Documentation

Overview

    Package iap implements auth.Method for GCP's Identity Aware Proxy. It does payload verification according to the guide for using signed headers: https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func AudForGAE

    func AudForGAE(numericProjectID, appID string) string

      AudForGAE returns an audience string for the GAE application as it will be formatted by IAP in the aseertion headers. This is a convenience method. For production use, one should use the cloud.google.com/go/compute/metadata to get the NumericProjectID and AppID properties on process startup.

      func AudForGlobalBackendService

      func AudForGlobalBackendService(projectNumber, backendServiceID string) string

        AudForGlobalBackendService returns an audience string for a GCE or GKE application as it will be formatted by IAP in the aseertion headers. This is a convenience method.

        Types

        type IAPAuthMethod

        type IAPAuthMethod struct {
        	// Aud is the audience string as it should appear in JWTs intended for
        	// validation by your service.
        	Aud string
        	// contains filtered or unexported fields
        }

          IAPAuthMethod implements auth.Method for use with GCP's Identity Aware Proxy.

          func (*IAPAuthMethod) Authenticate

          func (a *IAPAuthMethod) Authenticate(ctx context.Context, r *http.Request) (*auth.User, error)

            Authenticate returns nil if no IAP assertion header is present, a User if authentication is successful, or an error if unable to validate and identify a user from the assertion header.

            Source Files