identity

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 1, 2021 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	JwtClaimTokenID     = "token_id"
	JwtClaimTokenType   = "token_type"
	JwtClaimRequestorID = "requestor_id"
	JwtClaimUserID      = "user_id"
	JwtClaimIssuedAt    = "iat"
	JwtClaimExpiresAt   = "expires"
	JwtClaimPermissions = "permissions"
)
View Source 
const DefaultTokenPath = "/tmp/victoken"

DefaultTokenPath specifies default directory for persistent JWT storage

Variables

View Source 
var UseClientCert = false

UseClientCert can be set to true to force the use of client certs

Functions

func NewFileProvider 

func NewFileProvider(jwtPath, cloudDir string) (*fileProvider, error)

NewFileProvider creates a new file backed Provider interface implementation

Types

type Provider 

type Provider interface {
	Init() error
	ParseAndStoreToken(token string) (Token, error)
	GetToken() Token
	CertCommonName() string
	TransportCredentials() credentials.TransportCredentials
}

Provider is an interface to manage JWT tokens and TLS certs for a single robot

type Token 

type Token interface {
	IssuedAt() time.Time
	RefreshTime() time.Time
	String() string
	UserID() string
}

Token provides the methods that clients will care about for authenticating and using tokens

type TokenInfo 

type TokenInfo struct {
	// Id is the unique ID of the token.
	Id string

	// Type - Only 'user+robot' is supported right now.
	Type string

	// RequestorId is an identifier for the entity which requested the
	// token. Likely to be the common name of the robot cert
	// (i.e. 'vic:<ESN>', or later an Anki Principal URN)
	RequestorId string

	// UserId is the accounts system ID of the user associated with
	// the requesting entity.
	UserId string

	// IssuedAt is the UTC time when the token was issued.
	IssuedAt time.Time

	// ExpiresAt is the UTC time at which the token is no longer
	// valid. Generally equal to IssuedAt + 24 hours.
	ExpiresAt time.Time

	// PurgeAt is the UTC time at which Dynamo will automatically
	// delete the token. Only used within the Token Service.
	PurgeAt time.Time

	// RevokedAt is the UTC time at which the token was revoked, if it
	// has been revoked. Tokens can be revoked due to account system
	// password changes or account deletion. Only used within the
	// Token Service.
	RevokedAt time.Time

	// Revoked is true if this token has been revoked due to account
	// system changes. Only used within the Token Service.
	Revoked bool

	// Raw is the raw string form of the JWT token, if this Token
	// object was parsed from a JWT token. Only used within the Token
	// Service.
	Raw string

	Permissions map[string]interface{} `json:"permissions,omitempty"`
}

Token is a structured representation of an access token.

func FromJwtToken 

func FromJwtToken(t *jwt.Token) (*TokenInfo, error)

FromJwtToken converts a generic jwt.Token object, parsed from a signed token string, into a Token structure, validating that all the required Anki token claims are present.

func (TokenInfo) IsExpired 

func (t TokenInfo) IsExpired() bool

IsExpired is a simple predicate indicating whether the token's expiration time has passed or not.

func (TokenInfo) JwtToken 

func (t TokenInfo) JwtToken(method jwt.SigningMethod) *jwt.Token

JwtToken converts this Token object to a jwt.Token object suitable for hashing and conversion to a signed string.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.