Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidToken = errors.New("invalid token")
The error that a TokenVerifier should return if the token cannot be verified.
var ErrOAuth = errors.New("oauth error")
The error that a TokenVerifier should return for OAuth-specific protocol errors.
Functions ¶
func RequireBearerToken ¶
func RequireBearerToken(verifier TokenVerifier, opts *RequireBearerTokenOptions) func(http.Handler) http.Handler
RequireBearerToken returns a piece of middleware that verifies a bearer token using the verifier. If verification succeeds, the TokenInfo is added to the request's context and the request proceeds. If verification fails, the request fails with a 401 Unauthenticated, and the WWW-Authenticate header is populated to enable protected resource metadata.
Types ¶
type RequireBearerTokenOptions ¶
type RequireBearerTokenOptions struct {
// The URL for the resource server metadata OAuth flow, to be returned as part
// of the WWW-Authenticate header.
ResourceMetadataURL string
// The required scopes.
Scopes []string
}
RequireBearerTokenOptions are options for RequireBearerToken.
type TokenInfo ¶
type TokenInfo struct {
Scopes []string
Expiration time.Time
// TODO: add standard JWT fields
Extra map[string]any
}
TokenInfo holds information from a bearer token.
type TokenVerifier ¶
A TokenVerifier checks the validity of a bearer token, and extracts information from it. If verification fails, it should return an error that unwraps to ErrInvalidToken. The HTTP request is provided in case verifying the token involves checking it.
Source Files