Documentation
¶
Overview ¶
Package auth handles inbound caller authentication for codex-app-gateway.
Phase 1 uses an HMAC-signed token of the form
<workspace_id>.<thread_id>.<hex-hmac-sha256>
where the HMAC covers `<workspace_id>\0<thread_id>` keyed by a deployment-shared secret. This matches the wstoken / internal-API pattern used elsewhere in agentserver and avoids pulling a JWT lib just for phase 1. Phase 2 can swap in a JWT impl behind the same `Authenticator` interface.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Authenticator ¶
Authenticator is the seam for inbound auth. Phase-1 impl is HMAC.
type HMAC ¶
type HMAC struct {
// contains filtered or unexported fields
}
HMAC is the phase-1 Authenticator.
func NewHMAC ¶
NewHMAC returns a phase-1 Authenticator. The secret must be non-empty for tokens to verify; an empty secret will still mint and verify against itself but represents a deployment misconfiguration.
func (*HMAC) Mint ¶
Mint produces a token for `(workspaceID, threadID)`. Useful for tests and CLI tools; production callers receive tokens from agentserver.
func (*HMAC) Verify ¶
Verify parses and HMAC-verifies a token.
Token format: <workspace_id>.<thread_id>.<hex-hmac>
The sig is always the last dot-separated field. The workspace_id is always the first dot-separated field in the prefix (everything before the sig); the thread_id is everything between the first and last dots. This means thread_id may contain dots but workspace_id may not.
Last dot separates the sig from the (workspace_id, thread_id, ...) prefix. We split into "head" and "sig" instead of 3 fixed parts so thread ids that themselves contain dots verify correctly.
Source Files