The highest tagged major version is
Documentation
¶
Overview ¶
Package keychain manages the validation and processing of jwt/oauth tokens
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidToken is return when a token is invalid ErrInvalidToken = TokenValidationError(errors.New("invalid token")) // ErrAccessDenied is returned when a token is not authorized, i.e. invalid or missing scope ErrAccessDenied = TokenValidationError(errors.New("access denied")) )
var ( // ErrInvalidKey is returned when a public key is invalid ErrInvalidKey = errors.New("invalid public key") // ScopeMatchAny will approve/deny on any scope ScopeMatchAny ScopeMatch = "any" // ScopeMatchAll will approve/deny only if all scopes match ScopeMatchAll ScopeMatch = "all" // ValidationActionAllow explicity allow on rule match ValidationActionAllow ValidationAction = "allow" // ValidationActionDeny explicitly deny on rule match ValidationActionDeny ValidationAction = "deny" )
var ( // ContextKeyAuthToken is used by authorization providers to mark the token in a context ContextKeyAuthToken = ContextKey("auth-token") )
Functions ¶
func ImportKeys ¶
ImportKeys import keys in the standard jwks json format
func ImportKeysFromURL ¶
ImportKeysFromURL will fetch and import the public keys from the specified url
func ValidateMiddleware ¶
ValidateMiddleware parses an http request and validate the bearer token and puts it in the request context
Types ¶
type AuthToken ¶
type AuthToken interface {
// ID returns the token identifier
ID() string
// ClientID returns the OAuth client identity
ClientID() string
// Username returns the user for the token or empty if no user is associated
Username() string
// Subject return the subject id
Subject() string
// Audience return the token audience
Audience() string
// ExpiresAt returns the token expiration time
ExpiresAt() int64
// Scope returns the scopes the token has
Scope() []string
// Returns the token use, i.e. access, identity, etc.
Use() string
// Claims returns the token claims
Claims() Claims
// String returns the string value of the token as a signed JWT
String() string
// Returns a context from the token
Context(context.Context) context.Context
}
AuthToken is a driver interface for parsing and using JWT values
func AuthTokenFromContext ¶
AuthTokenFromContext returns the cloud authtoken from the context
func EmptyToken ¶
EmptyToken returns a basic empty client token
func ValidateToken ¶
func ValidateToken(tokenString string, rules ...ValidationRule) (AuthToken, error)
ValidateToken validates a jwt token
type ContextKey ¶
type ContextKey string
ContextKey defines a static context key to be used in context.Context objects
func (ContextKey) String ¶
func (c ContextKey) String() string
type TokenValidationError ¶
type TokenValidationError error
TokenValidationError is returned when a token cannot be validated
type ValidationAction ¶
type ValidationAction string
ValidationAction is the action the explicit validation should take
type ValidationRule ¶
type ValidationRule struct {
// Scopes is the list of scopes to match
Scopes []string
// Match is the rule to match the scopes with
Match ScopeMatch
// Issuers matches the particular issuers
Issuers []string
// Action is the action to perform
Action ValidationAction
// ClientID will match the client id
ClientID *string
// HMACSecret is a secret to use for validation
HMACSecret []byte
}
ValidationRule is a token validation rule
Source Files