Documentation
¶
Index ¶
- Constants
- Variables
- func GetOptionJWK(opts ...OptionJWK) optionsJWK
- func MapOptionKeyfunc(opt optionsJWK) keyfunc.Options
- type Action
- type AuthHeaderStyle
- type HostCookieName
- type InfKeyFunc
- type InfKeyFuncParser
- type InfProviderCert
- type JwkKeyFuncParse
- type KeyFound
- type KeyFuncMulti
- type MetaData
- type MultipleJWKS
- type MultipleJWKSKey
- type MultipleOptions
- type Oauth2
- type OptionJWK
- type Options
- type Provider
- type ProviderWrapper
- type Registry
- type Session
- func (m *Session) DelToken(c echo.Context) error
- func (m *Session) Do(next echo.HandlerFunc, c echo.Context) error
- func (m *Session) GetCookieName(c echo.Context) string
- func (m *Session) GetStore() StoreInf
- func (m *Session) GetToken(c echo.Context) (*TokenData, *Oauth2, error)
- func (m *Session) Init(ctx context.Context, name string) error
- func (m *Session) IsLogged(c echo.Context) (bool, error)
- func (m *Session) Middleware(ctx context.Context, name string) (echo.MiddlewareFunc, error)
- func (m *Session) RedirectToLogin(c echo.Context, store StoreInf, addRedirectPath bool, removeSession bool) error
- func (m *Session) RedirectToMain(c echo.Context) error
- func (m *Session) SetAction() error
- func (m *Session) SetStore(ctx context.Context) error
- func (m *Session) SetToken(c echo.Context, token []byte, providerName string) error
- type Store
- type StoreInf
- type Token
- type TokenData
Constants ¶
View Source
const ( CtxTokenHeaderKey = "token_header" CtxTokenHeaderDelKey = "token_header_delete" CtxDisableRedirectKey = "disable_redirect" CtxCookieNameKey = "cookie_name" )
Variables ¶
View Source
var ( ErrKIDNotFound = keyfunc.ErrKIDNotFound ErrTokenInvalid = fmt.Errorf("token is invalid") )
View Source
var ( TokenKey = "token" ProviderKey = "provider" )
View Source
var GlobalRegistry = &Registry{ Store: make(map[string]*Session), }
Functions ¶
func GetOptionJWK ¶
func GetOptionJWK(opts ...OptionJWK) optionsJWK
func MapOptionKeyfunc ¶
func MapOptionKeyfunc(opt optionsJWK) keyfunc.Options
Types ¶
type AuthHeaderStyle ¶
type AuthHeaderStyle int
AuthHeaderStyle is a type to set Authorization header style.
const ( AuthHeaderStyleBasic AuthHeaderStyle = iota AuthHeaderStyleBearerSecret AuthHeaderStyleParams )
type HostCookieName ¶
type InfKeyFunc ¶
type InfKeyFunc interface {
Keyfunc(token *jwt.Token) (interface{}, error)
}
type InfKeyFuncParser ¶
type InfKeyFuncParser interface {
InfKeyFunc
ParseWithClaims(tokenString string, claims jwt.Claims) (*jwt.Token, error)
}
type InfProviderCert ¶
type JwkKeyFuncParse ¶
type JwkKeyFuncParse struct {
KeyFunc func(token *jwt.Token) (interface{}, error)
}
func MultiJWTKeyFunc ¶
func MultiJWTKeyFunc(providers []InfProviderCert, opts ...OptionJWK) (*JwkKeyFuncParse, error)
MultiJWTKeyFunc returns a jwt.Keyfunc with multiple keyfunc.
Doesn't support introspect and noops, it will ignore them.
func (*JwkKeyFuncParse) Keyfunc ¶
func (j *JwkKeyFuncParse) Keyfunc(token *jwt.Token) (interface{}, error)
func (*JwkKeyFuncParse) ParseWithClaims ¶
func (j *JwkKeyFuncParse) ParseWithClaims(tokenString string, claims jwt.Claims) (*jwt.Token, error)
type KeyFound ¶
type KeyFound struct {
Key interface{}
Name string
}
func KeySelectorFirst ¶
func KeySelectorFirst(multiJWKS *MultipleJWKS, token *jwt.Token) (*KeyFound, error)
KeySelectorFirst returns the first key found in the multiple JWK Sets.
type KeyFuncMulti ¶
type KeyFuncMulti struct {
// contains filtered or unexported fields
}
func (*KeyFuncMulti) KeySelectorFirst ¶
func (k *KeyFuncMulti) KeySelectorFirst(multiJWKS *MultipleJWKS, token *jwt.Token) (interface{}, error)
func (*KeyFuncMulti) Keyfunc ¶
func (k *KeyFuncMulti) Keyfunc(token *jwt.Token) (interface{}, error)
type MultipleJWKS ¶
type MultipleJWKS struct {
// contains filtered or unexported fields
}
MultipleJWKS manages multiple JWKS and has a field for jwt.Keyfunc.
func GetMultiple ¶
func GetMultiple(multiple map[MultipleJWKSKey]keyfunc.Options, options MultipleOptions) (multiJWKS *MultipleJWKS, err error)
GetMultiple creates a new MultipleJWKS. A map of length one or more JWKS URLs to Options is required.
Be careful when choosing Options for each JWKS in the map. If RefreshUnknownKID is set to true for all JWKS in the map then many refresh requests would take place each time a JWT is processed, this should be rate limited by RefreshRateLimit.
func (*MultipleJWKS) Keyfunc ¶
func (m *MultipleJWKS) Keyfunc(token *jwt.Token) (interface{}, error)
Keyfunc matches the signature of github.com/golang-jwt/jwt/v5's jwt.Keyfunc function.
type MultipleJWKSKey ¶
type MultipleOptions ¶
type MultipleOptions struct {
KeySelector func(multiJWKS *MultipleJWKS, token *jwt.Token) (key interface{}, err error)
}
type Oauth2 ¶
type Oauth2 struct {
// ClientID is the application's ID.
ClientID string `cfg:"client_id"`
// ClientSecret is the application's secret.
ClientSecret string `cfg:"client_secret" log:"false"`
// Scope specifies optional requested permissions.
Scopes []string `cfg:"scopes"`
// CertURL is the resource server's public key URL.
CertURL string `cfg:"cert_url"`
// IntrospectURL is the check the active or not with request.
IntrospectURL string `cfg:"introspect_url"`
// AuthURL is the resource server's authorization endpoint
// use for redirection to login page.
AuthURL string `cfg:"auth_url"`
// TokenURL is the resource server's token endpoint URL.
TokenURL string `cfg:"token_url"`
LogoutURL string `cfg:"logout_url"`
// AuthHeaderStyle is optional. If not set, AuthHeaderStyleBasic will be used.
AuthHeaderStyle AuthHeaderStyle
}
type OptionJWK ¶
type OptionJWK func(options *optionsJWK)
func WithClient ¶
WithClient is used to set the http.Client used to fetch the JWKs.
func WithContext ¶
WithContext is used to set the context used to fetch the JWKs.
func WithIntrospect ¶
func WithKeyFunc ¶
func WithKeyFunc(keyFunc InfKeyFunc) OptionJWK
WithGivenKeys is used to set the given keys used to verify the token.
Return ErrKIDNotFound if the kid is not found.
Example:
// Create the JWKS from the given keys.
givenKeys := map[string]keyfunc.GivenKey{
"my-key-id": keyfunc.NewGivenHMAC(...),
}
jwks := keyfunc.NewGiven(givenKeys)
func WithRefreshErrorHandler ¶
WithRefreshErrorHandler sets the refresh error handler for the jwt.Key.
func WithRefreshInterval ¶
WithRefreshInterval sets the refresh interval for the jwt.Keyfunc default is 5 minutes.
type ProviderWrapper ¶
func (*ProviderWrapper) GetCertURL ¶
func (p *ProviderWrapper) GetCertURL() string
func (*ProviderWrapper) GetName ¶
func (p *ProviderWrapper) GetName() string
type Session ¶
type Session struct {
Store Store `cfg:"store"`
// Options for main cookie.
Options Options `cfg:"options"`
// CookieName for default cookie name.
// Overwrite this value with 'cookie_name' ctx value.
CookieName string `cfg:"cookie_name"`
// CookieNameHosts for cookie name by host with regexp.
CookieNameHosts []HostCookieName `cfg:"cookie_name_hosts"`
Action Action `cfg:"action"`
Provider map[string]Provider `cfg:"provider"`
// contains filtered or unexported fields
}
func (*Session) GetCookieName ¶
func (*Session) Middleware ¶
func (*Session) RedirectToLogin ¶
func (*Session) RedirectToMain ¶
type Token ¶
type Token struct {
LoginPath string `cfg:"login_path"`
DisableRefresh bool `cfg:"disable_refresh"`
InsecureSkipVerify bool `cfg:"insecure_skip_verify"`
// contains filtered or unexported fields
}
func (*Token) GetKeyFunc ¶
func (t *Token) GetKeyFunc() InfKeyFuncParser
type TokenData ¶
type TokenData struct {
AccessToken string `json:"access_token"`
ExpiresIn int `json:"expires_in"`
RefreshExpiresIn int `json:"refresh_expires_in"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
NotBeforePolicy int `json:"not-before-policy"`
SessionState string `json:"session_state"`
Scope string `json:"scope"`
IDToken string `json:"id_token"`
}
func ParseToken ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.