jwthandler

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package jwthandler implements JWT token handling in a multi-tenant environment. For this a Handler is created, which holds the Providers for validating tokens. You can either register providers in a static manner, or define them as JWTProvider definition in kubernetes.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidToken = errors.New("invalid token")
	ErrNoProvider   = errors.New("no provider")
)

Functions

This section is empty.

Types

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler tracks the set of identity providers to support multi tenancy.

func NewHandler

func NewHandler(opts ...HandlerOption) (*Handler, error)

NewHandler creates a new handler and applies the given options.

func (*Handler) ParseAndValidate

func (handler *Handler) ParseAndValidate(ctx context.Context, rawToken string, userclaims any, allowIntrospectCache bool) error

func (*Handler) ProviderFor

func (handler *Handler) ProviderFor(issuer string) (*Provider, error)

ProviderFor returns the provider for the given issuer. It either looks up the provider in the internal cache or queries the k8s cluster for the provider.

func (*Handler) RegisterProvider

func (handler *Handler) RegisterProvider(provider *Provider)

RegisterProvider registers a provider with the handler.

type HandlerOption

type HandlerOption func(*Handler) error

HandlerOption is used to configure a handler.

func WithK8sJWTProviders

func WithK8sJWTProviders(enabled bool, crdAPIGroup, crdName, crdNamespace string) HandlerOption

WithK8sJWTProviders enables the use of k8s custom resource definitions for JWT providers.

func WithOperationMode

func WithOperationMode(operationMode JWTOperationMode) HandlerOption

WithOperationMode configures the behavior of a certain provider.

func WithProvider

func WithProvider(provider *Provider) HandlerOption

WithProvider registers the given provider.

func WithProviderCacheExpiration

func WithProviderCacheExpiration(expiration, cleanup time.Duration) HandlerOption

WithProviderCacheExpiration configures the expiration of cached providers.

type JWTOperationMode

type JWTOperationMode uint
const (
	// operation modes to tweak the behavior of the handler to the related provider
	DefaultMode JWTOperationMode = iota
	SAPIAS
)

type JWTProvider

type JWTProvider struct {
	Spec Spec `json:"spec"`
}

type JWTProviderResult

type JWTProviderResult struct {
	Items []JWTProvider `json:"items"`
}

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

Provider represents a specific JWT provider.

func NewProvider

func NewProvider(issuerURL *url.URL, audiences []string, opts ...ProviderOption) (*Provider, error)

NewProvider creates a new provider and applies the given options.

func (*Provider) SigningKeyFor

func (provider *Provider) SigningKeyFor(ctx context.Context, keyID string) (*jose.JSONWebKey, error)

SigningKeyFor returns the key for the given key.

type ProviderOption

type ProviderOption func(*Provider) error

ProviderOption is used to configure a provider.

func WithClient

func WithClient(c *http.Client) ProviderOption

WithClient configures a dedicated http client.

func WithCustomJWKSURI

func WithCustomJWKSURI(jwksURI *url.URL) ProviderOption

WithCustomJWKSURI configures a custom JWKS URI.

func WithIntrospectTokenURL added in v0.2.0

func WithIntrospectTokenURL(introspectURL *url.URL) ProviderOption

WithIntrospectTokenURL configures a token introspection endpoint.

func WithSigningKeyCacheExpiration

func WithSigningKeyCacheExpiration(expiration, cleanup time.Duration) ProviderOption

WithSigningKeyCacheExpiration configures the expiration of cached signing keys. A cach miss will result in a new request to the JWKS URI.

func WithoutCache

func WithoutCache() ProviderOption

type RemoteJWKS

type RemoteJWKS struct {
	URI string `json:"uri"`
}

type Spec

type Spec struct {
	Name       string     `json:"name"`
	Issuer     string     `json:"issuer"`
	Audiences  []string   `json:"audiences,omitempty"`
	RemoteJwks RemoteJWKS `json:"remoteJwks,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL