Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator implements domain.Authenticator using OIDC/Keycloak JWT tokens
func NewAuthenticator ¶
func NewAuthenticator(ctx context.Context, cfg *Config) (*Authenticator, error)
NewAuthenticator creates a new OIDC JWT authenticator for Keycloak
func (*Authenticator) Authenticate ¶
func (a *Authenticator) Authenticate(ctx context.Context, tokenString string) (*auth.Identity, error)
Authenticate extracts and validates the JWT token against Keycloak Returns nil if authentication fails
type Claims ¶
type Claims struct {
Role string `json:"role,omitempty"`
ParticipantID string `json:"participant_id,omitempty"`
AgentID string `json:"agent_id,omitempty"`
Name string `json:"name,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
RealmAccess struct {
Roles []string `json:"roles"`
} `json:"realm_access,omitempty"`
ResourceAccess map[string]struct {
Roles []string `json:"roles"`
} `json:"resource_access,omitempty"`
}
Claims represents the custom claims structure from Keycloak JWT tokens
type Config ¶
type Config struct {
KeycloakURL string `json:"keycloakUrl" env:"OAUTH_KEYCLOAK_URL"`
Realm string `json:"realm" env:"OAUTH_REALM"`
ClientID string `json:"clientId" env:"OAUTH_CLIENT_ID"`
ClientSecret string `json:"clientSecret" env:"OAUTH_CLIENT_SECRET"`
JWKSCacheTTL int `json:"jwksCacheTtl" env:"OAUTH_JWKS_CACHE_TTL"`
ValidateIssuer bool `json:"validateIssuer" env:"OAUTH_VALIDATE_ISSUER"`
}
func (*Config) GetJWKSURL ¶
GetJWKSURL returns the JWKS endpoint URL for the Keycloak realm
Source Files
Click to show internal directories.
Click to hide internal directories.