auth

Documentation

Index

• Variables
• type Auth
  • func New(uriJwkEndpoint, jwtAudience, jwtIssuer string, options ...Option) *Auth
  • func (auth *Auth) HandleSecure(next httprouter.Handle, claimHandler ClaimHandler) httprouter.Handle
• type ClaimHandler
• type Claims
• type Option
  • func JwkCacheMaxKeyAge(keyAge time.Duration) Option
  • func JwkDownloaderTimeout(timeout time.Duration) Option
  • func JwtSignatureAlgorithm(alg jose.SignatureAlgorithm) Option
  • func WithLogger(logger zerolog.Logger) Option

Variables

var HasRealmRole = func(role string) ClaimHandler {
	return func(claims Claims) error {
		for _, roleInToken := range claims.RealmAccess.Roles {
			if role == roleInToken {
				return nil
			}
		}
		return fmt.Errorf("Role %s not given", role)
	}
}

var NoClaimHandler = func(claims Claims) error {
	return nil
}

Types

type Auth

type Auth struct {
	// contains filtered or unexported fields
}

func New

func New(uriJwkEndpoint, jwtAudience, jwtIssuer string, options ...Option) *Auth

func (*Auth) HandleSecure

func (auth *Auth) HandleSecure(next httprouter.Handle, claimHandler ClaimHandler) httprouter.Handle

type ClaimHandler

type ClaimHandler func(claims Claims) error

type Claims

type Claims struct {
	jwt.Claims

	Scope             string         `json:"scope,omitempty"`
	PreferredUsername string         `json:"preferred_username,omitempty"`
	RealmAccess       realmAccess    `json:"realm_access,omitempty"`
	ResourceAccess    resourceAccess `json:"resource_access,omitempty"`
}

type Option

type Option func(auth *Auth)

Option represents an option for the api

func JwkCacheMaxKeyAge

func JwkCacheMaxKeyAge(keyAge time.Duration) Option

func JwkDownloaderTimeout

func JwkDownloaderTimeout(timeout time.Duration) Option

func JwtSignatureAlgorithm

func JwtSignatureAlgorithm(alg jose.SignatureAlgorithm) Option

func WithLogger

func WithLogger(logger zerolog.Logger) Option

WithLogger adds a configured Logger to the auth