusted OAuth2 JWT Bearer Grant Type Issuer ¶
Use this endpoint to get a trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you created the trust relationship. /
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: trustedJwtGrantIssuer 404: genericError 500: genericError
func (*Handler) List ¶
func (h *Handler) List(w http.ResponseWriter, r *http.Request, ps httprouter.Params)
swagger:route GET /trust/grants/jwt-bearer/issuers admin listTrustedJwtGrantIssuers
List Trusted OAuth2 JWT Bearer Grant Type Issuers ¶
Use this endpoint to list all trusted JWT Bearer Grant Type Issuers.
Consumes: - application/json Produces: - application/json Schemes: http, https Responses: 200: trustedJwtGrantIssuers 500: genericError
func (*Handler) SetRoutes ¶
func (h *Handler) SetRoutes(admin *x.RouterAdmin)
type InternalRegistry ¶
type InternalRegistry interface {
x.RegistryWriter
x.RegistryLogger
Registry
}
type Registry ¶
type Registry interface {
GrantManager() GrantManager
GrantValidator() *GrantValidator
}
Source Files