Documentation ¶
Index ¶
- Constants
- type AccessTokenPayload
- type AllowAllAuthnStrategy
- type AllowAllAuthzStrategy
- type AuthProvider
- type AuthRequest
- type AuthenticationError
- type AuthenticationStrategy
- type AuthorizationError
- type AuthorizationStrategy
- type ExpiredRequestError
- type InvalidAccessTokenError
- type InvalidCertificateError
- type InvalidCredentialError
- type InvalidRequestSignatureError
- type MissingCredentialsError
- type ProviderConfig
- type Result
- type ThirdPartyProviderConfig
- type ThirdPartyStrategy
- type TokenValidationCode
Constants ¶
const ( // HeaderIdentity x-identity credential HeaderIdentity = "x-identity" // HeaderTimestamp x-timestamp credential HeaderTimestamp = "x-timestamp" // HeaderAccessToken x-access-token credential HeaderAccessToken = "x-access-token" // HeaderSignature x-signature credential HeaderSignature = "x-signature" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessTokenPayload ¶
type AccessTokenPayload struct { EphemeralKey string `json:"ephemeral_key"` Expiration int64 `json:"exp"` UserID string `json:"user_id"` Version string `json:"version"` }
AccessTokenPayload represents the information in the JWT payload
type AllowAllAuthnStrategy ¶
type AllowAllAuthnStrategy struct{}
AllowAllAuthnStrategy authenticates all requests
func (*AllowAllAuthnStrategy) Authenticate ¶
func (s *AllowAllAuthnStrategy) Authenticate(r *AuthRequest) (Result, error)
Authenticate all requests
type AllowAllAuthzStrategy ¶
type AllowAllAuthzStrategy struct{}
AllowAllAuthzStrategy authorize all requests
func (*AllowAllAuthzStrategy) Authorize ¶
func (di *AllowAllAuthzStrategy) Authorize(r *AuthRequest) (Result, error)
Authorize all requests
type AuthProvider ¶
type AuthProvider interface {
ApproveRequest(r *AuthRequest) (Result, error)
}
AuthProvider auth provider contract
func NewAuthProvider ¶
func NewAuthProvider(authn AuthenticationStrategy, authz AuthorizationStrategy) (AuthProvider, error)
NewAuthProvider retrieves a new AuthProvider
func NewThirdPartyAuthProvider ¶
func NewThirdPartyAuthProvider(config *ThirdPartyProviderConfig) (AuthProvider, error)
NewThirdPartyAuthProvider retrieves a new ThirdPartyProviderConfig
type AuthRequest ¶
AuthRequest request to validate
func MakeFromHTTPRequest ¶
func MakeFromHTTPRequest(r *http.Request, publicBaseURL string) (*AuthRequest, error)
MakeFromHTTPRequest generates a AuthRequest from a http.Request
func (*AuthRequest) Hash ¶
func (r *AuthRequest) Hash() ([]byte, error)
Hash retrieves a SHA256 checksum of the request content
type AuthenticationError ¶
type AuthenticationError struct {
// contains filtered or unexported fields
}
AuthenticationError fail to authenticate request
func (AuthenticationError) Error ¶
func (e AuthenticationError) Error() string
type AuthenticationStrategy ¶
type AuthenticationStrategy interface {
Authenticate(r *AuthRequest) (Result, error)
}
AuthenticationStrategy authentication contract
type AuthorizationError ¶
type AuthorizationError struct {
// contains filtered or unexported fields
}
AuthorizationError fail to authorize request
func (AuthorizationError) Error ¶
func (e AuthorizationError) Error() string
type AuthorizationStrategy ¶
type AuthorizationStrategy interface {
Authorize(r *AuthRequest) (Result, error)
}
AuthorizationStrategy authorization contract
type ExpiredRequestError ¶
type ExpiredRequestError struct {
// contains filtered or unexported fields
}
ExpiredRequestError request has expired
func (ExpiredRequestError) Error ¶
func (e ExpiredRequestError) Error() string
type InvalidAccessTokenError ¶
type InvalidAccessTokenError struct { ErrorCode TokenValidationCode // contains filtered or unexported fields }
InvalidAccessTokenError is a validation error in the JWT
func (InvalidAccessTokenError) Error ¶
func (e InvalidAccessTokenError) Error() string
type InvalidCertificateError ¶
type InvalidCertificateError struct {
// contains filtered or unexported fields
}
InvalidCertificateError certificate is invalid
func (InvalidCertificateError) Error ¶
func (e InvalidCertificateError) Error() string
type InvalidCredentialError ¶
type InvalidCredentialError struct {
// contains filtered or unexported fields
}
InvalidCredentialError one of the credentials in the request is invalid
func (InvalidCredentialError) Error ¶
func (e InvalidCredentialError) Error() string
type InvalidRequestSignatureError ¶
type InvalidRequestSignatureError struct {
// contains filtered or unexported fields
}
InvalidRequestSignatureError request signature is invalid
func (InvalidRequestSignatureError) Error ¶
func (e InvalidRequestSignatureError) Error() string
type MissingCredentialsError ¶
type MissingCredentialsError struct {
// contains filtered or unexported fields
}
MissingCredentialsError a required credential si missing from request
func (MissingCredentialsError) Error ¶
func (e MissingCredentialsError) Error() string
type ProviderConfig ¶
type ProviderConfig struct { Authn AuthenticationStrategy Authz AuthorizationStrategy }
ProviderConfig AuthProvider configuration
type Result ¶
type Result map[string]interface{}
Result auth process output
func NewResultOutput ¶
func NewResultOutput() Result
NewResultOutput retrieves new auth.Result instance
type ThirdPartyProviderConfig ¶
type ThirdPartyProviderConfig struct { Authn AuthenticationStrategy Authz AuthorizationStrategy RequestLifeSpan int64 TrustedKey *ecdsa.PublicKey }
ThirdPartyProviderConfig auth for third party signed tokens
type ThirdPartyStrategy ¶
ThirdPartyStrategy strategy to validate JWT is signed by a trusted third party
func (*ThirdPartyStrategy) Authenticate ¶
func (s *ThirdPartyStrategy) Authenticate(r *AuthRequest) (Result, error)
Authenticate check if the JWT is signed by a trusted third party
type TokenValidationCode ¶
type TokenValidationCode int
TokenValidationCode JWT error code
const ( // TokenFormatError JWT is malformed TokenFormatError TokenValidationCode = 0 // PayloadFormatError JWT payload section is invalid PayloadFormatError TokenValidationCode = 1 // MissingClaimsError JWT payload is missing a required element MissingClaimsError TokenValidationCode = 2 // EphKeyMatchError JWT ephKey do not match the key used to sign the request EphKeyMatchError TokenValidationCode = 3 // ExpiredTokenError JWT expired ExpiredTokenError TokenValidationCode = 4 // InvalidTokenError JWT is invalid InvalidTokenError TokenValidationCode = 5 )