Documentation
¶
Overview ¶
Package serviceauth provides shared helpers for service-to-service authentication.
Index ¶
- Constants
- func GetServiceID(ctx context.Context) string
- func GetUserID(ctx context.Context) string
- func NewServiceTokenRoundTripper(base http.RoundTripper, generator *ServiceTokenGenerator) http.RoundTripper
- func ParseRSAPrivateKeyFromPEM(pemBytes []byte) (*rsa.PrivateKey, error)
- func ParseRSAPublicKeyFromPEM(pemBytes []byte) (*rsa.PublicKey, error)
- func WithServiceID(ctx context.Context, serviceID string) context.Context
- func WithUserID(ctx context.Context, userID string) context.Context
- type ServiceClaims
- type ServiceTokenGenerator
- type ServiceTokenRoundTripper
Constants ¶
const ( // ServiceTokenHeader is the header name for service-to-service tokens. ServiceTokenHeader = "X-Service-Token" // ServiceIDHeader is the header name for service identification. ServiceIDHeader = "X-Service-ID" // UserIDHeader is the header name for user identification. UserIDHeader = "X-User-ID" // DefaultServiceTokenExpiry is the default expiration time for service tokens. DefaultServiceTokenExpiry = 1 * time.Hour )
Variables ¶
This section is empty.
Functions ¶
func GetServiceID ¶
GetServiceID extracts service ID from context.
func NewServiceTokenRoundTripper ¶
func NewServiceTokenRoundTripper(base http.RoundTripper, generator *ServiceTokenGenerator) http.RoundTripper
NewServiceTokenRoundTripper wraps a base transport with service-token injection.
func ParseRSAPrivateKeyFromPEM ¶
func ParseRSAPrivateKeyFromPEM(pemBytes []byte) (*rsa.PrivateKey, error)
ParseRSAPrivateKeyFromPEM parses an RSA private key from PEM bytes. Supported PEM types: RSA PRIVATE KEY (PKCS#1), PRIVATE KEY (PKCS#8).
func ParseRSAPublicKeyFromPEM ¶
ParseRSAPublicKeyFromPEM parses an RSA public key from PEM bytes. Supported PEM types: PUBLIC KEY (PKIX), RSA PUBLIC KEY (PKCS#1), CERTIFICATE.
func WithServiceID ¶
WithServiceID returns a new context with the service ID set.
Types ¶
type ServiceClaims ¶
type ServiceClaims struct {
ServiceID string `json:"service_id"`
jwt.RegisteredClaims
}
ServiceClaims represents JWT claims for service-to-service authentication.
type ServiceTokenGenerator ¶
type ServiceTokenGenerator struct {
// contains filtered or unexported fields
}
ServiceTokenGenerator generates service-to-service JWT tokens.
func NewServiceTokenGenerator ¶
func NewServiceTokenGenerator(privateKey *rsa.PrivateKey, serviceID string, expiry time.Duration) *ServiceTokenGenerator
NewServiceTokenGenerator creates a new service token generator.
func (*ServiceTokenGenerator) GenerateToken ¶
func (g *ServiceTokenGenerator) GenerateToken() (string, error)
GenerateToken generates a new service token.
type ServiceTokenRoundTripper ¶
type ServiceTokenRoundTripper struct {
// contains filtered or unexported fields
}
ServiceTokenRoundTripper injects X-Service-Token (and optionally X-User-ID) into outgoing HTTP requests.
Source Files