Documentation
¶
Overview ¶
Package token wraps jwt-go library and provides higher level abstraction to work with JWT.
Index ¶
- func HashID(h hash.Hash, val string) string
- func SetUserInfo(r *http.Request, user User) *http.Request
- type AllowedHosts
- type AllowedHostsFunc
- type Audience
- type AudienceFunc
- type AuthProvider
- type Claims
- type ClaimsUpdFunc
- type ClaimsUpdater
- type Handshake
- type Opts
- type Secret
- type SecretFunc
- type Service
- func (j *Service) Get(r *http.Request) (Claims, string, error)
- func (j *Service) IsExpired(claims Claims) bool
- func (j *Service) Parse(tokenString string) (Claims, error)
- func (j *Service) Reset(w http.ResponseWriter)
- func (j *Service) Set(w http.ResponseWriter, claims Claims) (Claims, error)
- func (j *Service) Token(claims Claims) (string, error)
- type User
- func (u *User) BoolAttr(key string) bool
- func (u *User) GetRole() string
- func (u *User) IsAdmin() bool
- func (u *User) IsPaidSub() bool
- func (u *User) SetAdmin(val bool)
- func (u *User) SetBoolAttr(key string, val bool)
- func (u *User) SetPaidSub(val bool)
- func (u *User) SetRole(role string)
- func (u *User) SetSliceAttr(key string, val []string)
- func (u *User) SetStrAttr(key, val string)
- func (u *User) SliceAttr(key string) []string
- func (u *User) StrAttr(key string) string
- type Validator
- type ValidatorFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AllowedHosts ¶ added in v2.1.2
AllowedHosts defines interface returning list of hostnames allowed in the "from" redirect parameter of OAuth and verify flows. The service's own host (derived from Opts.URL) is always allowed implicitly; this list is for additional hosts.
type AllowedHostsFunc ¶ added in v2.1.2
AllowedHostsFunc adapter to allow ordinary functions to be used as AllowedHosts. Assigning a nil AllowedHostsFunc to an interface field (e.g. Opts.AllowedRedirectHosts) produces a typed-nil interface that would panic when Get is called; the provider-side validator recognizes this form and treats it as "no allowlist configured".
func (AllowedHostsFunc) Get ¶ added in v2.1.2
func (f AllowedHostsFunc) Get() ([]string, error)
Get calls f()
type AudienceFunc ¶
AudienceFunc type is an adapter to allow the use of ordinary functions as Audience.
type AuthProvider ¶ added in v2.1.0
type AuthProvider struct {
Name string `json:"name,omitempty"`
}
AuthProvider stores attributes of provider which has created a JWT token
type Claims ¶
type Claims struct {
jwt.RegisteredClaims
User *User `json:"user,omitempty"` // user info
SessionOnly bool `json:"sess_only,omitempty"`
Handshake *Handshake `json:"handshake,omitempty"` // used for oauth handshake
NoAva bool `json:"no-ava,omitempty"` // disable avatar, always use identicon
AuthProvider *AuthProvider `json:"auth_provider,omitempty"` // auth provider info
}
Claims stores user info for token and state & from from login
type ClaimsUpdFunc ¶
ClaimsUpdFunc type is an adapter to allow the use of ordinary functions as ClaimsUpdater. If f is a function with the appropriate signature, ClaimsUpdFunc(f) is a Handler that calls f.
func (ClaimsUpdFunc) Update ¶
func (f ClaimsUpdFunc) Update(claims Claims) Claims
Update calls f(id)
type ClaimsUpdater ¶
ClaimsUpdater defines interface adding extras to claims
type Handshake ¶
type Handshake struct {
State string `json:"state,omitempty"`
From string `json:"from,omitempty"`
ID string `json:"id,omitempty"`
}
Handshake used for oauth handshake
type Opts ¶
type Opts struct {
SecretReader Secret
ClaimsUpd ClaimsUpdater
SecureCookies bool
TokenDuration time.Duration
CookieDuration time.Duration
DisableXSRF bool
DisableIAT bool // disable IssuedAt claim
// optional (custom) names for cookies and headers
JWTCookieName string
JWTCookieDomain string
JWTHeaderKey string
XSRFCookieName string
XSRFHeaderKey string
XSRFIgnoreMethods []string
JWTQuery string
AudienceReader Audience // allowed aud values
Issuer string // optional value for iss claim, usually application name
AudSecrets bool // uses different secret for differed auds. important: adds pre-parsing of unverified token
SendJWTHeader bool // if enabled send JWT as a header instead of cookie
SameSite http.SameSite // define a cookie attribute making it impossible for the browser to send this cookie cross-site
}
Opts holds constructor params
type Secret ¶
type Secret interface {
Get(aud string) (string, error) // aud matching is optional. Implementation may decide if supported or ignored
}
Secret defines interface returning secret key for given id (aud)
type SecretFunc ¶
SecretFunc type is an adapter to allow the use of ordinary functions as Secret. If f is a function with the appropriate signature, SecretFunc(f) is a Handler that calls f.
type Service ¶
type Service struct {
Opts
}
Service wraps jwt operations supports both header and cookie tokens
func (*Service) Get ¶
Get token from url, header or cookie if cookie used, verify xsrf token to match
type User ¶
type User struct {
// set by service
Name string `json:"name"`
ID string `json:"id"`
Picture string `json:"picture"`
Audience string `json:"aud,omitempty"`
// set by client
IP string `json:"ip,omitempty"`
Email string `json:"email,omitempty"`
Attributes map[string]interface{} `json:"attrs,omitempty"`
Role string `json:"role,omitempty"`
}
User is the basic part of oauth data provided by service
func GetUserInfo ¶
GetUserInfo returns user info from request context
func MustGetUserInfo ¶
MustGetUserInfo gets user info and panics if can't extract it from the request. should be called from authenticated controllers only
func (*User) SetBoolAttr ¶
SetBoolAttr sets boolean attribute
func (*User) SetPaidSub ¶
SetPaidSub is a shortcut to set "paidSubscriberAttr" attribute
func (*User) SetSliceAttr ¶
SetSliceAttr sets slice attribute for given key
func (*User) SetStrAttr ¶
SetStrAttr sets string attribute
type Validator ¶
Validator defines interface to accept o reject claims with consumer defined logic It works with valid token and allows to reject some, based on token match or user's fields
type ValidatorFunc ¶
ValidatorFunc type is an adapter to allow the use of ordinary functions as Validator. If f is a function with the appropriate signature, ValidatorFunc(f) is a Validator that calls f.
Source Files