keychain

package
v2.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2020 License: Apache-2.0 Imports: 15 Imported by: 1

Documentation

Overview

Package keychain manages the validation and processing of jwt/oauth tokens

Index

Constants

View Source 
const (
	// ScopeMatchAny will approve/deny on any scope
	ScopeMatchAny ScopeMatch = "any"

	// ScopeMatchAll will approve/deny only if all scopes match
	ScopeMatchAll ScopeMatch = "all"

	// ValidationActionNone is returned when there was no match on the validator
	ValidationActionNone ValidationAction = "none"

	// ValidationActionAllow explicity allow on rule match
	ValidationActionAllow ValidationAction = "allow"

	// ValidationActionDeny explicitly deny on rule match
	ValidationActionDeny ValidationAction = "deny"
)

Variables

View Source 
var (
	// ErrInvalidToken is return when a token is invalid
	ErrInvalidToken = TokenValidationError(errors.New("invalid token"))

	// ErrAccessDenied is returned when a token is not authorized, i.e. invalid or missing scope
	ErrAccessDenied = TokenValidationError(errors.New("access denied"))
)
View Source 
var (
	// KeyChain is the chain of validators imported via keychain or environment
	KeyChain = make([]KeyValidator, 0)

	// ErrInvalidKey is returned when a public key is invalid
	ErrInvalidKey = errors.New("invalid public key")
)
View Source 
var (
	// ContextKeyAuthToken is used by authorization providers to mark the token in a context
	ContextKeyAuthToken = ContextKey("auth-token")
)

Functions

func ImportKeys 

func ImportKeys(keyData []byte) error

ImportKeys import keys in the standard jwks json format

func ImportKeysFromURL 

func ImportKeysFromURL(jwksURL string) error

ImportKeysFromURL will fetch and import the public keys from the specified url

func ValidateMiddleware 

func ValidateMiddleware(requireAuth bool) negroni.Handler

ValidateMiddleware parses an http request and validate the bearer token and puts it in the request context

Types

type AuthToken 

type AuthToken interface {
	// ID returns the token identifier
	ID() string

	// ClientID returns the OAuth client identity
	ClientID() string

	// Username returns the user for the token or empty if no user is associated
	Username() string

	// Subject return the subject id
	Subject() string

	// Audience return the token audience
	Audience() string

	// ExpiresAt returns the token expiration time
	ExpiresAt() int64

	// Scope returns the scopes the token has
	Scope() []string

	// Returns the token use, i.e. access, identity, etc.
	Use() string

	// Claims returns the token claims
	Claims() Claims

	// String returns the string value of the token as a signed JWT
	String() string

	// Returns a context from the token
	Context(context.Context) context.Context
}

AuthToken is a driver interface for parsing and using JWT values

func AuthTokenFromContext 

func AuthTokenFromContext(c context.Context) AuthToken

AuthTokenFromContext returns the cloud authtoken from the context

func NewToken added in v2.0.12 

func NewToken(claims Claims) AuthToken

NewToken returns a basic empty client jwt authtoken with the claims

func ValidateToken 

func ValidateToken(tokenString string, rules ...ValidationRule) (AuthToken, error)

ValidateToken validates a jwt token

type Claims 

type Claims = types.StringMap

Claims is an alias from Params (types.StringMap)

type ClaimsValidator added in v2.0.12 

type ClaimsValidator struct {
	// Issuers matches the particular issuers
	Issuers []string

	// Clients matches client ids
	Clients []string

	// Audience matches audiences
	Audience []string

	// Subject matches subjects
	Subject []string

	// Action is the action to perform
	Action ValidationAction
}

ClaimsValidator validates header fields

func (*ClaimsValidator) Validate added in v2.0.12 

func (s *ClaimsValidator) Validate(token *authToken) (ValidationAction, error)

Validate implements the keychain validator interface

type ContextKey 

type ContextKey string

ContextKey defines a static context key to be used in context.Context objects

func (ContextKey) String 

func (c ContextKey) String() string

type KeyValidator added in v2.0.3 

type KeyValidator struct {
	// Method is the method to use
	Method jwt.SigningMethod

	// Key is the key data
	Key interface{}

	// Action is the action to perform
	Action ValidationAction
}

KeyValidator validates a key

func (*KeyValidator) Validate added in v2.0.3 

func (s *KeyValidator) Validate(token *authToken) (ValidationAction, error)

Validate implements the keychain validator interface

type ScopeMatch 

type ScopeMatch string

ScopeMatch defines a scope matching rule

type ScopeValidator added in v2.0.3 

type ScopeValidator struct {
	// Scopes is the list of scopes to match
	Scopes []string

	// Match is the rule to match the scopes with
	Match ScopeMatch

	// Action is the action to perform
	Action ValidationAction
}

ScopeValidator validates a scope

func (*ScopeValidator) Validate added in v2.0.3 

func (s *ScopeValidator) Validate(token *authToken) (ValidationAction, error)

Validate implements the keychain validator interface

type TokenValidationError 

type TokenValidationError error

TokenValidationError is returned when a token cannot be validated

type ValidationAction 

type ValidationAction string

ValidationAction is the action the explicit validation should take

type ValidationRule 

type ValidationRule interface {
	Validate(token *authToken) (ValidationAction, error)
}

ValidationRule is a token validator interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.