grpcutil

package

v0.2.0 Latest Latest Go to latest Published: Mar 3, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/abcxyz/pkg

Links

Open Source Insights

Documentation ¶

Overview ¶

Package grpcutil provides utilities for getting information from the grpc context.

Index ¶

type JWTAuthOption
type JWTAuthenticationHandler
- func NewJWTAuthenticationHandler(ctx context.Context, opts ...JWTAuthOption) (*JWTAuthenticationHandler, error)
- func (g *JWTAuthenticationHandler) RequestPrincipal(ctx context.Context) (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type JWTAuthOption ¶

type JWTAuthOption func(handler *JWTAuthenticationHandler) *JWTAuthenticationHandler

func NoJWTAuthValidation ¶

func NoJWTAuthValidation() JWTAuthOption

NoJWTAuthValidation disables certificate validation for JWT.

func WithJWTAuthClaimKey ¶

func WithJWTAuthClaimKey(key string) JWTAuthOption

WithJWTAuthClaimKey specifies the key that the principal is expected to be under in the JWT claims. Defaults to "email".

func WithJWTAuthEndpoint ¶

func WithJWTAuthEndpoint(endpoint string) JWTAuthOption

WithJWTAuthEndpoint specifies the endpoint to get JWKs keys. Required unless NoJWTAuthValidation() is also specified.

func WithJWTAuthKey ¶

func WithJWTAuthKey(key string) JWTAuthOption

WithJWTAuthKey specifies the key that the JWT is expected to be under in the GRPC metadata. Defaults to "authorization ".

func WithJWTAuthPrefix ¶

func WithJWTAuthPrefix(prefix string) JWTAuthOption

WithJWTAuthPrefix specifies a case-insensitive prefix that proceeds a JWT in the header. Defaults to "bearer ".

type JWTAuthenticationHandler ¶

type JWTAuthenticationHandler struct {
	*jwtutil.Verifier
	// JWTPrefix is a prefix that occurs in a string before the signed JWT token.
	JWTPrefix string
	// JWTKey is the key in the GRPC metadata which holds the wanted JWT token.
	JWTKey string
	// PrincipalClaimKey is the key in the JWTs claims which corresponds to the user's email.
	PrincipalClaimKey string
	// In some cases (such as cloud run) the JWT's signature is redacted. In this case, we cannot validate
	// the jwt ourselves. This flag skips the validation, and instead trusts the JWT has been validated
	// upstream.
	ValidationDisabled bool
	// Endpoint is the endpoint where JWKs public keys can be found to do JWT validation.
	Endpoint string
}

JWTAuthenticationHandler allows for retrieving principal information from JWT tokens stored in GRPC metadata.

func NewJWTAuthenticationHandler ¶

func NewJWTAuthenticationHandler(ctx context.Context, opts ...JWTAuthOption) (*JWTAuthenticationHandler, error)

NewJWTAuthenticationHandler returns a JWTAuthenticationHandler with a verifier initialized. Uses defaults for JWT related fields that will retrieve a user email when using IAM on GCP.

func (*JWTAuthenticationHandler) RequestPrincipal ¶

func (g *JWTAuthenticationHandler) RequestPrincipal(ctx context.Context) (string, error)

RequestPrincipal extracts the JWT principal from the grpcmetadata in the context.

Source Files ¶

View all Source files

jwt_auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL