Documentation ¶
Index ¶
- func DefaultKeySet(ctx context.Context) (jwk.Set, error)
- type DefaultJwtAuthenticationService
- func (j DefaultJwtAuthenticationService) AuthenticateForRole(ctx context.Context, roleName string) (*UserDetails, error)
- func (j DefaultJwtAuthenticationService) AuthenticateForRoles(ctx context.Context, roleNames ...string) (*UserDetails, error)
- func (j DefaultJwtAuthenticationService) AuthenticateForUser(ctx context.Context, userPid string, roleName string) error
- func (j DefaultJwtAuthenticationService) AuthenticateFromContext(ctx context.Context) (*jwt.Token, error)
- func (j DefaultJwtAuthenticationService) GetClaimsFromRequest(token *jwt.Token) jwt.MapClaims
- func (j DefaultJwtAuthenticationService) GetKey(token *jwt.Token) (interface{}, error)
- func (j DefaultJwtAuthenticationService) GetSubAndRolesFromRequest(token *jwt.Token) (string, []string)
- func (j DefaultJwtAuthenticationService) HasRoleAccess(roles []string, roleName string) bool
- func (j DefaultJwtAuthenticationService) LoadUserInfoREST(ctx context.Context, token string) (interface{}, error)
- type Service
- type UserDetails
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type DefaultJwtAuthenticationService ¶
type DefaultJwtAuthenticationService struct { KeySet jwk.Set UserInfoEndpoint string *http.Client RoleClaimName string }
func (DefaultJwtAuthenticationService) AuthenticateForRole ¶ added in v0.1.0
func (j DefaultJwtAuthenticationService) AuthenticateForRole(ctx context.Context, roleName string) (*UserDetails, error)
func (DefaultJwtAuthenticationService) AuthenticateForRoles ¶ added in v0.3.0
func (j DefaultJwtAuthenticationService) AuthenticateForRoles(ctx context.Context, roleNames ...string) (*UserDetails, error)
func (DefaultJwtAuthenticationService) AuthenticateForUser ¶
func (j DefaultJwtAuthenticationService) AuthenticateForUser(ctx context.Context, userPid string, roleName string) error
AuthenticateForUser checks if the user's token(passed in a context) contains the required role for an operation
func (DefaultJwtAuthenticationService) AuthenticateFromContext ¶
func (j DefaultJwtAuthenticationService) AuthenticateFromContext(ctx context.Context) (*jwt.Token, error)
AuthenticateFromContext checks the context for authorization validates the token
func (DefaultJwtAuthenticationService) GetClaimsFromRequest ¶
func (j DefaultJwtAuthenticationService) GetClaimsFromRequest(token *jwt.Token) jwt.MapClaims
GetClaimsFromRequest get all claims from a jwt token
func (DefaultJwtAuthenticationService) GetKey ¶
func (j DefaultJwtAuthenticationService) GetKey(token *jwt.Token) (interface{}, error)
GetKey get key used to sign the JWT
func (DefaultJwtAuthenticationService) GetSubAndRolesFromRequest ¶
func (j DefaultJwtAuthenticationService) GetSubAndRolesFromRequest(token *jwt.Token) (string, []string)
GetSubAndRolesFromRequest get a user's sub and the claim to be used as roles cognito uses something like "cognito:groups" while keycloak uses something like "realm_access.roles" if a claim matching the role name is not found, nil is returned as role strings
func (DefaultJwtAuthenticationService) HasRoleAccess ¶
func (j DefaultJwtAuthenticationService) HasRoleAccess(roles []string, roleName string) bool
HasRoleAccess checks if a list of roles contains a given role
func (DefaultJwtAuthenticationService) LoadUserInfoREST ¶
func (j DefaultJwtAuthenticationService) LoadUserInfoREST(ctx context.Context, token string) (interface{}, error)
LoadUserInfoREST load user information from a jwt token. note that the token needs to have the openid scope
type Service ¶
type Service interface { GetKey(token *jwt.Token) (interface{}, error) LoadUserInfoREST(ctx context.Context, token string) (interface{}, error) GetClaimsFromRequest(token *jwt.Token) jwt.MapClaims AuthenticateFromContext(ctx context.Context) (*jwt.Token, error) GetSubAndRolesFromRequest(token *jwt.Token) (string, []string) AuthenticateForUser(ctx context.Context, userPid string, roleName string) error AuthenticateForRole(ctx context.Context, roleName string) (*UserDetails, error) AuthenticateForRoles(ctx context.Context, roles ...string) (*UserDetails, error) }