tokenauth

package

v0.1.20 Latest Latest Go to latest Published: Oct 11, 2021 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rokmetro/auth-library

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetRequestTokens(r *http.Request) (string, string, error)
type Claims
type TokenAuth
- func NewTokenAuth(acceptRokwireTokens bool, authService *authservice.AuthService, ...) (*TokenAuth, error)

Constants ¶

View Source

const (
	AudRokwire string = "rokwire"
)

Variables ¶

This section is empty.

Functions ¶

func GetRequestTokens ¶

func GetRequestTokens(r *http.Request) (string, string, error)

GetRequestTokens retrieves tokens from the request headers and/or cookies Mobile Clients/Secure Servers: Access tokens must be provided as a Bearer token

in the "Authorization" header

Web Clients: Access tokens must be provided in the "rokwire-access-token" cookie

and CSRF tokens must be provided in the "CSRF" header

Types ¶

type Claims ¶

type Claims struct {
	// Required Standard Claims: sub, aud, exp, iat
	jwt.StandardClaims
	OrgID       string `json:"org_id" validate:"required"`
	AppID       string `json:"app_id"`
	Purpose     string `json:"purpose" validate:"required"`
	AuthType    string `json:"auth_type" validate:"required"`
	Permissions string `json:"permissions"`
	Scope       string `json:"scope"`
	Anonymous   bool   `json:"anonymous"`

	//TODO: Once the new user ID scheme has been adopted across all services these claims should be removed
	UID   string `json:"uid,omitempty"`
	Email string `json:"email,omitempty"`
	Phone string `json:"phone,omitempty"`
}

Claims represents the standard claims included in access tokens

type TokenAuth ¶

type TokenAuth struct {
	// contains filtered or unexported fields
}

TokenAuth contains configurations and helper functions required to validate tokens

func NewTokenAuth ¶

func NewTokenAuth(acceptRokwireTokens bool, authService *authservice.AuthService, permissionAuth authorization.Authorization, scopeAuth authorization.Authorization) (*TokenAuth, error)

NewTokenAuth creates and configures a new TokenAuth instance authorization maybe nil if performing manual authorization

func (*TokenAuth) AuthorizeRequestPermissions ¶ added in v0.1.12

func (t *TokenAuth) AuthorizeRequestPermissions(claims *Claims, request *http.Request) error

AuthorizeRequestPermissions will authorize the request if the permissions claim passes the permissionsAuth

Returns nil on success and error on failure.

func (*TokenAuth) AuthorizeRequestScope ¶ added in v0.1.12

func (t *TokenAuth) AuthorizeRequestScope(claims *Claims, request *http.Request) error

AuthorizeRequestScope will authorize the request if the scope claim passes the scopeAuth

Returns nil on success and error on failure.

func (*TokenAuth) CheckRequestTokens ¶

func (t *TokenAuth) CheckRequestTokens(r *http.Request) (*Claims, error)

CheckRequestTokens is a convenience function which retrieves and checks any tokens included in a request and returns the access token claims Mobile Clients/Secure Servers: Access tokens must be provided as a Bearer token

in the "Authorization" header

Web Clients: Access tokens must be provided in the "rokwire-access-token" cookie

and CSRF tokens must be provided in the "CSRF" header

func (*TokenAuth) CheckToken ¶

func (t *TokenAuth) CheckToken(token string, purpose string) (*Claims, error)

CheckToken validates the provided token and returns the token claims

func (*TokenAuth) SetBlacklistSize ¶ added in v0.1.11

func (t *TokenAuth) SetBlacklistSize(size int)

SetBlacklistSize sets the maximum size of the token blacklist queue

The default value is 1024

func (*TokenAuth) ValidateCsrfTokenClaims ¶

func (t *TokenAuth) ValidateCsrfTokenClaims(accessClaims *Claims, csrfClaims *Claims) error

ValidateCsrfTokenClaims will validate that the CSRF token claims appropriately match the access token claims

Returns nil on success and error on failure.

func (*TokenAuth) ValidatePermissionsClaim ¶

func (t *TokenAuth) ValidatePermissionsClaim(claims *Claims, requiredPermissions []string) error

ValidatePermissionsClaim will validate that the provided token claims contain one or more of the required permissions

Returns nil on success and error on failure.

func (*TokenAuth) ValidateScopeClaim ¶

func (t *TokenAuth) ValidateScopeClaim(claims *Claims, requiredScope string) error

ValidateScopeClaim will validate that the provided token claims contain the required scope

If an empty required scope is provided, the claims must contain a valid global scope such as 'all' or '{service}:all'
Returns nil on success and error on failure.

Source Files ¶

View all Source files

token.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL