Documentation ¶
Overview ¶
Package keychain manages the validation and processing of jwt/oauth tokens
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidToken is return when a token is invalid ErrInvalidToken = TokenValidationError(errors.New("invalid token")) // ErrAccessDenied is returned when a token is not authorized, i.e. invalid or missing scope ErrAccessDenied = TokenValidationError(errors.New("access denied")) )
var ( // ErrInvalidKey is returned when a public key is invalid ErrInvalidKey = errors.New("invalid public key") // ScopeMatchAny will approve/deny on any scope ScopeMatchAny ScopeMatch = "any" // ScopeMatchAll will approve/deny only if all scopes match ScopeMatchAll ScopeMatch = "all" // ValidationActionAllow explicity allow on rule match ValidationActionAllow ValidationAction = "allow" // ValidationActionDeny explicitly deny on rule match ValidationActionDeny ValidationAction = "deny" )
var ( // ContextKeyAuthToken is used by authorization providers to mark the token in a context ContextKeyAuthToken = ContextKey("auth-token") )
Functions ¶
func ImportKeys ¶
ImportKeys import keys in the standard jwks json format
func ImportKeysFromURL ¶
ImportKeysFromURL will fetch and import the public keys from the specified url
func ValidateMiddleware ¶
ValidateMiddleware parses an http request and validate the bearer token and puts it in the request context
Types ¶
type AuthToken ¶
type AuthToken interface { // ID returns the token identifier ID() string // ClientID returns the OAuth client identity ClientID() string // Username returns the user for the token or empty if no user is associated Username() string // Subject return the subject id Subject() string // Audience return the token audience Audience() string // ExpiresAt returns the token expiration time ExpiresAt() int64 // Scope returns the scopes the token has Scope() []string // Returns the token use, i.e. access, identity, etc. Use() string // Claims returns the token claims Claims() Claims // String returns the string value of the token as a signed JWT String() string // Returns a context from the token Context(context.Context) context.Context }
AuthToken is a driver interface for parsing and using JWT values
func AuthTokenFromContext ¶
AuthTokenFromContext returns the cloud authtoken from the context
func EmptyToken ¶
EmptyToken returns a basic empty client token
func ValidateToken ¶
func ValidateToken(tokenString string, rules ...ValidationRule) (AuthToken, error)
ValidateToken validates a jwt token
type ContextKey ¶
type ContextKey string
ContextKey defines a static context key to be used in context.Context objects
func (ContextKey) String ¶
func (c ContextKey) String() string
type TokenValidationError ¶
type TokenValidationError error
TokenValidationError is returned when a token cannot be validated
type ValidationAction ¶
type ValidationAction string
ValidationAction is the action the explicit validation should take
type ValidationRule ¶
type ValidationRule struct { // Scopes is the list of scopes to match Scopes []string // Match is the rule to match the scopes with Match ScopeMatch // Issuers matches the particular issuers Issuers []string // Action is the action to perform Action ValidationAction // ClientID will match the client id ClientID *string // HMACSecret is a secret to use for validation HMACSecret []byte }
ValidationRule is a token validation rule