Documentation
¶
Index ¶
- Constants
- func IsBearerToken(value string) bool
- func NewHTTPServer(addr string, handler http.Handler) *http.Server
- type Authorizer
- type ClientVerifier
- type CognitoClientStore
- type Config
- type DCRClientRegistrationRequest
- type DCRClientRegistrationResponse
- type DCRRegistrar
- type Principal
- type Server
Constants ¶
View Source
const ( AuthProfileCognito = "cognito" AuthProfileDirectOIDC = "direct-oidc" )
Variables ¶
This section is empty.
Functions ¶
func IsBearerToken ¶
Types ¶
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
func NewAuthorizer ¶
func NewAuthorizer(cfg Config, keyFunc jwt.Keyfunc) *Authorizer
func NewAuthorizerWithClientVerifier ¶
func NewAuthorizerWithClientVerifier(cfg Config, keyFunc jwt.Keyfunc, clientVerifier ClientVerifier) *Authorizer
func NewRemoteAuthorizer ¶
func NewRemoteAuthorizer(ctx context.Context, cfg Config) (*Authorizer, error)
func (*Authorizer) Authenticate ¶
func (*Authorizer) KeyFunc ¶
func (a *Authorizer) KeyFunc() jwt.Keyfunc
func (*Authorizer) VerifyAccessToken ¶
type ClientVerifier ¶
type CognitoClientStore ¶
type CognitoClientStore struct {
// contains filtered or unexported fields
}
func NewCognitoClientStore ¶
func NewCognitoClientStore(ctx context.Context, cfg Config) (*CognitoClientStore, error)
func NewCognitoClientStoreWithClient ¶
func NewCognitoClientStoreWithClient(cfg Config, client cognitoUserPoolClientAPI) *CognitoClientStore
func (*CognitoClientStore) RegisterClient ¶
func (s *CognitoClientStore) RegisterClient(ctx context.Context, req DCRClientRegistrationRequest) (DCRClientRegistrationResponse, error)
func (*CognitoClientStore) VerifyClientID ¶
func (s *CognitoClientStore) VerifyClientID(ctx context.Context, clientID string) error
type Config ¶
type Config struct {
Addr string
Upstream *url.URL
InternalToken string
PublicBaseURL string
AuthProfile string
Issuer string
JWKSURL string
ClientID string
RequiredScope string
ScopesSupported []string
RequiredGroup string
RequiredGroups []string
GroupClaim string
AllowedSubjects map[string]struct{}
AllowedEmails map[string]struct{}
AllowedOrigins []string
AuthLeeway time.Duration
MaxRequestBytes int64
MaxBearerBytes int
UpstreamTimeout time.Duration
DCREnabled bool
CognitoDomainURL string
CognitoUserPoolID string
DCRAllowedRedirectURIs []string
DCRAllowedScopes []string
DCRIdentityProviders []string
DCRClientNamePrefix string
DCRAccessTokenMinutes int32
DCRClientCacheTTL time.Duration
}
func LoadConfig ¶
func (Config) AuthorizationServerURL ¶
func (Config) RequiredGroupLogValue ¶
func (Config) ResourceMetadataURL ¶
func (Config) ResourceURL ¶
func (Config) WWWAuthenticateChallenge ¶
type DCRClientRegistrationRequest ¶
type DCRClientRegistrationRequest struct {
RedirectURIs []string `json:"redirect_uris"`
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
GrantTypes []string `json:"grant_types"`
ResponseTypes []string `json:"response_types"`
ClientName string `json:"client_name"`
Scope string `json:"scope"`
}
type DCRClientRegistrationResponse ¶
type DCRClientRegistrationResponse struct {
ClientID string `json:"client_id"`
ClientIDIssuedAt int64 `json:"client_id_issued_at"`
RedirectURIs []string `json:"redirect_uris"`
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
GrantTypes []string `json:"grant_types"`
ResponseTypes []string `json:"response_types"`
ClientName string `json:"client_name,omitempty"`
Scope string `json:"scope"`
}
type DCRRegistrar ¶
type DCRRegistrar interface {
RegisterClient(ctx context.Context, req DCRClientRegistrationRequest) (DCRClientRegistrationResponse, error)
}
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func NewServer ¶
func NewServer(cfg Config, authorizer *Authorizer) *Server
func NewServerWithDCR ¶
func NewServerWithDCR(cfg Config, authorizer *Authorizer, registrar DCRRegistrar) *Server
Source Files
Click to show internal directories.
Click to hide internal directories.