Documentation
¶
Overview ¶
Package auth provides a way to encode, decode, and verify client data using signatures. The data and the signature is base64 URL encoded and passed as HTTP headers. This comprises information like: - the client subject (e.g. from a JWT token or an x509 client certificate) - the client type (e.g. user or technical user) - the client email - the client region (e.g. x509 client certificates representing a remote service) At the gateway, the client data is encoded and signed using a private key. Consuming services can decode the client data and verify the signature using a public key.
Index ¶
Constants ¶
View Source
const ( HeaderClientData = "x-client-data" HeaderClientDataSignature = "x-client-data-signature" )
Variables ¶
View Source
var ( ErrInvalidClientDataSignatureAlgorithm = errors.New("invalid client data signature algorithm") ErrInvalidClientDataSignature = errors.New("invalid client data signature") ErrInvalidClientData = errors.New("invalid client data") ErrInvalidPrivateKey = errors.New("invalid private key") ErrInvalidPublicKey = errors.New("invalid public key") )
Functions ¶
This section is empty.
Types ¶
type ClientData ¶
type ClientData struct {
Subject string `json:"sub"`
Type string `json:"type"`
Email string `json:"mail"`
Region string `json:"reg"`
SignatureAlgorithm SignatureAlgorithm `json:"alg"`
// contains filtered or unexported fields
}
func DecodeFrom ¶
func DecodeFrom(b64data string) (*ClientData, error)
DecodeFrom decodes the base64 URL encoded client data and unmarshals it into a ClientData struct.
type SignatureAlgorithm ¶
type SignatureAlgorithm string
const (
SignatureAlgorithmRS256 SignatureAlgorithm = "RS256"
)
Source Files
Click to show internal directories.
Click to hide internal directories.