Documentation
¶
Overview ¶
Package auth provides authentication and authorization utilities.
Package auth provides authentication and authorization utilities.
Package auth provides authentication and authorization utilities.
Package auth provides authentication and authorization utilities.
Index ¶
- Variables
- func AnonymousMiddleware(next http.Handler) http.Handler
- func GetAuthenticationMiddleware(ctx context.Context, oidcConfig *TokenValidatorConfig, allowOpaqueTokens bool) (func(http.Handler) http.Handler, error)
- func GetClaimsFromContext(ctx context.Context) (jwt.MapClaims, bool)
- func LocalUserMiddleware(username string) func(http.Handler) http.Handler
- type ClaimsContextKey
- type OIDCDiscoveryDocument
- type TokenValidator
- type TokenValidatorConfig
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoToken = errors.New("no token provided") ErrInvalidToken = errors.New("invalid token") ErrTokenExpired = errors.New("token expired") ErrInvalidIssuer = errors.New("invalid issuer") ErrInvalidAudience = errors.New("invalid audience") ErrMissingJWKSURL = errors.New("missing JWKS URL") ErrFailedToFetchJWKS = errors.New("failed to fetch JWKS") ErrFailedToDiscoverOIDC = errors.New("failed to discover OIDC configuration") ErrMissingIssuerAndJWKSURL = errors.New("either issuer or JWKS URL must be provided") )
Common errors
Functions ¶
func AnonymousMiddleware ¶ added in v0.0.38
AnonymousMiddleware creates an HTTP middleware that sets up anonymous claims. This is useful for testing and local environments where authorization policies need to work without requiring actual authentication.
The middleware sets up basic anonymous claims that can be used by authorization policies, allowing them to function even when authentication is disabled. This is heavily discouraged in production settings but is handy for testing and local development environments.
func GetAuthenticationMiddleware ¶ added in v0.0.38
func GetAuthenticationMiddleware(ctx context.Context, oidcConfig *TokenValidatorConfig, allowOpaqueTokens bool) (func(http.Handler) http.Handler, error)
GetAuthenticationMiddleware returns the appropriate authentication middleware based on the configuration. If OIDC config is provided, it returns JWT middleware. Otherwise, it returns local user middleware.
func GetClaimsFromContext ¶ added in v0.0.38
GetClaimsFromContext retrieves the claims from the request context. This is a helper function that can be used by authorization policies to access the claims regardless of which middleware was used (JWT, anonymous, or local).
Returns the claims and a boolean indicating whether claims were found.
func LocalUserMiddleware ¶ added in v0.0.38
LocalUserMiddleware creates an HTTP middleware that sets up local user claims. This allows specifying a local username while still bypassing authentication.
This middleware is useful for development and testing scenarios where you want to simulate a specific user without going through the full authentication flow. Like AnonymousMiddleware, this is heavily discouraged in production settings.
Types ¶
type ClaimsContextKey ¶
type ClaimsContextKey struct{}
ClaimsContextKey is the key used to store claims in the request context.
type OIDCDiscoveryDocument ¶ added in v0.0.39
type OIDCDiscoveryDocument struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
JWKSURI string `json:"jwks_uri"`
}
OIDCDiscoveryDocument represents the OIDC discovery document structure
type TokenValidator ¶ added in v0.1.3
type TokenValidator struct {
// contains filtered or unexported fields
}
TokenValidator validates JWT or opaque tokens using OIDC configuration.
func NewTokenValidator ¶ added in v0.1.3
func NewTokenValidator(ctx context.Context, config TokenValidatorConfig, allowOpaqueTokens bool) (*TokenValidator, error)
NewTokenValidator creates a new token validator.
func (*TokenValidator) Middleware ¶ added in v0.1.3
func (v *TokenValidator) Middleware(next http.Handler) http.Handler
Middleware creates an HTTP middleware that validates JWT tokens.
func (*TokenValidator) ValidateToken ¶ added in v0.1.3
func (v *TokenValidator) ValidateToken(ctx context.Context, tokenString string) (jwt.MapClaims, error)
ValidateToken validates a token.
type TokenValidatorConfig ¶ added in v0.1.3
type TokenValidatorConfig struct {
// Issuer is the OIDC issuer URL (e.g., https://accounts.google.com)
Issuer string
// Audience is the expected audience for the token
Audience string
// JWKSURL is the URL to fetch the JWKS from
JWKSURL string
// ClientID is the OIDC client ID
ClientID string
// AllowOpaqueTokens indicates whether to allow opaque tokens (non-JWT)
AllowOpaqueTokens bool
// CACertPath is the path to the CA certificate bundle for HTTPS requests
CACertPath string
// AuthTokenFile is the path to file containing bearer token for authentication
AuthTokenFile string
// AllowPrivateIP allows JWKS/OIDC endpoints on private IP addresses
AllowPrivateIP bool
}
TokenValidatorConfig contains configuration for the token validator.
func NewTokenValidatorConfig ¶ added in v0.1.3
func NewTokenValidatorConfig(issuer, audience, jwksURL, clientID string, allowOpaqueTokens bool) *TokenValidatorConfig
NewTokenValidatorConfig creates a new TokenValidatorConfig with the provided parameters
Source Files
Directories