README
¶
krakend-jose
JOSE component for the KrakenD framework
Documentation
¶
Index ¶
- Constants
- Variables
- func CanAccess(roleKey string, claims map[string]interface{}, required []string) bool
- func CanAccessNested(roleKey string, claims map[string]interface{}, required []string) bool
- func DecodeFingerprints(in []string) ([][]byte, error)
- func NewSigner(cfg *config.EndpointConfig, te auth0.RequestTokenExtractor) (*SignerConfig, Signer, error)
- func NewValidator(signatureConfig *SignatureConfig, ef ExtractorFactory) (*auth0.JWTValidator, error)
- func SecretProvider(cfg SecretProviderConfig, te auth0.RequestTokenExtractor) (*auth0.JWKClient, error)
- func SignFields(keys []string, signer Signer, response *proxy.Response) error
- type ChainedRejecterFactory
- type Dialer
- type ExtractorFactory
- type FixedRejecter
- type NopRejecterFactory
- type Rejecter
- type RejecterFactory
- type RejecterFactoryFunc
- type RejecterFunc
- type SecretProviderConfig
- type SignatureConfig
- type Signer
- type SignerConfig
Constants ¶
View Source
const ( ValidatorNamespace = "github.com/rast1025/krakend-jose/validator" SignerNamespace = "github.com/rast1025/krakend-jose/signer" )
Variables ¶
View Source
var ( ErrInsecureJWKSource = errors.New("JWK client is using an insecure connection to the JWK service") ErrPinnedKeyNotFound = errors.New("JWK client did not find a pinned key") )
View Source
var ( ErrNoValidatorCfg = errors.New("JOSE: no validator config") ErrNoSignerCfg = errors.New("JOSE: no signer config") )
View Source
var ( // DefaultEnabledCipherSuites is a collection of secure cipher suites to use DefaultEnabledCipherSuites = []uint16{ tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, } )
Functions ¶
func CanAccessNested ¶
func DecodeFingerprints ¶
func NewSigner ¶
func NewSigner(cfg *config.EndpointConfig, te auth0.RequestTokenExtractor) (*SignerConfig, Signer, error)
func NewValidator ¶
func NewValidator(signatureConfig *SignatureConfig, ef ExtractorFactory) (*auth0.JWTValidator, error)
func SecretProvider ¶
func SecretProvider(cfg SecretProviderConfig, te auth0.RequestTokenExtractor) (*auth0.JWKClient, error)
Types ¶
type ChainedRejecterFactory ¶
type ChainedRejecterFactory []RejecterFactory
ChainedRejecterFactory returns rejecters chaining every rejecter contained in tne collection
func (ChainedRejecterFactory) New ¶
func (c ChainedRejecterFactory) New(l logging.Logger, cfg *config.EndpointConfig) Rejecter
New returns a chainned rejected that evaluates all the rejecters until v is rejected or the chain is finished
type Dialer ¶
type Dialer struct {
// contains filtered or unexported fields
}
func NewDialer ¶
func NewDialer(cfg SecretProviderConfig) *Dialer
func (*Dialer) DialContext ¶
type ExtractorFactory ¶
type FixedRejecter ¶
type FixedRejecter bool
FixedRejecter is a rejecter that always returns the same bool response
func (FixedRejecter) Reject ¶
func (f FixedRejecter) Reject(_ map[string]interface{}) bool
Reject returns f
type NopRejecterFactory ¶
type NopRejecterFactory struct{}
NopRejecterFactory is a factory returning rejecters accepting all the tokens
func (NopRejecterFactory) New ¶
func (NopRejecterFactory) New(_ logging.Logger, _ *config.EndpointConfig) Rejecter
New returns a fixed rejecter that accepts all the tokens
type RejecterFactory ¶
type RejecterFactory interface {
New(logging.Logger, *config.EndpointConfig) Rejecter
}
RejecterFactory is a builder for rejecters
type RejecterFactoryFunc ¶
type RejecterFactoryFunc func(logging.Logger, *config.EndpointConfig) Rejecter
RejecterFactoryFunc is an adapter to use a function as rejecter factory
func (RejecterFactoryFunc) New ¶
func (f RejecterFactoryFunc) New(l logging.Logger, cfg *config.EndpointConfig) Rejecter
New calls f(l, cfg)
type RejecterFunc ¶
RejecterFunc is an adapter to use functions as rejecters
func (RejecterFunc) Reject ¶
func (r RejecterFunc) Reject(v map[string]interface{}) bool
Reject calls r(v)
type SecretProviderConfig ¶
type SignatureConfig ¶
type SignatureConfig struct {
Alg string `json:"alg"`
URI string `json:"jwk-url"`
CacheEnabled bool `json:"cache,omitempty"`
CacheDuration uint32 `json:"cache_duration,omitempty"`
Issuer string `json:"issuer,omitempty"`
Audience []string `json:"audience,omitempty"`
Roles []string `json:"roles,omitempty"`
RolesKey string `json:"roles_key,omitempty"`
RolesKeyIsNested bool `json:"roles_key_is_nested,omitempty"`
CookieKey string `json:"cookie_key,omitempty"`
CipherSuites []uint16 `json:"cipher_suites,omitempty"`
DisableJWKSecurity bool `json:"disable_jwk_security"`
Fingerprints []string `json:"jwk_fingerprints,omitempty"`
LocalCA string `json:"jwk_local_ca,omitempty"`
}
func GetSignatureConfig ¶
func GetSignatureConfig(cfg *config.EndpointConfig) (*SignatureConfig, error)
type SignerConfig ¶
type SignerConfig struct {
Alg string `json:"alg"`
KeyID string `json:"kid"`
URI string `json:"jwk-url"`
FullSerialization bool `json:"full,omitempty"`
KeysToSign []string `json:"keys-to-sign,omitempty"`
CipherSuites []uint16 `json:"cipher_suites,omitempty"`
DisableJWKSecurity bool `json:"disable_jwk_security"`
Fingerprints []string `json:"jwk_fingerprints,omitempty"`
LocalCA string `json:"jwk_local_ca,omitempty"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.