The highest tagged major version is
Documentation
¶
Index ¶
- func BearerAuthFuncGRPC(auth authentication.Authentication, claimInjector ClaimInjectorJWT) grpc_auth.AuthFunc
- func EmailClaimer(ctx context.Context, token jwt.Claims) (context.Context, error)
- func ExtractGRPCAuthEmail(ctx context.Context) (string, error)
- func ExtractGRPCAuthSubject(ctx context.Context) (string, error)
- func ExtractGRPCMetadata(ctx context.Context, key string) (string, error)
- func InjectGRPCAuthEmail(ctx context.Context, email string) context.Context
- func InjectGRPCAuthSubject(ctx context.Context, sub string) context.Context
- func InjectGRPCMetadata(ctx context.Context, key string, value string) context.Context
- func LoggerGRPC(l *zap.Logger) grpc_logging.Logger
- func SubjectClaimer(ctx context.Context, token jwt.Claims) (context.Context, error)
- type ClaimInjectorBehavior
- type ClaimInjectorJWT
- type Extractor
- type Middleware
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BearerAuthFuncGRPC ¶
func BearerAuthFuncGRPC(auth authentication.Authentication, claimInjector ClaimInjectorJWT) grpc_auth.AuthFunc
BearerAuthFuncGRPC returns a new grpc_auth.AuthFunc to use with the gazebo-web authentication library.
The passed in context.Context will contain the gRPC metadata.MD object (for header-based authentication) and the peer.Peer information that can contain transport-based credentials (e.g. `credentials.AuthInfo`).
auth := authentication.New[...]() srv := grpc.NewServer( grpc.StreamInterceptor(grpc_auth.StreamServerInterceptor(BearerAuthFuncGRPC(auth))), grpc.UnaryInterceptor(grpc_auth.UnaryServerInterceptor(BearerAuthFuncGRPC(auth))), )
func EmailClaimer ¶
EmailClaimer is a ClaimInjectorJWT that extracts the "email" custom claim from an incoming JWT token and stores it in the request context.
func ExtractGRPCAuthEmail ¶
ExtractGRPCAuthEmail extracts the custom email (email) claim from the context metadata. This claim is usually injected in a middleware such as BearerToken or BearerAuthFuncGRPC, if present.
This claim is expected in those provider that inject an email address in their JWT. Not all providers do such thing.
This function only works with gRPC requests. It returns an error if the metadata couldn't be parsed or the email is not present.
func ExtractGRPCAuthSubject ¶
ExtractGRPCAuthSubject extracts the authentication subject (sub) claim from the context metadata. This claim is usually injected in a middleware such as BearerToken or BearerAuthFuncGRPC, if present.
From the RFC7519, section 4.1.2: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
The "sub" (subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject. The subject value MUST either be scoped to be locally unique in the context of the issuer or be globally unique. The processing of this claim is generally application specific. The "sub" value is a case-sensitive string containing a StringOrURI value.
This function only works with gRPC requests. It returns an error if the metadata couldn't be parsed or the subject is not present.
func ExtractGRPCMetadata ¶
ExtractGRPCMetadata extracts the first value of the given key. This only works for gRPC servers, not clients.
func InjectGRPCAuthEmail ¶
InjectGRPCAuthEmail injects the custom email (email) claim into the given context metadata. See ExtractGRPCAuthSubject for information on how to extract this value.
func InjectGRPCAuthSubject ¶
InjectGRPCAuthSubject injects the authentication subject (sub) claim into the given context metadata. See ExtractGRPCAuthSubject for information on how to extract this value.
func InjectGRPCMetadata ¶
InjectGRPCMetadata injects the given key and value into a context using grpc metadata. This only works for gRPC servers, not clients.
func LoggerGRPC ¶
func LoggerGRPC(l *zap.Logger) grpc_logging.Logger
LoggerGRPC adapts zap logger to interceptor logger. Code copied from:
https://github.com/grpc-ecosystem/go-grpc-middleware/blob/a18e1e2bacb23afca0f52b228f6b4efbb5f57822/interceptors/logging/examples/zap/example_test.go#L17
Types ¶
type ClaimInjectorBehavior ¶
ClaimInjectorBehavior is used in combination with ClaimInjectorJWT when grouping different claim injectors by using GroupClaimInjectors.
type ClaimInjectorJWT ¶
ClaimInjectorJWT allows authentication layers to inject JWT claims into a context.Context.
Rules when creating a new claim injector: - Must always return ctx, even in error handlers. - Claim validation might be required depending on the underlying jwt.Claims implementation.
func GroupMandatoryClaimInjectors ¶
func GroupMandatoryClaimInjectors(injectors ...ClaimInjectorJWT) ClaimInjectorJWT
GroupMandatoryClaimInjectors returns a mandatory ClaimInjectorJWT that wraps and calls all provided injectors. This is useful to configure multiple mandatory claim injectors for servers with a single function call. Check groupClaimInjectors to understand how grouping works.
func GroupOptionalClaimInjectors ¶
func GroupOptionalClaimInjectors(injectors ...ClaimInjectorJWT) ClaimInjectorJWT
GroupOptionalClaimInjectors returns an optional ClaimInjectorJWT that wraps and calls all provided injectors. This is useful to configure multiple optional claim injectors for servers with a single function call. Check groupClaimInjectors to understand how grouping works.
type Extractor ¶
Extractor extracts a string value from an HTTP request. It's usually used to extract a header from an HTTP request, but can also be used for extracting a user and password from the body.
There are a few implementations already provided by the request package, for example: Bearer tokens: request.BearerExtractor
type Middleware ¶
Middleware is used to modify or augment the behavior of an HTTP request handler.
func BearerToken ¶
func BearerToken(authentication authentication.Authentication) Middleware
BearerToken returns a Middleware for authenticating users using Bearer Tokens in JWT format.
Source Files