Documentation ¶
Overview ¶
Package prototokens contains code for working with tokenpb.ProtoToken
Index ¶
- Variables
- func New(duration time.Duration, opts ...TokenOpt) (*tokenpb.ProtoToken, error)
- type RevocationStorer
- type TokenManager
- type TokenOpt
- type UnimplementedRevocationStorer
- type UnimplementedTokenManager
- func (up *UnimplementedTokenManager) Decode(_ context.Context, _ string) (*tokenpb.SignedToken, error)
- func (up *UnimplementedTokenManager) Encode(_ context.Context, _ *tokenpb.SignedToken) (string, error)
- func (up *UnimplementedTokenManager) GetValidatedToken(_ context.Context, _ *tokenpb.SignedToken) (*tokenpb.ProtoToken, error)
- func (up *UnimplementedTokenManager) RevokeToken(_ context.Context, _ *tokenpb.ProtoToken) error
- func (up *UnimplementedTokenManager) Sign(_ context.Context, _ *tokenpb.ProtoToken) (*tokenpb.SignedToken, error)
- func (up *UnimplementedTokenManager) ValidFor(_ context.Context, _ *tokenpb.SignedToken, _ tokenpb.TokenUsages) error
- func (up *UnimplementedTokenManager) Validate(_ context.Context, _ *tokenpb.SignedToken) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrMarshal is the error from marshalling a token ErrMarshal = fmt.Errorf("error marshalling") // ErrUnmarshal is the error from unmarshaling a token ErrUnmarshal = fmt.Errorf("error unmarshalling") // ErrNotValid is the error when a token is invalid ErrNotValid = fmt.Errorf("token is invalid") // ErrNotValidForUsage is the error when a token is not valid for a specific usage ErrNotValidForUsage = fmt.Errorf("token is not valid for provided usages") // ErrNotYetValid is the error when a token is not yet valid ErrNotYetValid = fmt.Errorf("token is not yet valid") // ErrNoLongerValid is the error when a token is not yet valid ErrNoLongerValid = fmt.Errorf("token is no longer valid") // ErrSign is the error when there is an issue signing a token ErrSign = fmt.Errorf("unable to sign token") // ErrInvalidSignature is the error when the signature is invalid ErrInvalidSignature = fmt.Errorf("signature is invalid") // ErrTamper is the error when a signature does not match the token indicating someone tampered with the token bytes ErrTamper = fmt.Errorf("token appears to be tampered with") // ErrEncode is the error when there is an issue encoding a signed token ErrEncode = fmt.Errorf("unable to encode signed token") // ErrDecode is the error when there is an issue decoding a signed token ErrDecode = fmt.Errorf("unable to decode signed token") // ErrKeyData is the error when the private key data is invalid in some way ErrKeyData = fmt.Errorf("key data is invalid") // ErrOverwrite is the error when you attempt to overwrite a a token's properties after they've been set ErrOverwrite = fmt.Errorf("attempted overwrite of field") // ErrUnimplemented is the error when a [prototokens.TokenManager] has yet to implement the interface fully ErrUnimplemented = fmt.Errorf("functionality not yet implemented") // ErrTokenRevoked is the error when a [tokenpb.ProtoToken] has been revoked ErrTokenRevoked = fmt.Errorf("token has been revoked") )
Functions ¶
Types ¶
type RevocationStorer ¶
type RevocationStorer interface { // Revoke revokes a [tokenpb.ProtoToken] by its identifier // revocationID does not have to be the token's id or sid even // you can just use the signature if you want Revoke(ctx context.Context, revocationID string) error // CheckRevocation checks the store to see if the token has been revoked CheckRevocation(ctx context.Context, revocatonID string) error }
RevocationStorer is an interface for storing tokens that have been revoked
type TokenManager ¶
type TokenManager interface { // Sign signs the token Sign(context.Context, *tokenpb.ProtoToken) (*tokenpb.SignedToken, error) // Decode decodes a signed token from a string representation Decode(context.Context, string) (*tokenpb.SignedToken, error) // Encode encodes a signed token as a string Encode(context.Context, *tokenpb.SignedToken) (string, error) // Validate validates the provided [tokenpb.SignedToken] Validate(context.Context, *tokenpb.SignedToken) error // ValidFor validates if the token can be used for the provided usages ValidFor(context.Context, *tokenpb.SignedToken, tokenpb.TokenUsages) error // GetValidatedToken turns a [tokenpb.SignedToken] into a [tokenpb.ProtoToken] after validation GetValidatedToken(context.Context, *tokenpb.SignedToken) (*tokenpb.ProtoToken, error) // RevokeToken revokes a token RevokeToken(context.Context, *tokenpb.ProtoToken) error }
TokenManager is something that can work with tokenpb.ProtoToken and tokenpb.SignedToken
type TokenOpt ¶
type TokenOpt func(*tokenpb.ProtoToken) error
TokenOpt is an option for creating a token
func WithUsages ¶
func WithUsages(usages ...tokenpb.TokenUsages) TokenOpt
WithUsages sets the valid usages for a token
func WithVendor ¶
WithVendor populates the vendor field for the new token
type UnimplementedRevocationStorer ¶
type UnimplementedRevocationStorer struct{}
UnimplementedRevocationStorer is an implementation for testing and compatibility
func (*UnimplementedRevocationStorer) CheckRevocation ¶
func (urs *UnimplementedRevocationStorer) CheckRevocation(_ context.Context, _ string) error
CheckRevocation checks the store to see if the token has been revoked
func (*UnimplementedRevocationStorer) Revoke ¶
func (urs *UnimplementedRevocationStorer) Revoke(_ context.Context, _ string) error
Revoke revokes a tokenpb.ProtoToken by its identifier revocationID does not have to be the token's id or sid even you can just use the signature if you want
type UnimplementedTokenManager ¶
type UnimplementedTokenManager struct{}
UnimplementedTokenManager is a TokenManager implementation designed to be used for testing and embedding in other implementations to maintain compatibility
func (*UnimplementedTokenManager) Decode ¶
func (up *UnimplementedTokenManager) Decode(_ context.Context, _ string) (*tokenpb.SignedToken, error)
Decode decodes a signed token from a string representation
func (*UnimplementedTokenManager) Encode ¶
func (up *UnimplementedTokenManager) Encode(_ context.Context, _ *tokenpb.SignedToken) (string, error)
Encode encodes a signed token as a string
func (*UnimplementedTokenManager) GetValidatedToken ¶
func (up *UnimplementedTokenManager) GetValidatedToken(_ context.Context, _ *tokenpb.SignedToken) (*tokenpb.ProtoToken, error)
GetValidatedToken turns a tokenpb.SignedToken into a tokenpb.ProtoToken after validation
func (*UnimplementedTokenManager) RevokeToken ¶
func (up *UnimplementedTokenManager) RevokeToken(_ context.Context, _ *tokenpb.ProtoToken) error
RevokeToken revokes a token
func (*UnimplementedTokenManager) Sign ¶
func (up *UnimplementedTokenManager) Sign(_ context.Context, _ *tokenpb.ProtoToken) (*tokenpb.SignedToken, error)
Sign signs the token
func (*UnimplementedTokenManager) ValidFor ¶
func (up *UnimplementedTokenManager) ValidFor(_ context.Context, _ *tokenpb.SignedToken, _ tokenpb.TokenUsages) error
ValidFor validates if the token can be used for the provided usages
func (*UnimplementedTokenManager) Validate ¶
func (up *UnimplementedTokenManager) Validate(_ context.Context, _ *tokenpb.SignedToken) error
Validate validates the provided tokenpb.SignedToken
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package main ...
|
Package main ... |
Package internal contains unexported code
|
Package internal contains unexported code |
managers
|
|
ed25519url
Package ed25519url implements [prototokens.TokenManager] via ed25519 signatures and url-safe encoded strings
|
Package ed25519url implements [prototokens.TokenManager] via ed25519 signatures and url-safe encoded strings |
proto
|
|