Documentation
¶
Index ¶
Constants ¶
const ( UserContextKey key = iota ChainContextKey key = iota )
Variables ¶
var ( DefaultSubjectHeader = http.CanonicalHeaderKey("X-Auth-User") DefaultIssuerHeader = http.CanonicalHeaderKey("X-Auth-Source") DefaultVerifyHeader = http.CanonicalHeaderKey("X-Auth-Verify") DefaultVerifyHashHeader = http.CanonicalHeaderKey("X-Auth-Hash-Verify") DefaultClaimPrefix = "X-Auth-" )
var (
ErrMissingUser = errors.New("sub or iss has 0 segments")
)
Functions ¶
func CopyTo ¶ added in v0.1.6
CopyTo copies user information from a source http.Request to a destination one this function is useful when proxying requests from one service to another and retaining user information
func PersistUserCtx ¶ added in v0.1.9
PersistUserCtx injects the user/chain claims into a given context.Context.
`chain` or `user` can be nil if only one is required. Nil parameters will not overwrite existing values.
Types ¶
type BaseVerifier ¶
type ChainClaim ¶
type ChainClaim struct {
Subjects []string `json:"subjects"`
Issuers []string `json:"issuers"`
Token string `json:"token"`
TokenHash string `json:"token_hash"` // hash of key used to sign authenticity token
RawClaim string `json:"raw_claim"`
Claims map[string]string `json:"claims"`
}
func GetClaim ¶
func GetClaim(r *http.Request) (*ChainClaim, error)
GetClaim creates a UserClaim from a given http.Request
func GetContextChain ¶ added in v0.1.9
func GetContextChain(ctx context.Context) (*ChainClaim, bool)
GetContextChain returns the user-chain saved into the given context.Context.
May return nil if not processed by a Client.
func GetRequestingChain ¶ added in v0.1.9
func GetRequestingChain(r *http.Request) (*ChainClaim, bool)
GetRequestingChain returns the user-chain saved into the given http.Request.
May return nil if not processed by a Client.
func (*ChainClaim) GetOriginalClaim ¶
func (uc *ChainClaim) GetOriginalClaim(ctx context.Context) (*UserClaim, error)
GetOriginalClaim returns the 1st user within a chain as a new UserClaim
type Client ¶ added in v0.1.6
type Client struct {
// contains filtered or unexported fields
}
Client provides simple utilities for extracting a user from an incoming request
func NewClient ¶ added in v0.1.6
func NewClient(v BaseVerifier) *Client
NewClient creates a new instance of Client
func (*Client) WithOptionalUser ¶ added in v0.3.0
WithOptionalUser provides a http.Handler for injecting user information into the request context.Context if it is given.
func (*Client) WithOptionalUserFunc ¶ added in v0.3.0
func (c *Client) WithOptionalUserFunc(f http.HandlerFunc) http.HandlerFunc
WithOptionalUserFunc provides a http handler function for injecting user information into the request context.Context if it is given.
func (*Client) WithUser ¶ added in v0.1.6
WithUser provides a http.Handler for injecting user information into the request Context
func (*Client) WithUserFunc ¶ added in v0.1.6
func (c *Client) WithUserFunc(f http.HandlerFunc) http.HandlerFunc
WithUserFunc provides a http handler function for injecting user information into the request Context
type UserClaim ¶
type UserClaim struct {
Sub string `json:"sub"` // unique id or DN
Iss string `json:"iss"` // id of issuer (e.g. OIDC url) or DN of CA
Token string `json:"token"` // authenticity token
TokenHash string `json:"token_hash"` // hash of key used to sign authenticity token
Claims map[string]string `json:"claims"`
}
func GetContextUser ¶ added in v0.1.6
GetContextUser returns the user saved into the given context.Context.
May return nil if not processed by a Client.
func GetRequestingUser ¶ added in v0.1.6
GetRequestingUser returns the user saved into the given http.Request.
May return nil if not processed by a Client.
func (*UserClaim) AsUsername ¶
type Verifier ¶
type Verifier struct {
BaseVerifier
// contains filtered or unexported fields
}
func NewVerifier ¶
NewVerifier creates a Verifier and attempts to load the CAP10 public key
Source Files