Documentation ¶
Overview ¶
Package keychain manages the validation and processing of jwt/oauth tokens
Index ¶
- Constants
- Variables
- func ImportKeys(keyData []byte) error
- func ImportKeysFromURL(jwksURL string) error
- func ValidateMiddleware(requireAuth bool) negroni.Handler
- type AuthToken
- type Claims
- type ClaimsValidator
- type ContextKey
- type KeyValidator
- type ScopeMatch
- type ScopeValidator
- type TokenValidationError
- type ValidationAction
- type ValidationRule
Constants ¶
const ( // ScopeMatchAny will approve/deny on any scope ScopeMatchAny ScopeMatch = "any" // ScopeMatchAll will approve/deny only if all scopes match ScopeMatchAll ScopeMatch = "all" // ValidationActionNone is returned when there was no match on the validator ValidationActionNone ValidationAction = "none" // ValidationActionAllow explicity allow on rule match ValidationActionAllow ValidationAction = "allow" // ValidationActionDeny explicitly deny on rule match ValidationActionDeny ValidationAction = "deny" )
Variables ¶
var ( // ErrInvalidToken is return when a token is invalid ErrInvalidToken = TokenValidationError(errors.New("invalid token")) // ErrAccessDenied is returned when a token is not authorized, i.e. invalid or missing scope ErrAccessDenied = TokenValidationError(errors.New("access denied")) )
var ( // KeyChain is the chain of validators imported via keychain or environment KeyChain = make([]KeyValidator, 0) // ErrInvalidKey is returned when a public key is invalid ErrInvalidKey = errors.New("invalid public key") )
var ( // ContextKeyAuthToken is used by authorization providers to mark the token in a context ContextKeyAuthToken = ContextKey("auth-token") )
Functions ¶
func ImportKeys ¶
ImportKeys import keys in the standard jwks json format
func ImportKeysFromURL ¶
ImportKeysFromURL will fetch and import the public keys from the specified url
func ValidateMiddleware ¶
ValidateMiddleware parses an http request and validate the bearer token and puts it in the request context
Types ¶
type AuthToken ¶
type AuthToken interface { // ID returns the token identifier ID() string // ClientID returns the OAuth client identity ClientID() string // Username returns the user for the token or empty if no user is associated Username() string // Subject return the subject id Subject() string // Audience return the token audience Audience() string // ExpiresAt returns the token expiration time ExpiresAt() int64 // Scope returns the scopes the token has Scope() []string // Returns the token use, i.e. access, identity, etc. Use() string // Claims returns the token claims Claims() Claims // String returns the string value of the token as a signed JWT String() string // Returns a context from the token Context(context.Context) context.Context }
AuthToken is a driver interface for parsing and using JWT values
func AuthTokenFromContext ¶
AuthTokenFromContext returns the cloud authtoken from the context
func NewToken ¶ added in v2.0.12
NewToken returns a basic empty client jwt authtoken with the claims
func ValidateToken ¶
func ValidateToken(tokenString string, rules ...ValidationRule) (AuthToken, error)
ValidateToken validates a jwt token
type ClaimsValidator ¶ added in v2.0.12
type ClaimsValidator struct { // Issuers matches the particular issuers Issuers []string // Clients matches client ids Clients []string // Audience matches audiences Audience []string // Subject matches subjects Subject []string // Action is the action to perform Action ValidationAction }
ClaimsValidator validates header fields
func (*ClaimsValidator) Validate ¶ added in v2.0.12
func (s *ClaimsValidator) Validate(token *authToken) (ValidationAction, error)
Validate implements the keychain validator interface
type ContextKey ¶
type ContextKey string
ContextKey defines a static context key to be used in context.Context objects
func (ContextKey) String ¶
func (c ContextKey) String() string
type KeyValidator ¶ added in v2.0.3
type KeyValidator struct { // Method is the method to use Method jwt.SigningMethod // Key is the key data Key interface{} // Action is the action to perform Action ValidationAction }
KeyValidator validates a key
func (*KeyValidator) Validate ¶ added in v2.0.3
func (s *KeyValidator) Validate(token *authToken) (ValidationAction, error)
Validate implements the keychain validator interface
type ScopeValidator ¶ added in v2.0.3
type ScopeValidator struct { // Scopes is the list of scopes to match Scopes []string // Match is the rule to match the scopes with Match ScopeMatch // Action is the action to perform Action ValidationAction }
ScopeValidator validates a scope
func (*ScopeValidator) Validate ¶ added in v2.0.3
func (s *ScopeValidator) Validate(token *authToken) (ValidationAction, error)
Validate implements the keychain validator interface
type TokenValidationError ¶
type TokenValidationError error
TokenValidationError is returned when a token cannot be validated
type ValidationAction ¶
type ValidationAction string
ValidationAction is the action the explicit validation should take
type ValidationRule ¶
type ValidationRule interface {
Validate(token *authToken) (ValidationAction, error)
}
ValidationRule is a token validator interface