Documentation ¶
Index ¶
Constants ¶
View Source
const ( // HeaderAuthorizationType = "Authorization-Type" // AuthorizationTypeIDToken = "ID_TOKEN" // AuthorizationTypeAccessToken = "ACCESS_TOKEN" // TokenTypeBearer = "Bearer" ContextHeaderAuthorizationType = "Authorization-TYPE" AuthorizationTypeIDToken = "ID_TOKEN" AuthorizationTypeAccessToken = "ACCESS_TOKEN" TokenTypeBearer = "Bearer" )
View Source
const ( AuthenticationNeedAuth = "servicecomb.authentication.access.needAuth" AuthenticationSignKeyStore = "servicecomb.authentication.sign.keyStore" AuthenticationSignKeyCert = "servicecomb.authentication.sign.cert" )
Variables ¶
View Source
var ( ErrNoHeader = errors.New("no authorization in header") ErrInvalidAuth = errors.New("invalid authentication") )
errors
Functions ¶
func GetPublicKey ¶
Types ¶
type Auth ¶
type Auth struct { SecretFunc token.SecretFunc //required Expire time.Duration Realm string //required //optional. Authorize check whether this request could access some resource or API based on json claims. //Typically, this method should communicate with a RBAC, ABAC system Authorize func(payload map[string]interface{}, req *http.Request) error //optional. // this function control whether a request should be validate or not // if this func is nil, validate all requests. MustAuth func(req *http.Request) bool }
Auth should implement auth logic it is singleton
type Handler ¶
type Handler struct { }
Handler is is a openid interceptor
func (*Handler) Handle ¶
func (h *Handler) Handle(chain *handler.Chain, i *invocation.Invocation, cb invocation.ResponseCallBack)
Handle intercept unauthorized request TODO: 似乎应重定向到登录界面
type JWTClaims ¶
type JWTClaims struct { goJwt.StandardClaims Authorities []string `json:"authorities"` AdditionalInformation map[string]interface{} `json:"additionalInformation"` Scope []string `json:"scope"` }
type OpenIDTokenManager ¶
type OpenIDTokenManager struct { }
func (*OpenIDTokenManager) Verify ¶
func (r *OpenIDTokenManager) Verify(tokenString string, f token.SecretFunc, opts ...token.Option) (map[string]interface{}, error)
type SessionToken ¶
type TokenResponse ¶
type TokenResponse struct { TokenType string `json:"tokenType"` AccessToken *SessionToken `json:"accessToken"` Refreshtoken *SessionToken `json:"refreshToken"` IDToken *JWTToken `json:"idToken"` Scope []string `json:"scope"` }
TokenResponse 查询 ID_TOKEN 的响应信息, 对标 Authentication-Server 实现的 OpenIDToken
func (*TokenResponse) Decode ¶
func (r *TokenResponse) Decode(data []byte) error
Click to show internal directories.
Click to hide internal directories.