stdcrpcauthfx

package
v0.0.218 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package stdcrpcauthfx provides ConnectRPC authentication and authorization via OIDC/JWKS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProtoExtensionScope 

func ProtoExtensionScope(ext protoreflect.ExtensionType) fx.Option

ProtoExtensionScope returns an fx.Option that provides a ScopeResolver backed by the given protobuf method option extension type.

func Provide 

func Provide() fx.Option

Provide returns an fx.Option that wires the stdauth module with config from the environment.

func TestProvide added in v0.0.218 

func TestProvide() fx.Option

TestProvide provides the package's components as an fx module with a configuration for testing. It replaces Provide() in test fx.App setups, skipping JWT/JWKS validation entirely. Claims are read from the request context via WithTestClaims. The real Wrap() code path (scope resolution, permission checking) still runs.

func WithTestClaims added in v0.0.218 

func WithTestClaims(ctx context.Context, c Claims) context.Context

WithTestClaims attaches Claims to the context for use with TestProvide. Each request can carry its own claims via its context.

Types

type AccessControl 

type AccessControl struct {
	// contains filtered or unexported fields
}

AccessControl holds all auth state: JWKS cache, config, and the authn middleware.

func (*AccessControl) Start 

func (ac *AccessControl) Start(ctx context.Context) (err error)

Start initializes the JWKS cache and fetches the initial key set.

func (*AccessControl) Stop 

func (ac *AccessControl) Stop(_ context.Context) error

Stop cancels the JWKS cache background refresh.

func (*AccessControl) Wrap 

func (ac *AccessControl) Wrap(handler http.Handler) http.Handler

Wrap returns an HTTP handler that authenticates and authorizes requests.

type Claims 

type Claims struct {
	Subject string
	Scopes  []string
}

Claims holds the authentication information extracted from a JWT.

func ClaimsFromContext 

func ClaimsFromContext(ctx context.Context) Claims

ClaimsFromContext retrieves the claims stored by the auth middleware.

type Config 

type Config struct {
	TokenIssuer   string `env:"TOKEN_ISSUER,required"`
	TokenAudience string `env:"TOKEN_AUDIENCE,required"`
}

Config holds the OIDC configuration read from environment variables.

type Params 

type Params struct {
	fx.In
	fx.Lifecycle

	Logs          *zap.Logger
	Config        Config
	ScopeResolver ScopeResolver
	Clock         jwt.Clock `optional:"true"`
}

Params holds the dependencies for constructing AccessControl.

type Result 

type Result struct {
	fx.Out

	AccessControl *AccessControl
}

Result holds the components produced by this module.

func New 

func New(params Params) (Result, error)

New constructs a new AccessControl and registers its lifecycle hooks.

type ScopeResolver 

type ScopeResolver interface {
	RequiredScope(procedure string) (string, error)
}

ScopeResolver resolves the required scope for a ConnectRPC procedure.

Source Files

View all Source files

Directories

Path Synopsis
Package crpcauthtesting provides test helpers for stdcrpcauthfx that use real JWT signing and validation.
 Package crpcauthtesting provides test helpers for stdcrpcauthfx that use real JWT signing and validation.
internal
v1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.