extauthz

package

v0.11.2 Latest Latest Go to latest Published: Dec 18, 2025 License: Apache-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openkcm/extauthz

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Server
- func NewServer(opts ...ServerOption) (*Server, error)
type ServerOption

Constants ¶

View Source

const (
	HeaderForwardedClientCert = "x-forwarded-client-cert"
	HeaderAuthorization       = "authorization"
	HeaderCookie              = "cookie"
	HeaderCSRFToken           = "x-csrf-token"
	SessionCookiePrefix       = "__Host-Http-SESSION-"
	LogPrefixCheck            = "Check(): "
	LogPrefixClientCert       = "Client Certs: "
	LogPrefixBearerToken      = "Bearer Token: "
	LogPrefixSessionCookie    = "Session cookie: "
)

View Source

const (
	UNKNOWN checkResultCode = iota
	ALWAYS_ALLOWED
	ALLOWED
	DENIED
	UNAUTHENTICATED
)

View Source

const (
	DefaultCMKPathPrefix = "/cmk/v1/"
)

Variables ¶

View Source

var (
	ReExSubject        = regexp.MustCompile(`Subject="([^"]+)"`)
	ErrSubjectNotFound = errors.New("subject not found")
)

Functions ¶

This section is empty.

Types ¶

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

func NewServer ¶

func NewServer(opts ...ServerOption) (*Server, error)

NewServer creates a new server and applies the given options.

func (*Server) Check ¶

func (srv *Server) Check(ctx context.Context, req *envoy_auth.CheckRequest) (*envoy_auth.CheckResponse, error)

Check authorizes the request based on either client certificate, bearer token or session cookie.

func (*Server) Close ¶ added in v0.5.0

func (s *Server) Close() error

Close starts any internal processes required by the server.

func (*Server) Start ¶ added in v0.5.0

func (s *Server) Start() error

Start starts any internal processes required by the server.

type ServerOption ¶

type ServerOption func(*Server) error

ServerOption is used to configure a server.

func WithCSRFSecret ¶ added in v0.10.0

func WithCSRFSecret(secret []byte) ServerOption

func WithClientDataSigner ¶ added in v0.5.0

func WithClientDataSigner(cdp *clientdata.Signer) ServerOption

func WithFeatureGates ¶ added in v0.3.0

func WithFeatureGates(fg *commoncfg.FeatureGates) ServerOption

func WithOIDCHandler ¶ added in v0.5.0

func WithOIDCHandler(hdl oidcHandlerInterface) ServerOption

func WithPolicyEngine ¶

func WithPolicyEngine(pe policies.Engine) ServerOption

func WithSessionManager ¶ added in v0.9.8

func WithSessionManager(sessionManager sessionManagerInterface) ServerOption

func WithSessionPathPrefixes ¶ added in v0.9.8

func WithSessionPathPrefixes(sessionPathPrefixes []string) ServerOption

func WithTrustedSubjects ¶

func WithTrustedSubjects(m map[string]string) ServerOption

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL