luci: go.chromium.org/luci/server/auth/iap Index | Files

package iap

import "go.chromium.org/luci/server/auth/iap"

Package iap implements auth.Method for GCP's Identity Aware Proxy. It does payload verification according to the guide for using signed headers: https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload

Index

Package Files

iap_method.go

func AudForGAE Uses

func AudForGAE(numericProjectID, appID string) string

AudForGAE returns an audience string for the GAE application as it will be formatted by IAP in the aseertion headers. This is a convenience method. For production use, one should use the cloud.google.com/go/compute/metadata to get the NumericProjectID and AppID properties on process startup.

func AudForGlobalBackendService Uses

func AudForGlobalBackendService(projectNumber, backendServiceID string) string

AudForGlobalBackendService returns an audience string for a GCE or GKE application as it will be formatted by IAP in the aseertion headers. This is a convenience method.

type IAPAuthMethod Uses

type IAPAuthMethod struct {
    // Aud is the audience string as it should appear in JWTs intended for
    // validation by your service.
    Aud string
    // contains filtered or unexported fields
}

IAPAuthMethod implements auth.Method for use with GCP's Identity Aware Proxy.

func (*IAPAuthMethod) Authenticate Uses

func (a *IAPAuthMethod) Authenticate(ctx context.Context, r *http.Request) (*auth.User, error)

Authenticate returns nil if no IAP assertion header is present, a User if authentication is successful, or an error if unable to validate and identify a user from the assertion header.

Package iap imports 8 packages (graph) and is imported by 1 packages. Updated 2020-09-29. Refresh now. Tools for package owners.