auth

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2024 License: BSD-3-Clause Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExpiresAt 

func ExpiresAt(tks string) (_ time.Time, err error)

func NotBefore 

func NotBefore(tks string) (_ time.Time, err error)

func ParseUnverified 

func ParseUnverified(tks string) (claims *jwt.RegisteredClaims, err error)

Types

type Claims 

type Claims struct {
	jwt.RegisteredClaims
	Name    string `json:"name,omitempty"`
	Email   string `json:"email,omitempty"`
	Picture string `json:"picture,omitempty"`
	Locale  string `json:"locale,omitempty"`
}

type TokenManager 

type TokenManager struct {
	// contains filtered or unexported fields
}

func New 

func New(conf config.AuthConfig) (tm *TokenManager, err error)

New creates a TokenManager with the specified keys which should be a mapping of ULID strings to paths to files that contain PEM encoded RSA private keys. This input is specifically designed for the config environment variable so that keys can be loaded from k8s or vault secrets that are mounted as files on disk.

func NewWithKey 

func NewWithKey(key *rsa.PrivateKey, conf config.AuthConfig) (tm *TokenManager, err error)

func (*TokenManager) CheckGoogleIDToken 

func (tm *TokenManager) CheckGoogleIDToken(ctx context.Context, credential string) (claims *Claims, err error)

func (*TokenManager) CreateAccessToken 

func (tm *TokenManager) CreateAccessToken(claims *Claims) (_ *jwt.Token, err error)

CreateAccessToken from the credential payload or from an previous token if the access token is being reauthorized from previous credentials. Note that the returned token only contains the claims and is unsigned.

func (*TokenManager) CreateRefreshToken 

func (tm *TokenManager) CreateRefreshToken(accessToken *jwt.Token) (refreshToken *jwt.Token, err error)

CreateRefreshToken from the Access token claims with predefined expiration. Note that the returned token only contains the claims and is unsigned.

func (*TokenManager) CreateToken 

func (tm *TokenManager) CreateToken(claims *Claims) *jwt.Token

CreateToken from the claims payload without modifying the claims unless the claims are missing required fields that need to be updated.

func (*TokenManager) CreateTokenPair 

func (tm *TokenManager) CreateTokenPair(claims *Claims) (accessToken, refreshToken string, err error)

CreateTokenPair returns signed access and refresh tokens for the specified claims in one step (since normally users want both an access and a refresh token)!

func (*TokenManager) CurrentKey 

func (tm *TokenManager) CurrentKey() ulid.ULID

CurrentKey returns the ulid of the current key being used to sign tokens.

func (*TokenManager) Parse 

func (tm *TokenManager) Parse(tks string) (claims *Claims, err error)

Parse an access or refresh token verifying its signature but without verifying its claims. This ensures that valid JWT tokens are still accepted but claims can be handled on a case-by-case basis; for example by validating an expired access token during reauthentication.

func (*TokenManager) Sign 

func (tm *TokenManager) Sign(token *jwt.Token) (tks string, err error)

Sign an access or refresh token and return the token string.

func (*TokenManager) Verify 

func (tm *TokenManager) Verify(tks string) (claims *Claims, err error)

Verify an access or a refresh token after parsing and return its claims.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.