Documentation ¶
Index ¶
- Constants
- func ApplyCredsInfo(c *aries.C, info *CredsInfo)
- func ClearGateCookie(c *aries.C)
- func TokenCreds(user string, tok *Token) *signinapi.Creds
- func UserData(c *aries.C) interface{}
- type ChallengeSource
- type ChallengeSourceConfig
- type CredsInfo
- type Exchange
- type ExchangeConfig
- type Gate
- func (g *Gate) Check(c *aries.C) (*CredsInfo, error)
- func (g *Gate) CheckAndSetup(c *aries.C) (bool, error)
- func (g *Gate) CheckToken(token, typ string) (*CredsInfo, error)
- func (g *Gate) Serve(c *aries.C) error
- func (g *Gate) Setup(c *aries.C) error
- func (g *Gate) SetupCookie(c *aries.C, user string)
- func (g *Gate) Token(user string, ttl time.Duration) *Token
- type GateConfig
- type PublicKeyExchange
- type SSHCertExchange
- type SSHCertExchangeConfig
- type Token
- type Tokener
Constants ¶
const ( TokenCookie = "cookie" TokenBearer = "bearer" )
Different token types.
Variables ¶
This section is empty.
Functions ¶
func ApplyCredsInfo ¶
ApplyCredsInfo applies the credential into the context.
func ClearGateCookie ¶
ClearGateCookie clears the gate's session cookie.
func TokenCreds ¶
TokenCreds gets the credential from a token.
Types ¶
type ChallengeSource ¶
type ChallengeSource struct {
// contains filtered or unexported fields
}
ChallengeSource is a source that can serve challenges.
func NewChallengeSource ¶
func NewChallengeSource(config *ChallengeSourceConfig) *ChallengeSource
NewChallengeSource creates a challenge source.
func (*ChallengeSource) Serve ¶
func (s *ChallengeSource) Serve( c *aries.C, req *signinapi.ChallengeRequest, ) (*signinapi.ChallengeResponse, error)
Serve serves a challenge.
type ChallengeSourceConfig ¶
ChallengeSourceConfig is the configuration to create a challenge source.
type CredsInfo ¶
type CredsInfo struct { Valid bool NeedRefresh bool TokenType string User string UserLevel int Data interface{} }
CredsInfo is the user credential information got from gate checking.
type Exchange ¶
type Exchange struct {
// contains filtered or unexported fields
}
Exchange exchanges an access tokens for a session token. An access token is a JWT that is signed by a realm CA, as a proof that the client has been authorized to access some resource on behalf of the user for a period of time. The session token is a token that is issued by a local tokener, which can be used to access the API. Checking a session token is often a much light-weight local operation, which does not require querying the central realm.
func NewExchange ¶
func NewExchange(tok Tokener, config *ExchangeConfig) *Exchange
NewExchange creates an exchange that exchnages access tokens for session tokens from tok.
type ExchangeConfig ¶
type ExchangeConfig struct { Audience string Issuer string Card identity.Card Now func() time.Time }
ExchangeConfig is the config for creating an session exchanger that exchanges access tokens for session tokens.
type Gate ¶
type Gate struct {
// contains filtered or unexported fields
}
Gate is a token checking gate that checks the auth token and saves the checking result in the context.
func NewGate ¶
func NewGate(config *GateConfig) *Gate
NewGate creates a new auth token checking gate.
func (*Gate) Check ¶
Check checks the auth token in the context, with the session signature and the check function. It returns if it is valid, if it needs refresh.
func (*Gate) CheckAndSetup ¶
CheckAndSetup checks the user credentials. If the credential is valid it also applies the credential to the context. If the credential is not valid, it clears the cookie. If the credential needs refreshing it refreshes the cookie.
func (*Gate) CheckToken ¶
CheckToken checks a token of a specific type.
func (*Gate) SetupCookie ¶
SetupCookie sets up the cookie for a particular user.
type GateConfig ¶
type GateConfig struct { SessionKey []byte SessionLifeTime time.Duration SessionRefresh time.Duration Check func(user string) (interface{}, int, error) }
GateConfig contains configuration for initializing an identity gate.
type PublicKeyExchange ¶
type PublicKeyExchange struct {
// contains filtered or unexported fields
}
PublicKeyExchange handles sign in using a public key registry. The request presents a signed time using the user's private key to authenticate.
func NewPublicKeyExchange ¶
func NewPublicKeyExchange( tok Tokener, reg keyreg.KeyRegistry, ) *PublicKeyExchange
NewPublicKeyExchange creates a legacy public key based credential exchange where the client presents a signed time with its private key.
type SSHCertExchange ¶
type SSHCertExchange struct {
// contains filtered or unexported fields
}
SSHCertExchange is a service stub that provides session tokens if the user signs a challenge and the SSH certificate of it.
func NewSSHCertExchange ¶
func NewSSHCertExchange(tok Tokener, conf *SSHCertExchangeConfig) ( *SSHCertExchange, error, )
NewSSHCertExchange creates a new SSH certificate exchange that exchanges signed challenges for session tokens.
func (*SSHCertExchange) API ¶
func (s *SSHCertExchange) API() *aries.Router
API returns the API router stub for signing in with SSH certificate credentials.
func (*SSHCertExchange) AddAPI ¶
func (s *SSHCertExchange) AddAPI(r *aries.Router)
AddAPI adds the API to under /ssh .
type SSHCertExchangeConfig ¶
type SSHCertExchangeConfig struct { CAPublicKey []byte `json:",omitempty"` CAPublicKeyFunc func() ([]byte, error) `json:",omitempty"` CAPublicKeyFile string `json:",omitempty"` ChallengeKey []byte // Time function for checking certificate. It is not used for // token generation. Now func() time.Time }
SSHCertExchangeConfig is the configuration to create an SSH certificate signin stub.