openid

package module

v0.1.0 Latest Latest Go to latest Published: Aug 10, 2022 License: MulanPSL-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ktcatv/openid

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetPublicKey() *rsa.PublicKey
func Init() error
func MustAuth() bool
func SetExpire(duration time.Duration)
func Use(middleware *Auth)
type Auth
type Handler
- func (h *Handler) Handle(chain *handler.Chain, i *invocation.Invocation, cb invocation.ResponseCallBack)
- func (h *Handler) Name() string
type JWTClaims
type JWTToken
type OpenIDTokenManager
- func (r *OpenIDTokenManager) Sign(claims map[string]interface{}, secret interface{}, option ...token.Option) (string, error)
- func (r *OpenIDTokenManager) Verify(tokenString string, f token.SecretFunc, opts ...token.Option) (map[string]interface{}, error)
type SessionToken
type TokenResponse
- func (r *TokenResponse) Decode(data []byte) error

Constants ¶

View Source

const (
	// HeaderAuthorizationType        = "Authorization-Type"
	// AuthorizationTypeIDToken       = "ID_TOKEN"
	// AuthorizationTypeAccessToken   = "ACCESS_TOKEN"
	// TokenTypeBearer                = "Bearer"
	ContextHeaderAuthorizationType = "Authorization-TYPE"
	AuthorizationTypeIDToken       = "ID_TOKEN"
	AuthorizationTypeAccessToken   = "ACCESS_TOKEN"
	TokenTypeBearer                = "Bearer"
)

View Source

const (
	AuthenticationNeedAuth     = "servicecomb.authentication.access.needAuth"
	AuthenticationSignKeyStore = "servicecomb.authentication.sign.keyStore"
	AuthenticationSignKeyCert  = "servicecomb.authentication.sign.cert"
)

Variables ¶

View Source

var (
	ErrNoHeader    = errors.New("no authorization in header")
	ErrInvalidAuth = errors.New("invalid authentication")
)

errors

Functions ¶

func GetPublicKey ¶

func GetPublicKey() *rsa.PublicKey

func Init ¶

func Init() error

func MustAuth ¶

func MustAuth() bool

func SetExpire ¶

func SetExpire(duration time.Duration)

SetExpire reset the expire time

func Use ¶

func Use(middleware *Auth)

Use put a custom auth logic then register handler to chassis

Types ¶

type Auth ¶

type Auth struct {
	SecretFunc token.SecretFunc //required
	Expire     time.Duration
	Realm      string //required

	//optional. Authorize check whether this request could access some resource or API based on json claims.
	//Typically, this method should communicate with a RBAC, ABAC system
	Authorize func(payload map[string]interface{}, req *http.Request) error

	//optional.
	// this function control whether a request should be validate or not
	// if this func is nil, validate all requests.
	MustAuth func(req *http.Request) bool
}

Auth should implement auth logic it is singleton

type Handler ¶

type Handler struct {
}

Handler is is a openid interceptor

func (*Handler) Handle ¶

func (h *Handler) Handle(chain *handler.Chain, i *invocation.Invocation, cb invocation.ResponseCallBack)

Handle intercept unauthorized request TODO: 似乎应重定向到登录界面

func (*Handler) Name ¶

func (h *Handler) Name() string

Name returns the router string

type JWTClaims ¶

type JWTClaims struct {
	goJwt.StandardClaims

	Authorities           []string               `json:"authorities"`
	AdditionalInformation map[string]interface{} `json:"additionalInformation"`
	Scope                 []string               `json:"scope"`
}

type JWTToken ¶

type JWTToken struct {
	Claims *JWTClaims `json:"claims"`
	Value  string     `json:"value"`
}

type OpenIDTokenManager ¶

type OpenIDTokenManager struct {
}

func (*OpenIDTokenManager) Sign ¶

func (r *OpenIDTokenManager) Sign(claims map[string]interface{}, secret interface{}, option ...token.Option) (string, error)

func (*OpenIDTokenManager) Verify ¶

func (r *OpenIDTokenManager) Verify(tokenString string, f token.SecretFunc, opts ...token.Option) (map[string]interface{}, error)

type SessionToken ¶

type SessionToken struct {
	Value                 string                 `json:"value"`
	IssueAt               int64                  `json:"issueAt"`
	ExpiresIn             int64                  `json:"expiresIn"`
	NotBefore             int64                  `json:"notBefore"`
	Username              string                 `json:"username"`
	AdditionalInformation map[string]interface{} `json:"additionalInformation"`
}

type TokenResponse ¶

type TokenResponse struct {
	TokenType    string        `json:"tokenType"`
	AccessToken  *SessionToken `json:"accessToken"`
	Refreshtoken *SessionToken `json:"refreshToken"`
	IDToken      *JWTToken     `json:"idToken"`
	Scope        []string      `json:"scope"`
}

TokenResponse 查询 ID_TOKEN 的响应信息, 对标 Authentication-Server 实现的 OpenIDToken

func (*TokenResponse) Decode ¶

func (r *TokenResponse) Decode(data []byte) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
iam
restfulext

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL