bearskin

package module
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2021 License: MIT Imports: 3 Imported by: 0

README

bearskin-verifier

Bearskin is the name of my authentication service. The main bearskin repository is currently private, but might become public some time in the future.

Bearskin generates a JWT token with some claims based on pre-stored information. This is done when a login endpoint is called with a correct set of credentials. The JWT token can only be generated by Bearskin service because it's the only one who knows the private key, but the tokens can be verified by anyone who got the public key.

This library will provide the functionality, and a structured way to verify a JWT token generated by Bearskin. Other services can verify and retrieve the claims without the need of making a call to the Bearskin service.

Example:

claims, err := bearskin.GetClaimsFromVerifiedJwt(PUBLIC_KEY, JWT_TOKEN)

If the JWT token is invalid or there was a problem with the parsing, the claims will be nil, and an error will be returned.
If the JWT token is valid, claims will be of type bearskin.Claims struct with the information from the token, and err will be nil.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckClaimForPermission

func CheckClaimForPermission(claims *Claims, permission string) bool

CheckClaimForPermission is just a shortcut to be able to recurse over the other function.

func CheckPermission

func CheckPermission(publicKey, tokenString, permission string) bool

CheckPermission will checks a token if it contains a given permission.

Types

type Claims

type Claims struct {
	jwt.StandardClaims
	UserID      string       `json:"user-id"`
	Permissions *Permissions `json:"permissions"`
}

Claims are the information that is stored inside a token. If the token was verified correctly, these claims represent the truth.

Permissions is a nested map, with arbitrary depths, with strings for keys and a bool as value. This could be explained by the Backus–Naur form: `Permissions = map[string]Permissions | bool` The ending bool represent weather you

func GetClaimsFromVerifiedJwt

func GetClaimsFromVerifiedJwt(publicKey, tokenString string) (*Claims, error)

GetClaimsFromVerifiedJwt will return the claims if the token is valid. If the token is invalid, nil is returned along with an error.

type Permissions

type Permissions struct {
	Next   map[string]*Permissions `json:"n,omitempty"`
	Permit bool                    `json:"p,omitempty"`
}

Permissions should contain either a Permit or the Next permissions. The Permit property should only considered if the map is nil.

type UnauthorizedError

type UnauthorizedError struct {
	Message string
}

UnauthorizedError is used when the token is invalid, or there was some other error while parsing the claim.

func (UnauthorizedError) Error

func (ue UnauthorizedError) Error() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL