oidc

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrUnauthorized = errors.New("unauthorized")

Functions

This section is empty.

Types

type Config 

type Config struct {
	Issuer     string
	Audience   string
	JWKSURL    string
	AdminClaim string
	AdminValue string
}

type Principal 

type Principal struct {
	Subject string
	Claims  map[string]any
	IsAdmin bool
}

type StaticTokenValidator 

type StaticTokenValidator struct {
	// contains filtered or unexported fields
}

StaticTokenValidator authenticates requests using a single shared secret token. Every valid request is assigned a fixed subject ("static") with admin privileges.

This is intentionally simple — suitable for single-operator evaluation and trusted internal networks. Use OIDC (Validator) for multi-user environments.

func NewStaticToken 

func NewStaticToken(token string) *StaticTokenValidator

NewStaticToken creates a StaticTokenValidator. token must be non-empty.

func (*StaticTokenValidator) Authenticate 

func (v *StaticTokenValidator) Authenticate(_ context.Context, authHeader string) (*Principal, error)

Authenticate accepts "Bearer <token>" where token matches the configured static secret. Emits a startup-style warning on every successful auth to remind operators to migrate to OIDC.

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

func New 

func New(cfg Config) *Validator

func (*Validator) Authenticate 

func (v *Validator) Authenticate(ctx context.Context, authHeader string) (*Principal, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.