manager

package
v0.0.0-...-2d73068 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 13, 2020 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthServiceAccountSigner

func AuthServiceAccountSigner(ctx context.Context) (client.Signer, error)

AuthServiceAccountSigner returns a new JWT signer which uses the Auth Service Account token

func CheckClaims

func CheckClaims(claims *TokenClaims) error

CheckClaims checks if all the required claims are present in the access token

func ContextIdentity

func ContextIdentity(ctx context.Context) (*uuid.UUID, error)

ContextIdentity returns the identity's ID found in given context Uses tokenManager.Locate to fetch the identity of currently logged in user

func ContextWithTokenManager

func ContextWithTokenManager(ctx context.Context, tm interface{}) context.Context

ContextWithTokenManager injects tokenManager in the context for every incoming request Accepts Token.Manager in order to make sure that correct object is set in the context. Only other possible value is nil

func InjectTokenManager

func InjectTokenManager(tokenManager TokenManager) goa.Middleware

InjectTokenManager is a middleware responsible for setting up tokenManager in the context for every request.

func NumberToInt

func NumberToInt(number interface{}) (int64, error)

NumberToInt convert interface{} to int64

Types

type Permissions

type Permissions struct {
	ResourceSetName *string  `json:"resource_set_name"`
	ResourceSetID   *string  `json:"resource_set_id"`
	Scopes          []string `json:"scopes"`
	Expiry          int64    `json:"exp"`
}

Permissions represents a "permissions" claim in the AuthorizationPayload

type TokenClaims

type TokenClaims struct {
	Name          string         `json:"name"`
	Username      string         `json:"preferred_username"`
	GivenName     string         `json:"given_name"`
	FamilyName    string         `json:"family_name"`
	Email         string         `json:"email"`
	EmailVerified bool           `json:"email_verified"`
	Company       string         `json:"company"`
	SessionState  string         `json:"session_state"`
	Approved      bool           `json:"approved"`
	Permissions   *[]Permissions `json:"permissions"`
	jwt.StandardClaims
}

TokenClaims represents access token claims

type TokenManager

type TokenManager interface {
	Parse(ctx context.Context, tokenString string) (*jwt.Token, error)
	PublicKeys() []*rsa.PublicKey
	Locate(ctx context.Context) (uuid.UUID, error)
	ParseToken(ctx context.Context, tokenString string) (*TokenClaims, error)
	ParseTokenWithMapClaims(ctx context.Context, tokenString string) (jwt.MapClaims, error)
	PublicKey(keyID string) *rsa.PublicKey
	JSONWebKeys() token.JSONKeys
	PemKeys() token.JSONKeys
	KeyFunction(context.Context) jwt.Keyfunc
	AuthServiceAccountToken() string
	GenerateServiceAccountToken(saID string, saName string) (string, error)
	GenerateUnsignedServiceAccountToken(saID string, saName string) *jwt.Token
	GenerateUserTokenForAPIClient(ctx context.Context, providerToken oauth2.Token) (*oauth2.Token, error)
	GenerateUserTokenForIdentity(ctx context.Context, identity repository.Identity, offlineToken bool) (*oauth2.Token, error)
	GenerateTransientUserAccessTokenForIdentity(ctx context.Context, identity repository.Identity) (*string, error)
	GenerateUserTokenUsingRefreshToken(ctx context.Context, refreshTokenString string, identity *repository.Identity, permissions []Permissions) (*oauth2.Token, error)
	GenerateUnsignedRPTTokenForIdentity(ctx context.Context, tokenClaims *TokenClaims, identity repository.Identity, permissions *[]Permissions) (*jwt.Token, error)
	SignRPTToken(ctx context.Context, rptToken *jwt.Token) (string, error)
	ConvertTokenSet(tokenSet TokenSet) *oauth2.Token
	ConvertToken(oauthToken oauth2.Token) (*TokenSet, error)
	AddLoginRequiredHeaderToUnauthorizedError(err error, rw http.ResponseWriter)
	AddLoginRequiredHeader(rw http.ResponseWriter)
	AuthServiceAccountSigner() client.Signer
}

TokenManager generates and manages auth tokens

func DefaultManager

func DefaultManager(config TokenManagerConfiguration) (TokenManager, error)

DefaultManager creates the default manager if it has not created yet. This function must be called in main to make sure the default manager is created during service startup. It will try to create the default manager only once even if called multiple times.

func NewTokenManager

func NewTokenManager(config TokenManagerConfiguration) (TokenManager, error)

NewTokenManager returns a new token Manager for handling tokens

func ReadTokenManagerFromContext

func ReadTokenManagerFromContext(ctx context.Context) (TokenManager, error)

ReadTokenManagerFromContext extracts the token manager from the context and returns it

type TokenManagerConfiguration

type TokenManagerConfiguration interface {
	GetServiceAccountPrivateKey() ([]byte, string)
	GetDeprecatedServiceAccountPrivateKey() ([]byte, string)
	GetUserAccountPrivateKey() ([]byte, string)
	GetDeprecatedUserAccountPrivateKey() ([]byte, string)
	GetDevModePublicKey() (bool, []byte, string)
	IsPostgresDeveloperModeEnabled() bool
	GetAccessTokenExpiresIn() int64
	GetRefreshTokenExpiresIn() int64
	GetTransientTokenExpiresIn() int64
	GetAuthServiceURL() string
}

TokenManagerConfiguration represents configuration needed to construct a token manager

type TokenSet

type TokenSet struct {
	AccessToken      *string `json:"access_token,omitempty"`
	ExpiresIn        *int64  `json:"expires_in,omitempty"`
	NotBeforePolicy  *int64  `json:"not-before-policy,omitempty"`
	RefreshExpiresIn *int64  `json:"refresh_expires_in,omitempty"`
	RefreshToken     *string `json:"refresh_token,omitempty"`
	TokenType        *string `json:"token_type,omitempty"`
}

TokenSet represents a set of Access and Refresh tokens

func ReadTokenSetFromJson

func ReadTokenSetFromJson(ctx context.Context, jsonString string) (*TokenSet, error)

ReadTokenSetFromJson parses json with a token set

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL