Documentation ¶
Index ¶
- func GetCapabilities(t Token) (caps []string)
- func GetToken[T Token](ctx context.Context, t *T) (found bool)
- func WithToken[T Token](ctx context.Context, t T) context.Context
- type Authenticator
- type Authenticators
- type Authorizer
- type Credentials
- type CredentialsParser
- type InvalidCredentialsError
- type MissingCredentialsError
- type Scheme
- type Token
- type TokenFactory
- type TokenFactoryOption
- type TokenParser
- type TokenParsers
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetCapabilities ¶
GetCapabilities returns the set of security capabilities associated with the given Token.
If the given Token has a Capabilities method that returns a []string, that method is used to determine the capabilities. Otherwise, this function returns an empty slice.
Types ¶
type Authenticator ¶
type Authenticator interface { // Authenticate verifies the given Token. Authenticate(Token) error }
Authenticator provides a strategy for verifying that a Token is valid beyond just simple parsing. For example, an Authenticator may verify certain roles or capabilities.
type Authenticators ¶
type Authenticators []Authenticator
Authenticators is an aggregate Authenticator.
func (Authenticators) Authenticate ¶
func (as Authenticators) Authenticate(t Token) (err error)
Authenticate applies each contained Authenticator in order. All Authenticators are executed. The returned error, if not nil, will be an aggregate of all errors that occurred.
type Authorizer ¶
type Authorizer interface { // Authorize verifies that the given Token can access a resource. Authorize(resource any, t Token) error }
Authorizer is a strategy for verifying that a given Token has access to resources.
type Credentials ¶
type Credentials struct { // Scheme is the parsing scheme used for the credential value. Scheme Scheme // Value is the raw, unparsed credential information. Value string }
Credentials holds the raw, unparsed token information.
type CredentialsParser ¶
type CredentialsParser interface { // Parse parses the raw, marshaled version of credentials and // returns the Credentials object. Parse(raw string) (Credentials, error) }
CredentialsParser produces Credentials from their serialized form.
type InvalidCredentialsError ¶
type InvalidCredentialsError struct { // Cause represents any lower-level error that occurred, if any. Cause error // Raw represents the raw credentials that couldn't be parsed. Raw string }
InvalidCredentialsError is returned typically by CredentialsParser.Parse to indicate that a raw, serialized credentials were badly formatted.
func (*InvalidCredentialsError) Error ¶
func (err *InvalidCredentialsError) Error() string
func (*InvalidCredentialsError) Unwrap ¶
func (err *InvalidCredentialsError) Unwrap() error
type MissingCredentialsError ¶
type MissingCredentialsError struct { // Cause represents the lower-level error that occurred, if any. Cause error // Reason contains any additional information about the missing credentials. Reason string }
MissingCredentialsError indicates that credentials could not be found. Typically, this error will be returned by code that extracts credentials from some other source, e.g. an HTTP request.
func (*MissingCredentialsError) Error ¶
func (err *MissingCredentialsError) Error() string
func (*MissingCredentialsError) Unwrap ¶
func (err *MissingCredentialsError) Unwrap() error
type Scheme ¶
type Scheme string
Scheme represents how a security token should be parsed. For HTTP, examples of a scheme are "Bearer" and "Basic".
type Token ¶
type Token interface { // Credentials returns the raw, unparsed information used to produce this Token. Credentials() Credentials // Principal is the security subject of this token, e.g. the user name or other // user identifier. Principal() string }
Token is a runtime representation of credentials. This interface will be further customized by infrastructure.
type TokenFactory ¶
type TokenFactory interface { // NewToken accepts a raw, serialized set of credentials and turns it // into a Token. This method executes the workflow of: // // - parsing the serialized credentials into a Credentials // - parsing the Credentials into a Token // - executing any Authenticator rules against the Token NewToken(serialized string) (Token, error) }
TokenFactory brings together the entire authentication workflow. For typical code that uses bascule, this is the primary interface for obtaining Tokens.
func NewTokenFactory ¶
func NewTokenFactory(opts ...TokenFactoryOption) (TokenFactory, error)
NewTokenFactory creates a TokenFactory using the supplied option.
A CredentialParser and at least one (1) TokenParser is required. If either are not supplied, this function returns an error.
type TokenFactoryOption ¶
type TokenFactoryOption interface {
// contains filtered or unexported methods
}
TokenFactoryOption is a configurable option for building a TokenFactory.
func WithAuthenticators ¶
func WithAuthenticators(auth ...Authenticator) TokenFactoryOption
WithAuthenticators adds Authenticator rules to be used by the TokenFactory. Authenticator rules are optional. If omitted, then the TokenFactory will not perform authentication.
func WithCredentialsParser ¶
func WithCredentialsParser(cp CredentialsParser) TokenFactoryOption
WithCredentialsParser establishes the strategy for parsing credentials for the TokenFactory being built. This option is required.
func WithTokenParser ¶
func WithTokenParser(scheme Scheme, tp TokenParser) TokenFactoryOption
WithTokenParser registers a credential scheme with the TokenFactory. This option must be used at least once.
type TokenParser ¶
type TokenParser interface { // Parse turns a Credentials into a Token. This method may validate parts // of the credential's value, but should not perform any authentication itself. Parse(Credentials) (Token, error) }
TokenParser produces tokens from credentials.
type TokenParsers ¶
type TokenParsers map[Scheme]TokenParser
TokenParsers is a registry of parsers based on credential schemes. The zero value of this type is valid and ready to use.
func (TokenParsers) Parse ¶
func (tp TokenParsers) Parse(c Credentials) (Token, error)
Parse chooses a TokenParser based on the Scheme and invokes that parser. If the credential scheme is unsupported, an error is returned.
func (*TokenParsers) Register ¶
func (tp *TokenParsers) Register(scheme Scheme, p TokenParser)
Register adds or replaces the parser associated with the given scheme.