auth

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: MIT Imports: 32 Imported by: 0

README

Authz module

This repository provides all necessary pieces for FOXDEN/CHESS authentication and authorization. It covers kerberos and JWT tokens, it provides necessary middleware for gin framework, etc.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var OAuthProviders map[string]Provider

OAuthProviders contains maps of all participated providers

Functions

func BearerToken added in v0.1.0 

func BearerToken(r *http.Request) string

Helper function to extract bearer token from http request

func FacebookCallBack added in v0.0.3 

func FacebookCallBack(ctx *gin.Context, endpoint string, verbose int)

FacebookCallBack provides gin handler for facebook callback to given endpoint

func FacebookOauthLogin added in v0.0.3 

func FacebookOauthLogin(ctx *gin.Context, verbose int)

FacebookOauthLogin provides gin handler for facebook oauth login

func GithubCallBack added in v0.0.3 

func GithubCallBack(ctx *gin.Context, endpoint string, verbose int)

GithubCallBack provides gin handler for github callback to given endpoint

func GithubOauthLogin added in v0.0.3 

func GithubOauthLogin(ctx *gin.Context, verbose int)

GithubOauthLogin provides gin handler for github oauth login

func GoogleCallBack added in v0.0.3 

func GoogleCallBack(ctx *gin.Context, endpoint string, verbose int)

GoogleCallBack provides gin handler for google callback to given endpoint

func GoogleOauthLogin added in v0.0.3 

func GoogleOauthLogin(ctx *gin.Context, verbose int)

GoogleOauthLogin provides gin handler for google oauth login

func Init 

func Init(providers []string, verbose int)

Init initializes map of OAuth providers

func JWTAccessToken added in v0.0.2 

func JWTAccessToken(secretKey string, expiresAt int64, customClaims CustomClaims) (string, error)

JWTAccessToken generates JWT access token with custom claims https://blog.canopas.com/jwt-in-golang-how-to-implement-token-based-authentication-298c89a26ffd

func RequestToken added in v0.0.1 

func RequestToken(r *http.Request) string

RequestToken gets token from http request

func ScopeTokenMiddleware added in v0.0.2 

func ScopeTokenMiddleware(scope, clientId string, verbose int) gin.HandlerFunc

ScopeTokenMiddleware provides token validation with specific scope

func TokenMiddleware 

func TokenMiddleware(clientId string, verbose int) gin.HandlerFunc

gin cookies https://gin-gonic.com/docs/examples/cookie/ more advanced use-case: https://stackoverflow.com/questions/66289603/use-existing-session-cookie-in-gin-router

func UserCredentials added in v0.0.1 

func UserCredentials(r *http.Request) (string, error)

UserCredentials inspect http request and return user credentials from its token

Types

type Certs 

type Certs struct {
	Keys []Keys
}

Certs represents structure of JWKS uri

type Claims 

type Claims struct {
	jwt.RegisteredClaims
	CustomClaims CustomClaims `json:"custom_claims"`
}

Claims defines our JWT claims

func TokenClaims added in v0.0.1 

func TokenClaims(accessToken, clientId string) (*Claims, error)

TokenClaims returns token claims

type CustomClaims added in v0.0.2 

type CustomClaims struct {
	User        string   `json:"user"`
	Scope       string   `json:"scope"`
	Kind        string   `json:"kind"`
	Roles       []string `json:"roles"`
	Application string   `json:"application"`
}

CustomClaims defines application specific claims

func (*CustomClaims) String added in v0.0.2 

func (c *CustomClaims) String() string

String provides string representations of Custom claims

type Kerberos added in v0.0.1 

type Kerberos struct {
	User   string
	Scope  string
	Ticket []byte
}

Kerberos defines kerberos structure we use

func (*Kerberos) Credentials added in v0.0.1 

func (k *Kerberos) Credentials() (*credentials.Credentials, error)

helper function to check user credentials for POST requests

type Keys 

type Keys struct {
	Kid     string   `json:"kid"`
	Kty     string   `json:"kty"`
	Alg     string   `json:"alg"`
	Use     string   `json:"use"`
	N       string   `json:"n"`
	E       string   `json:"e"`
	X5c     []string `json:"x5c"`
	X5y     string   `json:"x5y"`
	Xt5S256 string   `json:"x5t#S256"`
}

JWKSKeys struct represent structure of JWKS Keys

type OpenIDConfiguration 

type OpenIDConfiguration struct {
	Issuer                string   `json:"issuer"`
	AuthorizationEndpoint string   `json:"authorization_endpoint"`
	TokenEndpoint         string   `json:"token_endpoint"`
	IntrospectionEndpoint string   `json:"introspection_endpoint"`
	UserInfoEndpoint      string   `json:"userinfo_endpoint"`
	EndSessionEndpoint    string   `json:"end_session_endpoint"`
	JWKSUri               string   `json:"jwks_uri"`
	ClaimsSupported       []string `json:"claims_supported"`
	ScopeSupported        []string `json:"scopes_supported"`
	RevocationEndpoint    string   `json:"revocation_endpoint"`
}

OpenIDConfiguration holds configuration for OpenID Provider

type Provider 

type Provider struct {
	URL           string              // provider url
	Configuration OpenIDConfiguration // provider OpenID configuration
	PublicKeys    []publicKey         // Public keys of the provider
	JWKSBody      []byte              // jwks body content of the provider
}

Provider holds all information about given provider

func (*Provider) Init 

func (p *Provider) Init(purl string, verbose int) error

Init function initialize provider configuration

func (*Provider) String 

func (p *Provider) String() string

String provides string representation of provider

type Token 

type Token struct {
	AccessToken string `json:"access_token"`
	Expires     int64  `json:"expires_in"`
	Scope       string `json:"scope"`
	TokenType   string `json:"token_type"`
}

Token represents access token structure

func (*Token) Validate 

func (t *Token) Validate(clientId string) error

Validate performs token validation

type TokenAttributes 

type TokenAttributes struct {
	Subject      string `json:"sub"`           // token subject
	Audiences    string `json:"aud"`           // token audience
	Issuer       string `json:"iss"`           // token issuer
	UserName     string `json:"username"`      // user name
	Active       bool   `json:"active"`        // is token active or not
	SessionState string `json:"session_state"` // session state fields
	ClientID     string `json:"clientId"`      // client id
	Email        string `json:"email"`         // client email address
	Scope        string `json:"scope"`         // scope of the token
	Expiration   int64  `json:"exp"`           // token expiration
	ClientHost   string `json:"clientHost"`    // client host
}

TokenAttributes contains structure of access token attributes

func InspectToken 

func InspectToken(provider Provider, token string, verbose int) (TokenAttributes, error)

InspectToken extracts token attributes

func InspectTokenProviders 

func InspectTokenProviders(token string, providers []string, verbose int) (TokenAttributes, error)

InspectTokenProviders inspects token against all participated providers and return TokenAttributes

type TokenInfo 

type TokenInfo struct {
	AccessToken   string `json:"access_token"`       // access token
	AccessExpire  int64  `json:"expires_in"`         // access token expiration
	RefreshToken  string `json:"refresh_token"`      // refresh token
	RefreshExpire int64  `json:"refresh_expires_in"` // refresh token expireation
	IDToken       string `json:"id_token"`           // id token
}

TokenInfo contains information about all tokens

func (*TokenInfo) String 

func (t *TokenInfo) String() string

String convert TokenInfo into html snippet

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.