Documentation ¶
Index ¶
- Constants
- func ApplyCredsInfo(c *aries.C, info *CredsInfo)
- func ClearCookie(c *aries.C)
- type Challenger
- type ChallengerConfig
- type Config
- type CredsInfo
- type Exchange
- type ExchangeConfig
- type Gate
- func (g *Gate) Check(c *aries.C) (*CredsInfo, error)
- func (g *Gate) CheckAndSetup(c *aries.C) (bool, error)
- func (g *Gate) CheckToken(token, typ string) (*CredsInfo, error)
- func (g *Gate) Serve(c *aries.C) error
- func (g *Gate) Setup(c *aries.C) error
- func (g *Gate) SetupCookie(c *aries.C, user string)
- func (g *Gate) Token(user string, ttl time.Duration) *signin.Token
- type LegacyExchange
- type SSHCertExchange
- type SSHCertExchangeConfig
Constants ¶
const ( TokenCookie = "cookie" TokenBearer = "bearer" )
Different token types.
Variables ¶
This section is empty.
Functions ¶
func ApplyCredsInfo ¶
ApplyCredsInfo applies the credential into the aries context.
Types ¶
type Challenger ¶
type Challenger struct {
// contains filtered or unexported fields
}
Challenger is a source that can serve challenges.
func NewChallenger ¶
func NewChallenger(config *ChallengerConfig) *Challenger
NewChallenger creates a challenge source.
func (*Challenger) Check ¶
func (s *Challenger) Check(bs []byte) (*timeutil.Challenge, error)
Check checks if a challenge is valid.
func (*Challenger) Serve ¶
func (s *Challenger) Serve( c *aries.C, req *signinapi.ChallengeRequest, ) (*signinapi.ChallengeResponse, error)
Serve serves a challenge.
type ChallengerConfig ¶
type ChallengerConfig struct { Signer *signer.Signer Now func() time.Time Rand io.Reader Window time.Duration }
ChallengerConfig is the configuration to create a challenge source.
type Config ¶
type Config struct { Sessions *signer.Sessions SessionKey []byte SessionLifeTime time.Duration Check func(user string) (interface{}, int, error) }
Config contains configuration for initializing an identity gate.
type CredsInfo ¶
type CredsInfo struct { Valid bool NeedRefresh bool TokenType string User string UserLevel int Data interface{} }
CredsInfo is the user credential information got from gate checking.
type Exchange ¶
type Exchange struct {
// contains filtered or unexported fields
}
Exchange exchanges an access tokens for a session token. An access token is a JWT that is signed by a realm CA, as a proof that the client has been authorized to access some resource on behalf of the user for a period of time. The session token is a token that is issued by a local tokener, which can be used to access the API. Checking a session token is often a much light-weight local operation, which does not require querying the central realm.
func NewExchange ¶
func NewExchange(tok signin.Tokener, config *ExchangeConfig) *Exchange
NewExchange creates an exchange that exchnages access tokens for session tokens from tok.
type ExchangeConfig ¶
type ExchangeConfig struct { Audience string Issuer string Card identity.Card Now func() time.Time }
ExchangeConfig is the config for creating an session exchanger that exchanges access tokens for session tokens.
type Gate ¶
type Gate struct {
// contains filtered or unexported fields
}
Gate is a token checking gate that checks the session token and saves the checking result in the context.
func (*Gate) Check ¶
Check checks the auth token in the context, with the session signature and the check function. It returns if it is valid, if it needs refresh.
func (*Gate) CheckAndSetup ¶
CheckAndSetup checks the user credentials. If the credential is valid it also applies the credential to the context. If the credential is not valid, it clears the cookie. If the credential needs refreshing it refreshes the cookie.
func (*Gate) CheckToken ¶
CheckToken checks a token of a specific type.
func (*Gate) SetupCookie ¶
SetupCookie sets up the cookie for a particular user.
type LegacyExchange ¶
type LegacyExchange struct {
// contains filtered or unexported fields
}
LegacyExchange handles sign in using a public key registry. The request presents a signed time using the user's private key to authenticate.
func NewLegacyExchange ¶
func NewLegacyExchange( tok signin.Tokener, reg keyreg.KeyRegistry, ) *LegacyExchange
NewLegacyExchange creates a legacy public key based credential exchange where the client presents a signed time with its private key.
type SSHCertExchange ¶
type SSHCertExchange struct {
// contains filtered or unexported fields
}
SSHCertExchange is a service stub that provides session tokens if the user signs a challenge and the SSH certificate of it.
func NewSSHCertExchange ¶
func NewSSHCertExchange(tok signin.Tokener, conf *SSHCertExchangeConfig) ( *SSHCertExchange, error, )
NewSSHCertExchange creates a new SSH certificate exchange that exchanges signed challenges for session tokens.
func (*SSHCertExchange) API ¶
func (s *SSHCertExchange) API() *aries.Router
API returns the API router stub for signing in with SSH certificate credentials.
func (*SSHCertExchange) AddAPI ¶
func (s *SSHCertExchange) AddAPI(r *aries.Router)
AddAPI adds the API to under /ssh .
type SSHCertExchangeConfig ¶
type SSHCertExchangeConfig struct { CAPublicKey []byte `json:",omitempty"` CAPublicKeyFunc func() ([]byte, error) `json:",omitempty"` CAPublicKeyFile string `json:",omitempty"` ChallengeKey []byte // Time function for checking certificate. It is not used for // token generation. Now func() time.Time }
SSHCertExchangeConfig is the configuration to create an SSH certificate signin stub.