http

package

v0.0.60 Latest Latest Go to latest Published: Apr 1, 2026 License: Apache-2.0 Imports: 29 Imported by: 1

Documentation ¶

Index ¶

Variables
func AuthorizationMiddleware(staticConfig *config.StaticConfig, oidcProvider *oidc.Provider) func(http.Handler) http.Handler
func RequestMiddleware(next http.Handler) http.Handler
func Serve(ctx context.Context, mcpServer *mcp.Server, staticConfig *config.StaticConfig, ...) error
func WellKnownHandler(staticConfig *config.StaticConfig, httpClient *http.Client) http.Handler
type JWTClaims
- func ParseJWTClaims(token string) (*JWTClaims, error)
type WellKnown
- func (w WellKnown) ServeHTTP(writer http.ResponseWriter, request *http.Request)

Constants ¶

This section is empty.

Variables ¶

View Source

var WellKnownEndpoints = []string{
	oauthAuthorizationServerEndpoint,
	oauthProtectedResourceEndpoint,
	openIDConfigurationEndpoint,
}

Functions ¶

func AuthorizationMiddleware ¶

func AuthorizationMiddleware(staticConfig *config.StaticConfig, oidcProvider *oidc.Provider) func(http.Handler) http.Handler

AuthorizationMiddleware validates the OAuth flow for protected resources.

The flow is skipped for unprotected resources, such as health checks and well-known endpoints.

There are several auth scenarios supported by this middleware:

 1. requireOAuth is false:

    - The OAuth flow is skipped, and the server is effectively unprotected.
    - The request is passed to the next handler without any validation.

    see TestAuthorizationRequireOAuthFalse

 2. requireOAuth is set to true, server is protected:

    2.1. Raw Token Validation (oidcProvider is nil):
         - The token is validated offline for basic sanity checks (expiration).
         - If OAuthAudience is set, the token is validated against the audience.

         see TestAuthorizationRawToken

    2.2. OIDC Provider Validation (oidcProvider is not nil):
         - The token is validated offline for basic sanity checks (audience and expiration).
         - If OAuthAudience is set, the token is validated against the audience.
         - The token is then validated against the OIDC Provider.

         see TestAuthorizationOidcToken

func RequestMiddleware ¶

func RequestMiddleware(next http.Handler) http.Handler

RequestMiddleware creates OpenTelemetry spans for HTTP requests.

func Serve ¶

func Serve(ctx context.Context, mcpServer *mcp.Server, staticConfig *config.StaticConfig, oidcProvider *oidc.Provider, httpClient *http.Client) error

func WellKnownHandler ¶ added in v0.0.49

func WellKnownHandler(staticConfig *config.StaticConfig, httpClient *http.Client) http.Handler

Types ¶

type JWTClaims ¶

type JWTClaims struct {
	jwt.Claims
	Token string `json:"-"`
	Scope string `json:"scope,omitempty"`
}

func ParseJWTClaims ¶

func ParseJWTClaims(token string) (*JWTClaims, error)

func (*JWTClaims) GetScopes ¶

func (c *JWTClaims) GetScopes() []string

func (*JWTClaims) ValidateOffline ¶ added in v0.0.49

func (c *JWTClaims) ValidateOffline(audience string) error

ValidateOffline Checks if the JWT claims are valid and if the audience matches the expected one.

func (*JWTClaims) ValidateWithProvider ¶ added in v0.0.49

func (c *JWTClaims) ValidateWithProvider(ctx context.Context, audience string, provider *oidc.Provider) error

ValidateWithProvider validates the JWT claims against the OIDC provider.

type WellKnown ¶ added in v0.0.49

type WellKnown struct {
	// contains filtered or unexported fields
}

func (WellKnown) ServeHTTP ¶ added in v0.0.49

func (w WellKnown) ServeHTTP(writer http.ResponseWriter, request *http.Request)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL