Documentation
¶
Overview ¶
Package jwthandler implements JWT token handling in a multi-tenant environment. For this a Handler is created, which holds the Providers for validating tokens. You can either register providers in a static manner, or define them as JWTProvider definition in kubernetes.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidToken = errors.New("invalid token") ErrNoProvider = errors.New("no provider") )
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler tracks the set of identity providers to support multi tenancy.
func NewHandler ¶
func NewHandler(opts ...HandlerOption) (*Handler, error)
NewHandler creates a new handler and applies the given options.
func (*Handler) ParseAndValidate ¶
func (*Handler) ProviderFor ¶
ProviderFor returns the provider for the given issuer. It either looks up the provider in the internal cache or queries the k8s cluster for the provider.
func (*Handler) RegisterProvider ¶
RegisterProvider registers a provider with the handler.
type HandlerOption ¶
HandlerOption is used to configure a handler.
func WithK8sJWTProviders ¶
func WithK8sJWTProviders(enabled bool, crdAPIGroup, crdName, crdNamespace string) HandlerOption
WithK8sJWTProviders enables the use of k8s custom resource definitions for JWT providers.
func WithOperationMode ¶
func WithOperationMode(operationMode JWTOperationMode) HandlerOption
WithOperationMode configures the behavior of a certain provider.
func WithProvider ¶
func WithProvider(provider *Provider) HandlerOption
WithProvider registers the given provider.
func WithProviderCacheExpiration ¶
func WithProviderCacheExpiration(expiration, cleanup time.Duration) HandlerOption
WithProviderCacheExpiration configures the expiration of cached providers.
type JWTOperationMode ¶
type JWTOperationMode uint
const ( // operation modes to tweak the behavior of the handler to the related provider DefaultMode JWTOperationMode = iota SAPIAS )
type JWTProvider ¶
type JWTProvider struct {
Spec Spec `json:"spec"`
}
type JWTProviderResult ¶
type JWTProviderResult struct {
Items []JWTProvider `json:"items"`
}
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider represents a specific JWT provider.
func NewProvider ¶
NewProvider creates a new provider and applies the given options.
func (*Provider) SigningKeyFor ¶
func (provider *Provider) SigningKeyFor(ctx context.Context, keyID string) (*jose.JSONWebKey, error)
SigningKeyFor returns the key for the given key.
type ProviderOption ¶
ProviderOption is used to configure a provider.
func WithClient ¶
func WithClient(c *http.Client) ProviderOption
WithClient configures a dedicated http client.
func WithCustomJWKSURI ¶
func WithCustomJWKSURI(jwksURI *url.URL) ProviderOption
WithCustomJWKSURI configures a custom JWKS URI.
func WithIntrospectTokenURL ¶ added in v0.2.0
func WithIntrospectTokenURL(introspectURL *url.URL) ProviderOption
WithIntrospectTokenURL configures a token introspection endpoint.
func WithSigningKeyCacheExpiration ¶
func WithSigningKeyCacheExpiration(expiration, cleanup time.Duration) ProviderOption
WithSigningKeyCacheExpiration configures the expiration of cached signing keys. A cach miss will result in a new request to the JWKS URI.
func WithoutCache ¶
func WithoutCache() ProviderOption
type RemoteJWKS ¶
type RemoteJWKS struct {
URI string `json:"uri"`
}
Source Files