verify

package module

v0.0.0-...-9be9bf4 Latest Latest Go to latest Published: Apr 29, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pomerium/verify

Links

Open Source Insights

README ¶

Pomerium Verify service

This example service uses the Pomerium Go SDK to parse and display the contents of the X-Pomerium-Jwt-Assertion header. This can help to validate that a Pomerium deployment is working as expected.

This service is hosted at https://verify.pomerium.com, or you can deploy an instance in your own Pomerium setup.

Configuration options

The service can be configured with the following environment variables:

ADDR

Listen address for the service. If neither ADDR nor PORT is set, the service will listen at :8000.
PORT

Listen address port for the service. If neither ADDR nor PORT is set, the service will listen at :8000.
JWKS_ENDPOINT

Allows setting a static URL to use for fetching the public key(s) for verifying the Pomerium JWT. If unset, keys will be fetched from the domain specified in the JWT aud claim (using the internal Pomerium endpoint at /.well-known/pomerium/jwks.json). Note: in order for this to work correctly, you must define signing_key or signing_key_file in the Pomerium configuration.
EXPECTED_JWT_ISSUER

When set, JWT verification will additionally validate that the issuer claim (iss) matches the given value.
EXPECTED_JWT_AUDIENCE

When set, JWT verification will additionally validate that the audience claim (aud) matches the given value.
GCLOUD_PROJECT

When set to a Firebase project ID, the service will use Cloud Firestore as a storage backend for WebAuthn-related storage. (By default, the service will store this data in memory instead.)

Documentation ¶

Index ¶

Variables
type Option
type Server
- func New(options ...Option) *Server
- func (srv *Server) Run(ctx context.Context) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	DefaultBindAddress  = ":8000"
	DefaultJWKSEndpoint = "" // use the audience
	DefaultProjectID    = firestore.DetectProjectID
)

config defaults

Functions ¶

This section is empty.

Types ¶

type Option ¶

type Option func(cfg *config)

An Option customizes the config.

func WithBindAddress ¶

func WithBindAddress(bindAddress string) Option

WithBindAddress sets the bind address in the config.

func WithExpectedJWTAudience ¶

func WithExpectedJWTAudience(audience string) Option

WithExpectedJWTAudience sets the expected JWT audience claim in the config. If set to the empty string, the audience claim will not be validated.

func WithExpectedJWTIssuer ¶

func WithExpectedJWTIssuer(issuer string) Option

WithExpectedJWTIssuer sets the expected JWT issuer claim in the config. If set to the empty string, the issuer claim will not be validated.

func WithFirestoreProjectID ¶

func WithFirestoreProjectID(projectID string) Option

WithFirestoreProjectID sets the firestore project id in the config.

func WithJWKSEndpoint ¶

func WithJWKSEndpoint(jwksEndpoint string) Option

WithJWKSEndpoint sets the jwks endpoint in the config.

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server is the verify server backend.

func New ¶

func New(options ...Option) *Server

New creates a new Server.

func (*Server) Run ¶

func (srv *Server) Run(ctx context.Context) error

Run runs the server.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
verify
internal
storage

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL