auth

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidAuthRequest  = errors.New("invalid auth request")
	ErrAmbiguousOIDCConfig = errors.New("ambiguous oidc auth config")
)

Functions

func WithAuthContext

func WithAuthContext(ctx context.Context, authCtx *AuthContext) context.Context

Types

type APIKeyFinder

type APIKeyFinder interface {
	FindByAPIKey(ctx context.Context, rawKey string) (*domain.Auth, error)
}

func NewAPIKeyFinder

func NewAPIKeyFinder(repo domain.Repository, manager *cache.TTLMapManager, logger *slog.Logger) APIKeyFinder

type AuthContext

type AuthContext struct {
	Method      Method
	GatewayID   ids.GatewayID
	GatewaySlug string
	ConsumerID  ids.ConsumerID
	AuthID      ids.AuthID
	Subject     string
	Claims      map[string]any
	Scopes      []string
	RoleIDs     []ids.RoleID
}

func AuthContextFromContext

func AuthContextFromContext(ctx context.Context) (*AuthContext, bool)

type ClientCertificateExtractor

type ClientCertificateExtractor interface {
	FromXFCC(header string) (*x509.Certificate, error)
}

type CreateInput

type CreateInput struct {
	GatewayID ids.GatewayID
	Name      string
	Type      domain.Type
	Enabled   bool
	Config    domain.Config
}

type Creator

type Creator interface {
	Create(ctx context.Context, in CreateInput) (*domain.Auth, error)
}

func NewCreator

func NewCreator(repo domain.Repository, manager *cache.TTLMapManager, publisher cache.EventPublisher, logger *slog.Logger) Creator

type CredentialFinder

type CredentialFinder interface {
	OAuth2Auths(ctx context.Context) ([]*domain.Auth, error)
	OAuth2AuthsForGateway(ctx context.Context, gatewayID ids.GatewayID) ([]*domain.Auth, error)
	MTLSAuths(ctx context.Context) ([]*domain.Auth, error)
}

func NewCredentialFinder

func NewCredentialFinder(repo domain.Repository, manager *cache.TTLMapManager, logger *slog.Logger) CredentialFinder

type Deleter

type Deleter interface {
	Delete(ctx context.Context, gatewayID ids.GatewayID, id ids.AuthID) error
}

func NewDeleter

func NewDeleter(
	repo domain.Repository,
	consumerRepo consumerdomain.Repository,
	manager *cache.TTLMapManager,
	publisher cache.EventPublisher,
	logger *slog.Logger,
) Deleter

type Finder

type Finder interface {
	FindByID(ctx context.Context, gatewayID ids.GatewayID, id ids.AuthID) (*domain.Auth, error)
	List(ctx context.Context, filter domain.ListFilter) ([]*domain.Auth, int, error)
}

func NewFinder

func NewFinder(repo domain.Repository, manager *cache.TTLMapManager, logger *slog.Logger) Finder

type IntrospectionValidator

type IntrospectionValidator interface {
	Validate(ctx context.Context, raw string, cfg *authdomain.OAuth2Config) (*identity.Principal, error)
}

type JWTValidator

type JWTValidator interface {
	Validate(ctx context.Context, raw string, cfg *authdomain.OAuth2Config) (*identity.Principal, error)
}

type MTLSValidator

type MTLSValidator interface {
	Validate(cert *x509.Certificate, cfg *authdomain.MTLSConfig) (*identity.Principal, error)
}

type Method

type Method string
const (
	MethodAPIKey     Method = "api_key"
	MethodOAuth2     Method = "oauth2"
	MethodOIDC       Method = "oidc"
	MethodPlayground Method = "playground"
)

type OAuth2Verifier

type OAuth2Verifier interface {
	Verify(ctx context.Context, token string, cfg domain.OAuth2Config) (*VerifiedClaims, error)
}

func NewOAuth2Verifier

func NewOAuth2Verifier(jwtVerifier OIDCVerifier) OAuth2Verifier

type OIDCFinder

type OIDCFinder interface {
	FindOIDCAuth(ctx context.Context, auths []*domain.Auth, token string) (*domain.Auth, error)
}

func NewOIDCFinder

func NewOIDCFinder(verifier OIDCVerifier) OIDCFinder

type OIDCVerifier

type OIDCVerifier interface {
	Peek(token string) (TokenHints, error)
	Verify(ctx context.Context, token string, cfg domain.OIDCConfig) (*VerifiedClaims, error)
}

type SessionTokenVerifier added in v0.2.3

type SessionTokenVerifier interface {
	Verify(ctx context.Context, raw string) (*identity.Principal, error)
	Issuer() string
}

type TokenHints

type TokenHints struct {
	Issuer    string
	Audiences []string
	KeyID     string
	Algorithm string
}

type UpdateInput

type UpdateInput struct {
	ID        ids.AuthID
	GatewayID ids.GatewayID
	Name      *string
	Type      *domain.Type
	Enabled   *bool
	Config    *domain.Config
}

type Updater

type Updater interface {
	Update(ctx context.Context, in UpdateInput) (*domain.Auth, error)
}

func NewUpdater

func NewUpdater(
	repo domain.Repository,
	consumerRepo consumerdomain.Repository,
	manager *cache.TTLMapManager,
	publisher cache.EventPublisher,
	logger *slog.Logger,
) Updater

type VerifiedClaims

type VerifiedClaims struct {
	Subject string
	Claims  map[string]any
	Scopes  []string
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL