Documentation ¶
Index ¶
- Variables
- func IsInvalidTokenErr(err error) bool
- type AccessTokenClaims
- type AccessTokenVerifier
- type Claims
- type ExchangeClientOpts
- type IDTokenClaims
- type IDTokenVerifier
- type NoopVerifier
- type TokenExchangeClient
- type TokenExchangeConfig
- type TokenExchangeRequest
- type TokenExhangeResponse
- type TokenType
- type Verifier
- type VerifierBase
- type VerifierConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrFetchingSigningKey = errors.New("unable to fetch signing keys") ErrParseToken = fmt.Errorf("%w: failed to parse as jwt token", errInvalidToken) ErrInvalidTokenType = fmt.Errorf("%w: invalid token type", errInvalidToken) ErrInvalidSigningKey = fmt.Errorf("%w: unrecognized signing key", errInvalidToken) ErrExpiredToken = fmt.Errorf("%w: expired token", errInvalidToken) ErrInvalidAudience = fmt.Errorf("%w: invalid audience", errInvalidToken) )
Functions ¶
func IsInvalidTokenErr ¶
Types ¶
type AccessTokenClaims ¶
type AccessTokenClaims struct { // Namespace takes the form of '<type>-<id>', '*' means all namespaces. // Type can be either org or stack. Namespace string `json:"namespace"` // Access policy scopes Scopes []string `json:"scopes"` // Grafana roles Permissions []string `json:"permissions"` // On-behalf-of user DelegatedPermissions []string `json:"delegatedPermissions"` }
type AccessTokenVerifier ¶
type AccessTokenVerifier struct {
// contains filtered or unexported fields
}
AccessTokenVerifier is a convenient wrapper around `Verifier` used to verify and authenticate Grafana issued AccessTokens.
func NewAccessTokenVerifier ¶
func NewAccessTokenVerifier(cfg VerifierConfig) *AccessTokenVerifier
func NewAccessTokenVerifierWithCache ¶
func NewAccessTokenVerifierWithCache(cfg VerifierConfig, cache cache.Cache) *AccessTokenVerifier
func (*AccessTokenVerifier) Verify ¶
func (e *AccessTokenVerifier) Verify(ctx context.Context, token string) (*Claims[AccessTokenClaims], error)
type ExchangeClientOpts ¶
type ExchangeClientOpts func(c *TokenExchangeClient)
ExchangeClientOpts allows setting custom parameters during construction.
func WithHTTPClient ¶
func WithHTTPClient(client *http.Client) ExchangeClientOpts
WithHTTPClient allows setting the HTTP client to be used by the token exchange client.
type IDTokenClaims ¶
type IDTokenClaims struct { // Namespace takes the form of '<type>-<id>', '*' means all namespaces. // Type can be either org or stack. Namespace string `json:"namespace"` // AuthenticatedBy is the method used to authenticate the identity. AuthenticatedBy string `json:"authenticatedBy"` Email string `json:"email"` EmailVerified string `json:"email_verified"` }
type IDTokenVerifier ¶
type IDTokenVerifier struct {
// contains filtered or unexported fields
}
IDTokenVerifier is a convenient wrapper around `Verifier` used to verify grafana issued id tokens.
func NewIDTokenVerifier ¶
func NewIDTokenVerifier(cfg VerifierConfig) *IDTokenVerifier
func NewIDTokenVerifierWithCache ¶
func NewIDTokenVerifierWithCache(cfg VerifierConfig, cache cache.Cache) *IDTokenVerifier
func (*IDTokenVerifier) Verify ¶
func (e *IDTokenVerifier) Verify(ctx context.Context, token string) (*Claims[IDTokenClaims], error)
type NoopVerifier ¶
type NoopVerifier[T any] struct{}
func NewNoopVerifier ¶
func NewNoopVerifier[T any]() *NoopVerifier[T]
type TokenExchangeClient ¶
type TokenExchangeClient struct {
// contains filtered or unexported fields
}
func NewTokenExchangeClient ¶
func NewTokenExchangeClient(cfg TokenExchangeConfig, opts ...ExchangeClientOpts) (*TokenExchangeClient, error)
func (*TokenExchangeClient) Exhange ¶
func (c *TokenExchangeClient) Exhange(ctx context.Context, r TokenExchangeRequest) (*TokenExhangeResponse, error)
type TokenExchangeConfig ¶
type TokenExchangeConfig struct { // Token used to perform the exchange request. Token string // Url called to perform exhange request. TokenExchangeURL string }
func (*TokenExchangeConfig) RegisterFlags ¶
func (c *TokenExchangeConfig) RegisterFlags(prefix string, fs *flag.FlagSet)
type TokenExchangeRequest ¶
type TokenExhangeResponse ¶
type TokenExhangeResponse struct {
Token string
}
type VerifierBase ¶
type VerifierBase[T any] struct { // contains filtered or unexported fields }
func NewVerifier ¶
func NewVerifier[T any](cfg VerifierConfig, typ TokenType) *VerifierBase[T]
type VerifierConfig ¶
type VerifierConfig struct { SigningKeysURL string `yaml:"signingKeysUrl"` AllowedAudiences jwt.Audience `yaml:"allowedAudiences"` }
func (*VerifierConfig) RegisterFlags ¶
func (c *VerifierConfig) RegisterFlags(prefix string, fs *flag.FlagSet)
Click to show internal directories.
Click to hide internal directories.