tenant

package
v0.2024.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2024 License: GPL-3.0 Imports: 20 Imported by: 0

Documentation

Overview

Package tenant implements issuing tenants Access Tokens based on the OAuth2 client credentials grant. The client presents their client secret, and we issue them an access token and a refresh token.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FirstSuccessfulVerifier 

type FirstSuccessfulVerifier []Verifier

FirstSuccessfulVerifier implements Verifier returning the first successful response from member Verifiers. Each Verifier will be invoked in separate go routines in parallel. The first Verifier to return a non-error will attempt to cancel the remaining Verifier.Verify invocations. If all members return errors then these will be combined and returned from this call.

func (FirstSuccessfulVerifier) Verify 

func (v FirstSuccessfulVerifier) Verify(ctx context.Context, id, secret string) (data SecretData, err error)

type MemoryVerifier 

type MemoryVerifier struct {
	// contains filtered or unexported fields
}

MemoryVerifier implements a primitive, in memory store for client secrets. A zero MemoryVerifier is ready to use as an empty store. Don't copy once accessed. In production, you'd want to store the secrets hashed in a database, so don't use this!

func (*MemoryVerifier) AddRecord 

func (v *MemoryVerifier) AddRecord(data SecretData) error

AddRecord makes the verifier aware of a new record. The record will have no secrets, call MemoryVerifier.CreateSecret to create one.

func (*MemoryVerifier) AddSecret 

func (v *MemoryVerifier) AddSecret(id, secret string) (sId string, err error)

func (*MemoryVerifier) AddSecretHash 

func (v *MemoryVerifier) AddSecretHash(id string, hash []byte) (sId string, err error)

func (*MemoryVerifier) CreateSecret 

func (v *MemoryVerifier) CreateSecret(id string) (sId, secret string, err error)

func (*MemoryVerifier) DeleteRecord 

func (v *MemoryVerifier) DeleteRecord(id string) bool

func (*MemoryVerifier) DeleteSecret 

func (v *MemoryVerifier) DeleteSecret(id, secretId string) bool

func (*MemoryVerifier) ReplaceSecret 

func (v *MemoryVerifier) ReplaceSecret(id, oldSecret string) (secret string, err error)

func (*MemoryVerifier) UpdateSecret 

func (v *MemoryVerifier) UpdateSecret(id, current, replacement string) error

func (*MemoryVerifier) Verify 

func (v *MemoryVerifier) Verify(_ context.Context, id, secret string) (SecretData, error)

type RemoteVerifier 

type RemoteVerifier struct {
	Client gen.TenantApiClient
}

RemoteVerifier implements Verifier by calling TenantApiClient.VerifySecret.

func (*RemoteVerifier) Verify 

func (r *RemoteVerifier) Verify(ctx context.Context, id, secret string) (SecretData, error)

type SecretData 

type SecretData struct {
	Title    string
	TenantID string
	Zones    []string
	Roles    []string
}

func RemoteVerify 

func RemoteVerify(ctx context.Context, id, secret string, client gen.TenantApiClient) (SecretData, error)

RemoteVerify verifies that id and secret are a valid pair using client.

type TokenServer 

type TokenServer struct {
	// contains filtered or unexported fields
}

func NewTokenServer 

func NewTokenServer(name string, opts ...TokenServerOption) (*TokenServer, error)

func (*TokenServer) ServeHTTP 

func (s *TokenServer) ServeHTTP(writer http.ResponseWriter, request *http.Request)

func (*TokenServer) TokenValidator 

func (s *TokenServer) TokenValidator() token.Validator

type TokenServerOption 

type TokenServerOption func(ts *TokenServer)

func WithClientCredentialFlow 

func WithClientCredentialFlow(v Verifier, validity time.Duration) TokenServerOption

func WithLogger 

func WithLogger(logger *zap.Logger) TokenServerOption

func WithPasswordFlow 

func WithPasswordFlow(v Verifier, validity time.Duration) TokenServerOption

type TokenSource 

type TokenSource struct {
	Key    jose.SigningKey
	Issuer string
	Now    func() time.Time
}

func (*TokenSource) GenerateAccessToken 

func (ts *TokenSource) GenerateAccessToken(data SecretData, validity time.Duration) (token string, err error)

func (*TokenSource) ValidateAccessToken 

func (ts *TokenSource) ValidateAccessToken(_ context.Context, tokenStr string) (*token.Claims, error)

type Verifier 

type Verifier interface {
	Verify(ctx context.Context, id, secret string) (SecretData, error)
}

Verifier verifies that an id is associated with a given secret.

func NeverVerify 

func NeverVerify(err error) Verifier

NeverVerify returns a Verifier that always returns the given error.

type VerifierFunc 

type VerifierFunc func(ctx context.Context, id, secret string) (SecretData, error)

VerifierFunc adapts an ordinary func to implement Verifier.

func (VerifierFunc) Verify 

func (v VerifierFunc) Verify(ctx context.Context, id, secret string) (SecretData, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.