authorize

package

v0.5.0 Latest Latest Go to latest Published: Jan 24, 2019 License: Apache-2.0 Imports: 6 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Bplotka/oidc

Links

Open Source Insights

Documentation ¶

Index ¶

func IsRequestAuthorized(req *http.Request, a Authorizer, headerName string) error
type Authorizer
- func New(ctx context.Context, config Config) (Authorizer, error)
type Condition
type Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsRequestAuthorized ¶

func IsRequestAuthorized(req *http.Request, a Authorizer, headerName string) error

Types ¶

type Authorizer ¶

type Authorizer interface {
	// Returns nil if token gives authority for the user.
	IsAuthorized(ctx context.Context, token string) error
}

func New ¶

func New(ctx context.Context, config Config) (Authorizer, error)

type Condition ¶

type Condition struct {
	// contains filtered or unexported fields
}

Condition is used to check whether user with tokenPerms has access.

func AND ¶

func AND(conditions ...Condition) (Condition, error)

AND is an array of conditions with logic AND. If no condition is passed it returns false.

func Contains ¶

func Contains(perm string) Condition

Contains is an condition that returns true token perms contains given permission.

func OR ¶

func OR(conditions ...Condition) (Condition, error)

OR is an array of conditions with logic OR. If no condition is passed it returns false.

type Config ¶

type Config struct {
	// OIDC issuer url.
	Provider string
	// Expected Audience of the token. For a majority of the cases this is expected to be
	// the ID of the client that initialized the login flow. It may occasionally differ if
	// the provider supports the authorizing party (azp) claim.
	ClientID string
	// Claim name that contains user permissions (sometimes called 'group')
	PermsClaim string

	// Permission condition that will authorize token.
	PermCondition Condition
}

Config is an authorize configuration. TODO(bwplotka): Add proper unmarshaller/marshaller for that data struct.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL