Documentation ¶
Overview ¶
Package security implements authentication / authorization by means of JWT tokens
Index ¶
- func Authorize(required Claim, claims []string) (roles []string, err error)
- func CreateToken(issuer string, key []byte, expiry int, c Claims) (string, error)
- func NewContext(ctx context.Context, u *User) context.Context
- type Claim
- type Claims
- type JWTAuthorization
- type JwtMiddleware
- type JwtOptions
- type JwtTokenPayload
- type MemoryCache
- type StandardClaims
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authorize ¶
Authorize validates the given claims and verifies if they match the required claim a claim entry is in the form "name|url|role"
func CreateToken ¶
CreateToken uses the configuration and supplied parameter to create a new token
Types ¶
type Claim ¶
type Claim struct { // Name of the application Name string // URL of the application URL string // Roles possible roles Roles []string }
Claim defines the authorization requirements
type Claims ¶
type Claims struct { Type string `json:"Type"` DisplayName string `json:"DisplayName"` Email string `json:"Email"` UserID string `json:"UserId"` UserName string `json:"UserName"` GivenName string `json:"GivenName"` Surname string `json:"Surname"` Claims []string `json:"Claims"` }
Claims defines custom JWT claims for the token
type JWTAuthorization ¶
type JWTAuthorization struct { Options JwtOptions Cache *MemoryCache }
JWTAuthorization handles authorizaton of supplied JWT tokens
func NewJWTAuthorization ¶
func NewJWTAuthorization(options JwtOptions, useCache bool) *JWTAuthorization
NewJWTAuthorization creates a new JWTAuthorization instance to speed up processing a cache in the form of a MemoryCache can be initilized
func (*JWTAuthorization) EvaluateToken ¶
func (j *JWTAuthorization) EvaluateToken(token string) (*User, error)
EvaluateToken parses the supplied JWT token and extracts a User object
type JwtMiddleware ¶
type JwtMiddleware struct {
// contains filtered or unexported fields
}
JwtMiddleware is used to authenticate a user based on a token the token is either retrieved by the well known Authorization header or fetched from a cookie
func NewJwtMiddleware ¶
func NewJwtMiddleware(options JwtOptions, settings cookies.Settings, logger logging.Logger) *JwtMiddleware
NewJwtMiddleware creates a new instance using the provided options
func (*JwtMiddleware) JwtContext ¶
func (j *JwtMiddleware) JwtContext(next http.Handler) http.Handler
JwtContext performs the middleware action
type JwtOptions ¶
type JwtOptions struct { // JwtSecret is the jwt signing key JwtSecret string // JwtIssuer specifies identifies the principal that issued the token JwtIssuer string // CookieName specifies the HTTP cookie holding the token CookieName string // RequiredClaim to access the application RequiredClaim Claim // RedirectURL forwards the request to an external authentication service RedirectURL string // CacheDuration defines the duration to cache the JWT token result CacheDuration string // ErrorPath is used if html errors are returned to the client ErrorPath string }
JwtOptions defines presets for the Authentication handler by the default the JWT token is fetched from the Authentication header as a fallback it is possible to fetch the token from a specific cookie
type JwtTokenPayload ¶
type JwtTokenPayload struct { Type string UserName string Email string Claims []string UserID string `json:"UserId"` DisplayName string Surname string GivenName string StandardClaims }
JwtTokenPayload is the parsed contents of the given token
func ParseJwtToken ¶
func ParseJwtToken(token, tokenSecret, issuer string) (JwtTokenPayload, error)
ParseJwtToken parses, validates and extracts data from a jwt token
type MemoryCache ¶
MemoryCache implements a simple cache
func NewMemCache ¶
func NewMemCache(duration time.Duration) *MemoryCache
NewMemCache create a cache with the given TTL
func (*MemoryCache) Get ¶
func (s *MemoryCache) Get(key string) *User
Get returns an Userobject by the given key
func (*MemoryCache) Set ¶
func (s *MemoryCache) Set(key string, user *User)
Set puts an Userobject into the cache
type StandardClaims ¶
type StandardClaims struct { Audience string ExpiresAt int64 ID string IssuedAt int64 Issuer string NotBefore int64 Subject string }
StandardClaims are "reserved" elements of the JWT specification