authn

package
v0.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package authn provides a generic Kratos middleware for JWT-based authentication. It is engine-agnostic: any Authenticator implementation can be injected.

Example usage: 

import (
    "github.com/Servora-Kit/servora/security/authn"
    "github.com/Servora-Kit/servora/security/authn/jwt"
)

mw = append(mw, authn.Server(
    jwt.NewAuthenticator(jwt.WithVerifier(km.Verifier())),
))

The middleware writes a *auditpb.AuthnDetail to ctx via audit.WithAuthnResult; emission is the responsibility of the transport-tail audit.Collector middleware. The authn package therefore has zero coupling to the audit emission pipeline (only to the neutral auditpb schema package).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractBearerToken 

func ExtractBearerToken(header string) string

ExtractBearerToken parses the Bearer token from an Authorization header value. Returns empty string if the header is absent or malformed.

func Server 

func Server(authenticator Authenticator, opts ...Option) middleware.Middleware

Server returns a Kratos middleware that authenticates requests using the provided Authenticator. It extracts the Bearer token from the Authorization header, stores it in context via svrmw.NewTokenContext, then delegates to the Authenticator to produce an actor.Actor.

Behavior:

  • No transport in context - anonymous actor injected, anonymous-success AuthnDetail written, handler called.
  • No Authorization header - anonymous actor injected (authenticator may override); detail reflects authenticator outcome.
  • Authenticator success - user-actor + Success=true detail in ctx.
  • Authenticator error + no error handler - failure detail written BEFORE returning the error. Collector, mounted outer to this middleware (Chain(Collector, authn, ...)), will reach the post-phase even when authn short-circuits, and emit the AUTHN_RESULT event from the ctx-bound *auditpb.AuthnDetail.
  • Authenticator error + error handler - handler's return value used, failure detail still written first.

Types

type Authenticator 

type Authenticator interface {
	Authenticate(ctx context.Context) (actor.Actor, error)
	Method() string
}

Authenticator is the interface for authenticating incoming requests.

CONTRACT: this interface intentionally contains only TWO kinds of members:

  1. Authentication behavior (Authenticate)
  2. Engine immutable metadata (Method — self-description)

Hooks/callbacks (e.g. OnSuccess), injection (logger/tracer), infra probes (Health) are explicitly NOT permitted here. Those concerns belong to callers, containers, or optional sibling interfaces.

This rule prevents interface bloat as new engines (mTLS, etc.) are added: each engine is described by Method(), and orchestration is the middleware's responsibility.

type Option 

type Option func(*serverConfig)

Option configures the Server middleware.

func WithErrorHandler 

func WithErrorHandler(h func(ctx context.Context, err error) error) Option

WithErrorHandler sets a custom error handler invoked when authentication fails.

Source Files

View all Source files

Directories

Path Synopsis
Package jwt provides a JWT-based Authenticator implementation for pkg/authn.
 Package jwt provides a JWT-based Authenticator implementation for pkg/authn.
Package noop provides a no-op Authenticator that always returns an anonymous actor.
 Package noop provides a no-op Authenticator that always returns an anonymous actor.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.