authapi

package

v0.0.1 Latest Latest Go to latest Published: May 22, 2025 License: Apache-2.0 Imports: 14 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/desain-gratis/common

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetOIDCClaims(claims map[string]interface{}) *session.OIDCClaim
func New(signer signing.Signer, verifier signing.Verifier) *signingService
type Auth
type AuthParser
type Authorization
type Data
type GSIConfig
type Grant
type IdTokenExchanger
- func NewIdTokenExchanger(verifierName string, verifier signing.VerifierOf[*idtoken.Payload], ...) *IdTokenExchanger
- func (g *IdTokenExchanger) ExchangeToken(tokenBuilder TokenBuilder) httprouter.Handle
- func (g *IdTokenExchanger) WithAuthorization(handler httprouter.Handle) httprouter.Handle
type MIPConfig
type Organization
type Payload
type Profile
type SignInResponse
type TokenBuilder
type UserProfile

Constants ¶

View Source

const (
	AUTH_GSI Auth = "gsi"

	AuthParserGoogle AuthParser = "gsi"
)

Variables ¶

This section is empty.

Functions ¶

func GetOIDCClaims ¶

func GetOIDCClaims(claims map[string]interface{}) *session.OIDCClaim

func New ¶

func New(
	signer signing.Signer,
	verifier signing.Verifier,
) *signingService

Base signing service

Types ¶

type Auth ¶

type Auth string

type AuthParser ¶

type AuthParser string

type Authorization ¶

type Authorization struct {
	UserID             string              `json:"user_id"` // organization/tenant id
	Name               string              `json:"name"`    // organization/tenant name
	UserGroupID        map[string]struct{} `json:"user_group_id"`
	UiAndApiPermission map[string]bool     `json:"api_and_ui_permission"`
}

type Data ¶

type Data struct {
	URL    string   `json:"url"`
	Email  string   `json:"email"`
	Roles  []string `json:"roles"`
	UserID string   `json:"user_id"`
}

type GSIConfig ¶

type GSIConfig struct {
	Email string `json:"email"`
}

type Grant ¶

type Grant struct {
	// DO NOT USE THIS AS BACK-END VALIDATION!!!!!!!!!!!!!!!!!!!!!!!!!!!
	UserId string `json:"user_id,omitempty"`
	// DO NOT USE THIS AS BACK-END VALIDATION!!!!!!!!!!!!!!!!!!!!!!!!!!!
	GroupId string `json:"group_id,omitempty"`
	// DO NOT USE THIS AS BACK-END VALIDATION!!!!!!!!!!!!!!!!!!!!!!!!!!!
	Name string `json:"name,omitempty"`
	// DO NOT USE THIS AS BACK-END VALIDATION!!!!!!!!!!!!!!!!!!!!!!!!!!!
	UiAndApiPermission map[string]bool `` /* 127-byte string literal not displayed */
}

DO NOT USE THIS AS BACK-END VALIDATION!!!!!!!!!!!!!!!!!!!!!!!!!!!

type IdTokenExchanger ¶

type IdTokenExchanger struct {
	// contains filtered or unexported fields
}

func NewIdTokenExchanger ¶

func NewIdTokenExchanger(
	verifierName string,
	verifier signing.VerifierOf[*idtoken.Payload],
	signer signing.Signer,
) *IdTokenExchanger

func (*IdTokenExchanger) ExchangeToken ¶

func (g *IdTokenExchanger) ExchangeToken(
	tokenBuilder TokenBuilder,
) httprouter.Handle

Convenient handler for exchanging token

func (*IdTokenExchanger) WithAuthorization ¶

func (g *IdTokenExchanger) WithAuthorization(handler httprouter.Handle) httprouter.Handle

WithAuthorization is for more generic authorization

type MIPConfig ¶

type MIPConfig struct {
	Email string `json:"email"`
}

type Organization ¶

type Organization struct {
	URL    string `json:"url"`
	ApiURL string `json:"api_url"`

	// SignInPK should be the path to the actual key in GSM
	SignInPK    string `json:"sign_in_pk"`
	SignInKeyID string `json:"sign_in_key_id"`
	Auth        Auth   `json:"auth"`
}

type Payload ¶

type Payload struct {
	Email           string                   `json:"email"` // email (as ID, possible improvements)
	Profile         UserProfile              `json:"profile"`
	GSI             GSIConfig                `json:"gsi"`
	MIP             MIPConfig                `json:"mip"`
	DefaultHomepage string                   `json:"default_homepage"`
	Authorization   map[string]Authorization `json:"authorization"` // organization/tenant id as key
}

type Profile ¶

type Profile struct {
	URL              string `json:"url"`
	DisplayName      string `json:"display_name"`
	ImageDataURL     string `json:"image_data_url"`
	ImageURL         string `json:"image_url"`
	Avatar1x1URL     string `json:"avatar_1x1_url"`
	Background3x1URL string `json:"background_3x1_url"`
	Email            string `json:"email"`
}

type SignInResponse ¶

type SignInResponse struct {
	// Profile from OIDC provider
	LoginProfile *Profile `json:"login_profile,omitempty"`

	Locale  []string `json:"locale,omitempty"`
	IDToken *string  `json:"id_token,omitempty"`
	// Collection of grants NOT signed, for debugging.
	// DO NOT USE THIS FOR BACK END VALIDATION!!!
	Grants map[string]*session.Grant `json:"grants"`
	Expiry string                    `json:"expiry,omitempty"`
	Data   any                       `json:"data,omitempty"`
}

type TokenBuilder ¶

type TokenBuilder func(req *http.Request, authMethod string, payload *idtoken.Payload) (tokenData proto.Message, apiData any, expiry time.Time, err *types.CommonError)

type UserProfile ¶

type UserProfile struct {
	ID               string `json:"id"`
	ImageURL         string `json:"image_url"`
	Name             string `json:"name"`
	DisplayName      string `json:"display_name"`
	Role             string `json:"role"`
	Description      string `json:"description"`
	Avatar1x1URL     string `json:"avatar_1x1_url"`
	Background3x1URL string `json:"background_3x1_url"`
	CreatedAt        string `json:"created_at"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL