jwks

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2023 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultKeySet 

func DefaultKeySet(ctx context.Context) (jwk.Set, error)

DefaultKeySet fetches a jwk.Set from an environment variable `JWKS_URI` The easiest way to find the jwks uri is to use the `.well-known/openid-configuration` endpoint provided by your IDP

Types

type DefaultJwtAuthenticationService 

type DefaultJwtAuthenticationService struct {
	KeySet           jwk.Set
	UserInfoEndpoint string
	*http.Client
	RoleClaimName string
}

func (DefaultJwtAuthenticationService) AuthenticateForRole added in v0.1.0 

func (j DefaultJwtAuthenticationService) AuthenticateForRole(ctx context.Context, roleName string) (*UserDetails, error)

func (DefaultJwtAuthenticationService) AuthenticateForRoles added in v0.3.0 

func (j DefaultJwtAuthenticationService) AuthenticateForRoles(ctx context.Context, roleNames ...string) (*UserDetails, error)

func (DefaultJwtAuthenticationService) AuthenticateForUser 

func (j DefaultJwtAuthenticationService) AuthenticateForUser(ctx context.Context, userPid string, roleName string) error

AuthenticateForUser checks if the user's token(passed in a context) contains the required role for an operation

func (DefaultJwtAuthenticationService) AuthenticateFromContext 

func (j DefaultJwtAuthenticationService) AuthenticateFromContext(ctx context.Context) (*jwt.Token, error)

AuthenticateFromContext checks the context for authorization validates the token

func (DefaultJwtAuthenticationService) GetClaimsFromRequest 

func (j DefaultJwtAuthenticationService) GetClaimsFromRequest(token *jwt.Token) jwt.MapClaims

GetClaimsFromRequest get all claims from a jwt token

func (DefaultJwtAuthenticationService) GetKey 

func (j DefaultJwtAuthenticationService) GetKey(token *jwt.Token) (interface{}, error)

GetKey get key used to sign the JWT

func (DefaultJwtAuthenticationService) GetSubAndRolesFromRequest 

func (j DefaultJwtAuthenticationService) GetSubAndRolesFromRequest(token *jwt.Token) (string, []string)

GetSubAndRolesFromRequest get a user's sub and the claim to be used as roles cognito uses something like "cognito:groups" while keycloak uses something like "realm_access.roles" if a claim matching the role name is not found, nil is returned as role strings

func (DefaultJwtAuthenticationService) HasRoleAccess 

func (j DefaultJwtAuthenticationService) HasRoleAccess(roles []string, roleName string) bool

HasRoleAccess checks if a list of roles contains a given role

func (DefaultJwtAuthenticationService) LoadUserInfoREST 

func (j DefaultJwtAuthenticationService) LoadUserInfoREST(ctx context.Context, token string) (interface{}, error)

LoadUserInfoREST load user information from a jwt token. note that the token needs to have the openid scope

type Service 

type Service interface {
	GetKey(token *jwt.Token) (interface{}, error)
	LoadUserInfoREST(ctx context.Context, token string) (interface{}, error)
	GetClaimsFromRequest(token *jwt.Token) jwt.MapClaims
	AuthenticateFromContext(ctx context.Context) (*jwt.Token, error)
	GetSubAndRolesFromRequest(token *jwt.Token) (string, []string)
	AuthenticateForUser(ctx context.Context, userPid string, roleName string) error
	AuthenticateForRole(ctx context.Context, roleName string) (*UserDetails, error)
	AuthenticateForRoles(ctx context.Context, roles ...string) (*UserDetails, error)
}

type UserDetails added in v0.1.0 

type UserDetails struct {
	Token *jwt.Token
	Roles []string
	Sub   string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.