warden

package

v0.11.14 Latest Latest Go to latest Published: Jun 15, 2018 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory-am/hydra

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func OAuth2TokenIntrospectionFactory(config *compose.Config, storage interface{}, strategy interface{}) interface{}
func TokenFromRequest(r *http.Request) string
type LocalWarden
type TokenValidator
- func (c *TokenValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, ...) (err error)
type WardenHandler
- func NewHandler(c *config.Config, router *httprouter.Router) *WardenHandler

Constants ¶

View Source

const (
	// TokenAllowedHandlerPath points to the token access request validation endpoint.
	TokenAllowedHandlerPath = "/warden/token/allowed"

	// AllowedHandlerPath points to the access request validation endpoint.
	AllowedHandlerPath = "/warden/allowed"
)

Variables ¶

This section is empty.

Functions ¶

func OAuth2TokenIntrospectionFactory ¶ added in v0.9.12

func OAuth2TokenIntrospectionFactory(config *compose.Config, storage interface{}, strategy interface{}) interface{}

func TokenFromRequest ¶

func TokenFromRequest(r *http.Request) string

Types ¶

type LocalWarden ¶

type LocalWarden struct {
	Warden ladon.Warden
	OAuth2 fosite.OAuth2Provider
	Groups group.Manager

	AccessTokenLifespan time.Duration
	Issuer              string
	L                   logrus.FieldLogger
}

func (*LocalWarden) IsAllowed ¶

func (w *LocalWarden) IsAllowed(ctx context.Context, a *firewall.AccessRequest) error

func (*LocalWarden) TokenAllowed ¶

func (w *LocalWarden) TokenAllowed(ctx context.Context, token string, a *firewall.TokenAccessRequest, scopes ...string) (*firewall.Context, error)

func (*LocalWarden) TokenFromRequest ¶

func (w *LocalWarden) TokenFromRequest(r *http.Request) string

type TokenValidator ¶ added in v0.9.12

type TokenValidator struct {
	oauth2.CoreStrategy
	oauth2.CoreStorage
	ScopeStrategy fosite.ScopeStrategy
}

func (*TokenValidator) IntrospectToken ¶ added in v0.9.12

func (c *TokenValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (err error)

type WardenHandler ¶

type WardenHandler struct {
	H      herodot.Writer
	Warden firewall.Firewall

	ResourcePrefix string
}

WardenHandler is capable of handling HTTP request and validating access tokens and access requests.

func NewHandler ¶

func NewHandler(c *config.Config, router *httprouter.Router) *WardenHandler

func (*WardenHandler) Allowed ¶

func (h *WardenHandler) Allowed(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

swagger:route POST /warden/allowed warden doesWardenAllowAccessRequest

Check if an access request is valid (without providing an access token)

Checks if a subject (typically a user or a service) is allowed to perform an action on a resource. This endpoint requires a subject, a resource name, an action name and a context. If the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ "allowed": false}`, otherwise `{ "allowed": true }` is returned.

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:warden:allowed"],
  "actions": ["decide"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.warden

   Responses:
     200: wardenAccessRequestResponse
     401: genericError
     403: genericError
     500: genericError

func (*WardenHandler) PrefixResource ¶ added in v0.10.0

func (h *WardenHandler) PrefixResource(resource string) string

func (*WardenHandler) SetRoutes ¶

func (h *WardenHandler) SetRoutes(r *httprouter.Router)

func (*WardenHandler) TokenAllowed ¶

func (h *WardenHandler) TokenAllowed(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

swagger:route POST /warden/token/allowed warden doesWardenAllowTokenAccessRequest

Check if an access request is valid (providing an access token)

Checks if a token is valid and if the token subject is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context.

If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ "allowed": false}`.

Extra data set through the `accessTokenExtra` field in the consent flow will be included in the response.

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:warden:token:allowed"],
  "actions": ["decide"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.warden

   Responses:
     200: wardenTokenAccessRequestResponse
     401: genericError
     403: genericError
     500: genericError

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
group

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL