tokens

package
v0.5.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 5, 2026 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package tokens manages token authentication

Index

Constants

This section is empty.

Variables

AuthenticatedPrefixes are those URL path prefixes requiring authentication.

Functions

func ParseBearerToken added in v0.5.18

func ParseBearerToken(r *http.Request) (string, error)

ParseBearerToken parses an HTTP Authorization header with a bearer token. It returns an empty string and a nil error if there is no such header.

Types

type Authenticator added in v0.5.18

type Authenticator interface {
	Authenticate(w http.ResponseWriter, r *http.Request) (authz.Subject, error)
}

type JWTAuthenticator added in v0.5.18

type JWTAuthenticator struct {
	Client JWTAuthenticatorClient
}

JWTAuthenticator authenticates requests possessing a header with a JWT token (i.e. API requests).

func (*JWTAuthenticator) Authenticate added in v0.5.18

func (a *JWTAuthenticator) Authenticate(w http.ResponseWriter, r *http.Request) (authz.Subject, error)

type JWTAuthenticatorClient added in v0.5.18

type JWTAuthenticatorClient interface {
	GetSubject(ctx context.Context, token []byte) (authz.Subject, error)
}

type Middleware added in v0.5.18

type Middleware struct {
	Authenticators []Authenticator
	// contains filtered or unexported fields
}

func (*Middleware) Authenticate added in v0.5.18

func (m *Middleware) Authenticate(next http.Handler) http.Handler

Authenticate is middleware that verifies that all requests to protected endpoints possess a valid token.

Where authentication succeeds, the authenticated subject is attached to the request context and the upstream handler is called.

type Options

type Options struct {
	Logger logr.Logger
	Secret []byte
}

type Service added in v0.2.2

type Service struct {
	Middleware *Middleware
	// contains filtered or unexported fields
}

func NewService

func NewService(opts Options) (*Service, error)

func (Service) GetSubject added in v0.2.2

func (r Service) GetSubject(ctx context.Context, token []byte) (authz.Subject, error)

GetSubject retrieves the subject from a JWT.

func (Service) NewToken added in v0.2.2

func (f Service) NewToken(subjectID resource.TfeID, expiry *time.Time) ([]byte, error)

func (Service) RegisterKind added in v0.2.2

func (r Service) RegisterKind(k resource.Kind, fn SubjectGetter)

RegisterKind registers a kind of authentication token, providing a func that can retrieve the OTF subject indicated in the token.

type SubjectGetter added in v0.2.0

type SubjectGetter func(ctx context.Context, jwtSubject resource.TfeID) (authz.Subject, error)

SubjectGetter retrieves an OTF subject given the jwtSubject string, which is the value of the 'subject' field parsed from a JWT.

type TokensService

type TokensService = Service

Alias service to permit embedding it with other services in a struct without a name clash.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL