Documentation
¶
Overview ¶
Package server hosts the AuthKit management HTTP API — the wire contract that a standalone AuthKit server exposes and the authkit/remote SDK consumes (#142).
This is the FIRST slice: the Authorizer capability. The endpoints take an authkit.Authorizer (embedded.Client satisfies it, so does a remote-backed one), so the same handler works over the in-process engine. The full management API (all of authkit.Client) grows from here; the transport, auth seam, and error-identity round-trip are proven by this slice + remote's parity test.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAuthorizerHandler ¶
func NewAuthorizerHandler(authz authkit.Authorizer, token string) http.Handler
NewAuthorizerHandler serves the Authorizer slice of the management API over the given authorizer, gated by a static bearer token ("" disables the gate — dev only).
Types ¶
type BoolResponse ¶
type BoolResponse struct {
Allowed bool `json:"allowed"`
}
type CanRequest ¶
type CanRequest struct {
SubjectID string `json:"subject_id"`
SubjectKind string `json:"subject_kind"`
Persona string `json:"persona"`
InstanceSlug string `json:"instance_slug"`
Perm string `json:"perm"`
}
Wire DTOs (the management-API JSON contract; remote/ agrees on these field names).
type EffectivePermsRequest ¶
type ErrorResponse ¶
type ErrorResponse struct {
Error struct {
Code string `json:"code"`
} `json:"error"`
}
ErrorResponse is the wire error envelope. Code is the AuthKit sentinel's code (its .Error()), so remote can re-derive errors.Is(err, authkit.ErrX) identity.
type StringsResponse ¶
type StringsResponse struct {
Values []string `json:"values"`
}
type UserIDRequest ¶
type UserIDRequest struct {
UserID string `json:"user_id"`
}
Source Files