README
¶
Authz module
This repository provides all necessary pieces for FOXDEN/CHESS authentication and authorization. It covers kerberos and JWT tokens, it provides necessary middleware for gin framework, etc.
Documentation
¶
Index ¶
- Variables
- func BearerToken(r *http.Request) string
- func CodeChallenge(verifier string) string
- func CodeVerifier() string
- func FacebookCallBack(ctx *gin.Context, endpoint string, verbose int)
- func FacebookOauthLogin(ctx *gin.Context, verbose int)
- func GithubCallBack(ctx *gin.Context, endpoint string, verbose int)
- func GithubOauthLogin(ctx *gin.Context, verbose int)
- func GoogleCallBack(ctx *gin.Context, endpoint string, verbose int)
- func GoogleOauthLogin(ctx *gin.Context, verbose int)
- func Init(providers []string, verbose int)
- func JWTAccessToken(secretKey string, expiresAt int64, customClaims CustomClaims) (string, error)
- func RandomBytes(size int, seed int64) []byte
- func RandomString(size int, seed int64) string
- func ReadSecret(r string) string
- func RequestToken(r *http.Request) string
- func ScopeTokenMiddleware(scope, clientId string, verbose int) gin.HandlerFunc
- func TokenMiddleware(clientId string, verbose int) gin.HandlerFunc
- func UserCredentials(r *http.Request) (string, error)
- type Certs
- type Claims
- type CustomClaims
- type Kerberos
- type Keys
- type OpenIDConfiguration
- type Provider
- type Token
- type TokenAttributes
- type TokenInfo
Constants ¶
This section is empty.
Variables ¶
var OAuthProviders map[string]Provider
OAuthProviders contains maps of all participated providers
Functions ¶
func BearerToken ¶ added in v0.1.0
Helper function to extract bearer token from http request
func CodeChallenge ¶ added in v0.3.9
CodeChallenge generates code challenge from the code verifier (SHA256 + base64 URL encoding)
func CodeVerifier ¶ added in v0.3.9
func CodeVerifier() string
CodeVerifier generates a random code verifier of 43-128 characters
func FacebookCallBack ¶ added in v0.0.3
FacebookCallBack provides gin handler for facebook callback to given endpoint
func FacebookOauthLogin ¶ added in v0.0.3
FacebookOauthLogin provides gin handler for facebook oauth login
func GithubCallBack ¶ added in v0.0.3
GithubCallBack provides gin handler for github callback to given endpoint
func GithubOauthLogin ¶ added in v0.0.3
GithubOauthLogin provides gin handler for github oauth login
func GoogleCallBack ¶ added in v0.0.3
GoogleCallBack provides gin handler for google callback to given endpoint
func GoogleOauthLogin ¶ added in v0.0.3
GoogleOauthLogin provides gin handler for google oauth login
func JWTAccessToken ¶ added in v0.0.2
func JWTAccessToken(secretKey string, expiresAt int64, customClaims CustomClaims) (string, error)
JWTAccessToken generates JWT access token with custom claims https://blog.canopas.com/jwt-in-golang-how-to-implement-token-based-authentication-298c89a26ffd
func RandomBytes ¶ added in v0.3.6
RandomBytes generates random bytes from given size and seed
func RandomString ¶ added in v0.3.6
RandomString generates random string using given seed and size
func ReadSecret ¶ added in v0.3.6
ReadSecret provides unified way to read secret either from provided file or a string, and fall back to a default value if string is empty
func RequestToken ¶ added in v0.0.1
RequestToken gets token from http request
func ScopeTokenMiddleware ¶ added in v0.0.2
func ScopeTokenMiddleware(scope, clientId string, verbose int) gin.HandlerFunc
ScopeTokenMiddleware provides token validation with specific scope
func TokenMiddleware ¶
func TokenMiddleware(clientId string, verbose int) gin.HandlerFunc
gin cookies https://gin-gonic.com/docs/examples/cookie/ more advanced use-case: https://stackoverflow.com/questions/66289603/use-existing-session-cookie-in-gin-router
Types ¶
type Claims ¶
type Claims struct {
jwt.RegisteredClaims
CustomClaims CustomClaims `json:"custom_claims"`
}
Claims defines our JWT claims
func TokenClaims ¶ added in v0.0.1
TokenClaims returns token claims
type CustomClaims ¶ added in v0.0.2
type CustomClaims struct {
User string `json:"user"`
Scope string `json:"scope"`
Kind string `json:"kind"`
Roles []string `json:"roles"`
Application string `json:"application"`
}
CustomClaims defines application specific claims
func (*CustomClaims) String ¶ added in v0.0.2
func (c *CustomClaims) String() string
String provides string representations of Custom claims
type Kerberos ¶ added in v0.0.1
Kerberos defines kerberos structure we use
func (*Kerberos) Credentials ¶ added in v0.0.1
func (k *Kerberos) Credentials() (*credentials.Credentials, error)
helper function to check user credentials for POST requests
type Keys ¶
type Keys struct {
Kid string `json:"kid"`
Kty string `json:"kty"`
Alg string `json:"alg"`
Use string `json:"use"`
N string `json:"n"`
E string `json:"e"`
X5c []string `json:"x5c"`
X5y string `json:"x5y"`
Xt5S256 string `json:"x5t#S256"`
}
JWKSKeys struct represent structure of JWKS Keys
type OpenIDConfiguration ¶
type OpenIDConfiguration struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
IntrospectionEndpoint string `json:"introspection_endpoint"`
UserInfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
JWKSUri string `json:"jwks_uri"`
ClaimsSupported []string `json:"claims_supported"`
ScopeSupported []string `json:"scopes_supported"`
RevocationEndpoint string `json:"revocation_endpoint"`
}
OpenIDConfiguration holds configuration for OpenID Provider
type Provider ¶
type Provider struct {
URL string // provider url
Configuration OpenIDConfiguration // provider OpenID configuration
PublicKeys []publicKey // Public keys of the provider
JWKSBody []byte // jwks body content of the provider
}
Provider holds all information about given provider
type Token ¶
type Token struct {
AccessToken string `json:"access_token"`
Expires int64 `json:"expires_in"`
Scope string `json:"scope"`
TokenType string `json:"token_type"`
}
Token represents access token structure
type TokenAttributes ¶
type TokenAttributes struct {
Subject string `json:"sub"` // token subject
Audiences string `json:"aud"` // token audience
Issuer string `json:"iss"` // token issuer
UserName string `json:"username"` // user name
Active bool `json:"active"` // is token active or not
SessionState string `json:"session_state"` // session state fields
ClientID string `json:"clientId"` // client id
Email string `json:"email"` // client email address
Scope string `json:"scope"` // scope of the token
Expiration int64 `json:"exp"` // token expiration
ClientHost string `json:"clientHost"` // client host
}
TokenAttributes contains structure of access token attributes
func InspectToken ¶
func InspectToken(provider Provider, token string, verbose int) (TokenAttributes, error)
InspectToken extracts token attributes
func InspectTokenProviders ¶
func InspectTokenProviders(token string, providers []string, verbose int) (TokenAttributes, error)
InspectTokenProviders inspects token against all participated providers and return TokenAttributes
type TokenInfo ¶
type TokenInfo struct {
AccessToken string `json:"access_token"` // access token
AccessExpire int64 `json:"expires_in"` // access token expiration
RefreshToken string `json:"refresh_token"` // refresh token
RefreshExpire int64 `json:"refresh_expires_in"` // refresh token expireation
IDToken string `json:"id_token"` // id token
}
TokenInfo contains information about all tokens
Source Files