Documentation
¶
Overview ¶
Package jwt provides a JWT-based Authenticator implementation for pkg/authn. Use NewAuthenticator to create an instance and pass it to authn.Server().
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAuthenticator ¶
func NewAuthenticator(opts ...Option) authn.Authenticator
NewAuthenticator creates a JWT-based Authenticator. The token is read from context (stored by authn.Server via svrmw.NewTokenContext). If no token is present, or no verifier is configured, an anonymous actor is returned.
Types ¶
type ClaimsMapper ¶
ClaimsMapper converts parsed JWT MapClaims into an actor.Actor.
func DefaultClaimsMapper ¶
func DefaultClaimsMapper() ClaimsMapper
DefaultClaimsMapper maps standard OIDC claims (sub, name, email, azp, scope). It does not contain any IdP-specific fields (no issuer→Realm mapping).
func KeycloakClaimsMapper ¶
func KeycloakClaimsMapper() ClaimsMapper
KeycloakClaimsMapper extends DefaultClaimsMapper with Keycloak-specific field mappings: iss → Realm, realm_access.roles supplemental roles.
type Option ¶
type Option func(*authenticatorConfig)
Option configures the JWT Authenticator.
func WithClaimsMapper ¶
func WithClaimsMapper(m ClaimsMapper) Option
WithClaimsMapper sets a custom ClaimsMapper to convert JWT claims to an actor.Actor. Defaults to DefaultClaimsMapper().
func WithVerifier ¶
WithVerifier sets the JWT verifier used to validate token signatures. If nil, the authenticator operates in pass-through mode (anonymous actor returned).
Source Files