Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IntrospectFunc ¶ added in v0.4.0
IntrospectFunc signature for a function to call to introspect
type Introspector ¶ added in v0.4.0
type Introspector interface {
/*
VerifyToken verify a given token
@param ctxt context.Context - the operating context
@param token string - the original token
@param expire int64 - when the token expires
@param timestamp time.Time - the current timestamp
@return whether token is valid
*/
VerifyToken(ctxt context.Context, token string, expire int64, timestamp time.Time) (bool, error)
}
Introspector perform introspection on given token
func DefineIntrospector ¶ added in v0.4.0
func DefineIntrospector(cache TokenCache, introspectCB IntrospectFunc) Introspector
DefineIntrospector defines a new introspector object
@param cache TokenCache - token cache @param introspectCB IntrospectFunc - callback function to use to perform introspection @return new introspector
type OIDSigningJWK ¶
type OIDSigningJWK struct {
Algorithm string `json:"alg"`
Exponent string `json:"e"`
Modulus string `json:"n"`
ID string `json:"kid"`
Type string `json:"kty"`
Use string `json:"use"`
}
OIDSigningJWK the public key used by the OpenID issuer to sign tokens
type OpenIDIssuerClient ¶
type OpenIDIssuerClient interface {
/*
AssociatedPublicKey fetches the associated public based on "kid" value of a JWT token
@param token *jwt.Token - the JWT token to find the public key for
@return public key material
*/
AssociatedPublicKey(token *jwt.Token) (interface{}, error)
/*
ParseJWT parses a string into a JWT token object.
@param raw string - the original JWT string
@param claimStore jwt.Claims - the object to store the claims in
@return the parsed JWT token object
*/
ParseJWT(raw string, claimStore jwt.Claims) (*jwt.Token, error)
/*
CanIntrospect whether the client can perform introspection
@return whether the client can perform introspection
*/
CanIntrospect() bool
/*
IntrospectToken perform introspection for a token
@param ctxt context.Context - the operating context
@param token string - the token to introspect
@return whether token is still valid
*/
IntrospectToken(ctxt context.Context, token string) (bool, error)
}
OpenIDIssuerClient a client to interact with an OpenID issuer
func DefineOpenIDClient ¶
func DefineOpenIDClient( idpConfig common.OpenIDIssuerConfig, httpClient *http.Client, ) (OpenIDIssuerClient, error)
DefineOpenIDClient defines a new OpenID issuer client
@param idpConfig common.OpenIDIssuerConfig - OpenID issuer parameters @param httpClient *http.Client - the HTTP client to use to communicate with the OpenID issuer @return new client instance
type OpenIDIssuerConfig ¶
type OpenIDIssuerConfig struct {
Issuer string `json:"issuer"`
AuthorizationEP string `json:"authorization_endpoint"`
TokenEP string `json:"token_endpoint"`
IntrospectionEP string `json:"introspection_endpoint"`
TokenIntrospectionEP string `json:"token_introspection_endpoint"`
UserinfoEP string `json:"userinfo_endpoint"`
EndSessionEP string `json:"end_session_endpoint"`
JwksURI string `json:"jwks_uri"`
ClientRegistrationEP string `json:"registration_endpoint"`
RevocationEP string `json:"revocation_endpoint"`
TokenEPAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
ClaimsSupported []string `json:"claims_supported"`
}
OpenIDIssuerConfig holds the OpenID issuer's API info.
This is typically read from http://{{ OpenID issuer }}/.well-known/openid-configuration.
The current structure is mainly based around the response from KeyCloak
type TokenCache ¶ added in v0.4.0
type TokenCache interface {
/*
RecordToken cache a new token
@param ctxt context.Context - the operating context
@param token string - the original token
@param expire int64 - when the token expires
@param timestamp time.Time - the current timestamp
@return whether caching was successful
*/
RecordToken(ctxt context.Context, token string, expire int64, timestamp time.Time) error
/*
RecordToken remote a token from cache
@param ctxt context.Context - the operating context
@param token string - the original token
@return whether delete was successful
*/
RemoveToken(ctxt context.Context, token string) error
/*
ValidTokenInCache check whether this token is already cached and valid.
If the token is present, but requires re-validation, this function will remove the
token from cache and indicate no valid token is cached.
@param ctxt context.Context - the operating context
@param token string - the original token
@param timestamp time.Time - the current timestamp
@return whether it is present and valid
*/
ValidTokenInCache(ctxt context.Context, token string, timestamp time.Time) (bool, error)
/*
RemoveExpiredFromCache remove all expired tokens from cache
@param ctxt context.Context - the operating context
@param timestamp time.Time - the current timestamp
@return whether successful
*/
RemoveExpiredFromCache(ctxt context.Context, timestamp time.Time) error
/*
ClearCache remove all entries from cache
@param ctxt context.Context - the operating context
*/
ClearCache(ctxt context.Context)
}
TokenCache cache for recording and fetching tokens encountered
func DefineTokenCache ¶ added in v0.4.0
func DefineTokenCache(refreshInt time.Duration) TokenCache
DefineTokenCache defines a new token cache object
@param refreshInt time.Duration - a token must to be re-validated after this duration @return new cache instance
Source Files
Click to show internal directories.
Click to hide internal directories.