gizmo: Index | Files | Directories

package auth

import ""


Package Files

keys.go verify.go


var ErrBadCreds = errors.New("bad credentials")

ErrBadCreds will always be wrapped when a user's credentials are unexpected. This is so that we can distinguish between a client error from a server error

var TimeNow = func() time.Time { return time.Now() }

TimeNow is used internally to determine the current time. It has been abstracted to this global function as a mechanism to help with testing.

func GetAuthorizationToken Uses

func GetAuthorizationToken(r *http.Request) (string, error)

GetAuthorizationToken will pull the Authorization header from the given request and attempt to retrieve the token within it.

type ClaimSetter Uses

type ClaimSetter interface {
    BaseClaims() *jws.ClaimSet

ClaimSetter is an interface for all incoming claims to implement. This ensures the basic format used by the `jws` package.

type ClaimsDecoderFunc Uses

type ClaimsDecoderFunc func(context.Context, []byte) (ClaimSetter, error)

ClaimsDecoderFunc will expect to convert a JSON payload into the appropriate claims type.

type JSONKey Uses

type JSONKey struct {
    Kty string `json:"kty"`
    Alg string `json:"alg"`
    Use string `json:"use"`
    Kid string `json:"kid"`
    N   string `json:"n"`
    E   string `json:"e"`

JSONKey represents a public or private key in JWK format.

type JSONKeyResponse Uses

type JSONKeyResponse struct {
    Keys []*JSONKey `json:"keys"`

JSONKeyResponse represents a JWK Set object.

type PublicKeySet Uses

type PublicKeySet struct {
    Expiry time.Time
    Keys   map[string]*rsa.PublicKey

PublicKeySet contains a set of keys acquired from a JWKS that has an expiration.

func NewPublicKeySetFromJSON Uses

func NewPublicKeySetFromJSON(payload []byte, ttl time.Duration) (PublicKeySet, error)

NewPublicKeySetFromJSON will accept a JSON payload in the format of the JSONKeyResponse and parse it into a PublicKeySet.

func NewPublicKeySetFromURL Uses

func NewPublicKeySetFromURL(hc *http.Client, url string, defaultTTL time.Duration) (PublicKeySet, error)

NewPublicKeySetFromURL will attempt to fetch a JWKS from the given URL and parse it into a PublicKeySet. The endpoint the URL points to must return the same format as the JSONKeyResponse struct.

func (PublicKeySet) Expired Uses

func (ks PublicKeySet) Expired() bool

Expired will return true if the current key set is expire according to its Expiry field.

func (PublicKeySet) GetKey Uses

func (ks PublicKeySet) GetKey(id string) (*rsa.PublicKey, error)

GetKey will look for the given key ID in the key set and return it, if it exists.

type PublicKeySource Uses

type PublicKeySource interface {
    Get(context.Context) (PublicKeySet, error)

PublicKeySource is to be used by servers who need to acquire public key sets for verifying inbound request's JWTs.

func NewReusePublicKeySource Uses

func NewReusePublicKeySource(ks PublicKeySet, src PublicKeySource) PublicKeySource

NewReusePublicKeySource is a wrapper around PublicKeySources to only fetch a new key set once the current key cache has expired.

type Verifier Uses

type Verifier struct {
    // contains filtered or unexported fields

Verifier is a generic tool for verifying JWT tokens.

func NewVerifier Uses

func NewVerifier(ks PublicKeySource, df ClaimsDecoderFunc, vf VerifyFunc) *Verifier

NewVerifier returns a genric Verifier that will use the given funcs and key source.

func (Verifier) Verify Uses

func (c Verifier) Verify(ctx context.Context, token string) (bool, error)

Verify will accept an opaque JWT token, decode it and verify it.

func (Verifier) VerifyInboundKitContext Uses

func (c Verifier) VerifyInboundKitContext(ctx context.Context) (bool, error)

VerifyInboundKitContext is meant to be used within a go-kit stack that has populated the context with common headers, specficially kit/transport/http.ContextKeyRequestAuthorization.

func (Verifier) VerifyRequest Uses

func (c Verifier) VerifyRequest(r *http.Request) (bool, error)

VerifyRequest will pull the token from the "Authorization" header of the inbound request then decode and verify it.

type VerifyFunc Uses

type VerifyFunc func(context.Context, interface{}) bool

VerifyFunc will be called by the Verify if all other checks on the token pass. Developers should use this to encapsulate any business logic involved with token verification.



Package auth imports 15 packages (graph) and is imported by 3 packages. Updated 2019-10-02. Refresh now. Tools for package owners.