ginkeycloak

package

v1.5.0 Latest Latest Go to latest Published: Jan 21, 2021 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yangyimincn/gin-keycloak

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Auth(accessCheckFunction AccessCheckFunction, endpoints KeycloakConfig) gin.HandlerFunc
func AuthCheck() func(tc *TokenContainer, ctx *gin.Context) bool
func GroupCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool
func RealmCheck(allowedRoles []string) func(tc *TokenContainer, ctx *gin.Context) bool
func RequestLogger(keys []string, contentKey string) gin.HandlerFunc
func UidCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool
type AccessCheckFunction
type AccessTuple
type BuilderConfig
type Certs
type KeyCloakToken
type KeyEntry
type KeycloakConfig
type RestrictedAccessBuilder
- func NewAccessBuilder(config BuilderConfig) RestrictedAccessBuilder
type ServiceRole
type TokenContainer
- func GetTokenContainer(token *oauth2.Token, config KeycloakConfig) (*TokenContainer, error)
- func (t *TokenContainer) Valid() bool

Constants ¶

This section is empty.

Variables ¶

View Source

var VarianceTimer = 30000 * time.Millisecond

VarianceTimer controls the max runtime of Auth() and AuthChain() middleware

Functions ¶

func Auth ¶

func Auth(accessCheckFunction AccessCheckFunction, endpoints KeycloakConfig) gin.HandlerFunc

func AuthCheck ¶

func AuthCheck() func(tc *TokenContainer, ctx *gin.Context) bool

func GroupCheck ¶

func GroupCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool

func RealmCheck ¶

func RealmCheck(allowedRoles []string) func(tc *TokenContainer, ctx *gin.Context) bool

func RequestLogger ¶

func RequestLogger(keys []string, contentKey string) gin.HandlerFunc

func UidCheck ¶

func UidCheck(at []AccessTuple) func(tc *TokenContainer, ctx *gin.Context) bool

Types ¶

type AccessCheckFunction ¶

type AccessCheckFunction func(tc *TokenContainer, ctx *gin.Context) bool

type AccessTuple ¶

type AccessTuple struct {
	Service string
	Role    string
	Uid     string
}

type BuilderConfig ¶

type BuilderConfig struct {
	Service              string
	Url                  string
	Realm                string
	DisableSecurityCheck bool
}

type Certs ¶

type Certs struct {
	Keys []KeyEntry `json:"keys"`
}

type KeyCloakToken ¶

type KeyCloakToken struct {
	Jti               string                 `json:"jti,omitempty"`
	Exp               int64                  `json:"exp"`
	Nbf               int64                  `json:"nbf"`
	Iat               int64                  `json:"iat"`
	Iss               string                 `json:"iss"`
	Sub               string                 `json:"sub"`
	Typ               string                 `json:"typ"`
	Azp               string                 `json:"azp,omitempty"`
	Nonce             string                 `json:"nonce,omitempty"`
	AuthTime          int64                  `json:"auth_time,omitempty"`
	SessionState      string                 `json:"session_state,omitempty"`
	Acr               string                 `json:"acr,omitempty"`
	ClientSession     string                 `json:"client_session,omitempty"`
	AllowedOrigins    []string               `json:"allowed-origins,omitempty"`
	ResourceAccess    map[string]ServiceRole `json:"resource_access,omitempty"`
	Name              string                 `json:"name"`
	PreferredUsername string                 `json:"preferred_username"`
	GivenName         string                 `json:"given_name,omitempty"`
	FamilyName        string                 `json:"family_name,omitempty"`
	Email             string                 `json:"email,omitempty"`
	RealmAccess       ServiceRole            `json:"realm_access,omitempty"`
}

type KeyEntry ¶

type KeyEntry struct {
	Kid string `json:"kid"`
	Kty string `json:"kty"`
	Alg string `json:"alg"`
	Use string `json:"use"`
	N   string `json:"n"`
	E   string `json:"e"`
}

type KeycloakConfig ¶

type KeycloakConfig struct {
	Url   string
	Realm string
}

type RestrictedAccessBuilder ¶

type RestrictedAccessBuilder interface {
	RestrictButForRole(role string) RestrictedAccessBuilder
	RestrictButForUid(uid string) RestrictedAccessBuilder
	RestrictButForRealm(realmName string) RestrictedAccessBuilder
	Build() gin.HandlerFunc
}

func NewAccessBuilder ¶

func NewAccessBuilder(config BuilderConfig) RestrictedAccessBuilder

type ServiceRole ¶

type ServiceRole struct {
	Roles []string `json:"roles"`
}

type TokenContainer ¶

type TokenContainer struct {
	Token         *oauth2.Token
	KeyCloakToken *KeyCloakToken
}

TokenContainer stores all relevant token information

func GetTokenContainer ¶

func GetTokenContainer(token *oauth2.Token, config KeycloakConfig) (*TokenContainer, error)

func (*TokenContainer) Valid ¶

func (t *TokenContainer) Valid() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL