auth

package
v0.0.0-...-fdd12d1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 4, 2020 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package auth provides authentication behavior.

Index

Constants

View Source 
const (
	RoleAdmin = "ADMIN"
	RoleUser  = "USER"
)

These are the expected values for Claims.Roles.

View Source 
const Key ctxKey = 1

Key is used to store/retrieve a Claims value from a context.Context.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator is used to authenticate clients. It can generate a token for a set of user claims and recreate the claims by parsing the token.

func NewAuthenticator 

func NewAuthenticator(privateKey *rsa.PrivateKey, activeKID, algorithm string, publicKeyLookupFunc KeyLookupFunc) (*Authenticator, error)

NewAuthenticator creates an *Authenticator for use. It will error if: - The private key is nil. - The public key func is nil. - The key ID is blank. - The specified algorithm is unsupported.

func (*Authenticator) GenerateToken 

func (a *Authenticator) GenerateToken(claims Claims) (string, error)

GenerateToken generates a signed JWT token string representing the user Claims.

func (*Authenticator) ParseClaims 

func (a *Authenticator) ParseClaims(tokenStr string) (Claims, error)

ParseClaims recreates the Claims that were used to generate a token. It verifies that the token was signed using our key.

type Claims 

type Claims struct {
	Roles []string `json:"roles"`
	jwt.StandardClaims
}

Claims represents the authorization claims transmitted via a JWT.

func NewClaims 

func NewClaims(subject string, roles []string, now time.Time, expires time.Duration) Claims

NewClaims constructs a Claims value for the identified user. The Claims expire within a specified duration of the provided time. Additional fields of the Claims can be set after calling NewClaims is desired.

func (Claims) HasRole 

func (c Claims) HasRole(roles ...string) bool

HasRole returns true if the claims has at least one of the provided roles.

type KeyLookupFunc 

type KeyLookupFunc func(kid string) (*rsa.PublicKey, error)

KeyLookupFunc is used to map a JWT key id (kid) to the corresponding public key. It is a requirement for creating an Authenticator.

* Private keys should be rotated. During the transition period, tokens signed with the old and new keys can coexist by looking up the correct public key by key id (kid).

* Key-id-to-public-key resolution is usually accomplished via a public JWKS endpoint. See https://auth0.com/docs/jwks for more details.

func NewSimpleKeyLookupFunc 

func NewSimpleKeyLookupFunc(activeKID string, publicKey *rsa.PublicKey) KeyLookupFunc

NewSimpleKeyLookupFunc is a simple implementation of KeyFunc that only ever supports one key. This is easy for development but in production should be replaced with a caching layer that calls a JWKS endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.