Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( REVOCATION_TYPE_TOKEN = "TOKEN" REVOCATION_TYPE_CLAIM = "CLAIM" REVOCATION_TYPE_GLOBAL = "GLOBAL" REVOCATION_TYPE_FORCEREFRESH = "FORCEREFRESH" ErrInvalidRevocation = errors.New("Invalid Revocation data") ErrIssuedInFuture = errors.New("Issued in the future") ErrUnsupportedType = errors.New("Unsupported revocation type") ErrMissingClaimName = errors.New("Missing claim name") )
Types of accepted revocations
Functions ¶
func Schedule ¶
Schedule a job (func) to run with a defined time interval between runs. Uses a Ticker so if one run of the job takes longer than the interval, the next run will start directly after the first. e.g. if the interval is set to 5 seconds and one run takes 6 seconds to complete, the next run will start directly after the first (6 seconds) instead of waiting another 5.
Types ¶
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
Cache structure holds all channels for available thread safe operations.
func (*Cache) Add ¶
func (c *Cache) Add(rev *Revocation)
Insert a revocation into the cache. Only allows specific revocation types (i.e. TOKEN, CLAIM, GLOBAL, FORCEREFRESH). REVOCATION_TYPE_TOKEN stores the key as a hash of the JWT. REVOCATION_TYPE_CLAIM stores the key as a hash of the name values (each value separated by a '|') REVOCATION_TYPE_GLOBAL stores the key as 'GLOBAL' as there can only be one golbal revocation. REVOCATION_TYPE_FORCEREFRESH stores the key as 'FORCEREFRESH as there can only be one force refresh.
func (*Cache) Expire ¶
func (c *Cache) Expire()
Expire (delete) elements stored in the cache based on the REVOCATION_CACHE_TTL environment variable.
func (*Cache) ForceRefresh ¶
Delete all elements in the cache that were inserted after the given timestamp parameter. Used in case incorrect data was received from the Revocation Provider.
func (*Cache) Get ¶
Returns the value of a key in the revocation cache. nil if the key does not exist.
func (*Cache) GetClaimNames ¶
Returns an array of all claim names stored in the cache. Used for revoking tokens based on the claim name/value. If a revocation has multiple claim names, there are stored separated by a '|' (e.g. 'name1|name2|. . .|nameN').
type CachingRevokeProvider ¶
type CachingRevokeProvider struct {
// contains filtered or unexported fields
}
Caching provider holds the URL to the Revocation Provider and a reference to the revocation cache. The URL is set with an environment variable: REVOCATION_PROVIDER_URL.
func NewCachingRevokeProvider ¶
func NewCachingRevokeProvider(u *url.URL) *CachingRevokeProvider
Return a new CachingRevokeProvider and start polling the Revocation Provider based on a set interval. Uses the environemnt variables: REVOCATION_PROVIDER_URL and REVOCATION_PROVIDER_REFRESH_INTERVAL.
func (*CachingRevokeProvider) IsJWTRevoked ¶
func (crp *CachingRevokeProvider) IsJWTRevoked(j *jwt.Token) bool
Test if a JWT token is revoked by comparing the token type, the hash (cache key), and the issued at time (iat) of the token. Revocations are checked in the following order GLOBAL, TOKEN, CLAIM. This is to speed up processing time, as GLOBAL and TOKEN revocations are much faster to test than CLAIM (CLAIM has to check each name stored in the cache against the token).
func (*CachingRevokeProvider) RefreshRevocations ¶
func (crp *CachingRevokeProvider) RefreshRevocations()
Polls the Revocation Provider for new revocations and adds them to the revocation cache; handles the Force Refresh condition (e.g. refresh cache from a specific timestamp); expires revocations older than the REVOCATION_CACHE_TTL envionment variable.
type Revocation ¶
Revocation structure used to store a revocation. Used in the cache.