auth

package
v0.3.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ContextUsernameKey contextKey = "username"
	ContextJWTTokenKey contextKey = "jwt_token"

	// DefaultJWTIdentityClaim is used when server.jwt.identity_claim is unset.
	DefaultJWTIdentityClaim = "email"
)

Variables

This section is empty.

Functions

func CallerIdentityFromRequest added in v0.3.0 

func CallerIdentityFromRequest(ctx context.Context, r *http.Request, cfg CallerIdentityConfig) (string, error)

CallerIdentityFromRequest resolves the caller identity with header-primary precedence. When the identity header is configured and present, it overrides the JWT claim. Both header and JWT identity values are normalized: trimmed, length-checked, and validated for control characters before being accepted.

func GetIdentityFromContext added in v0.3.0 

func GetIdentityFromContext(ctx context.Context, identityClaim string) (string, error)

GetIdentityFromContext returns the configured JWT claim value used as the request identity.

func GetJWTTokenFromContext added in v0.3.0 

func GetJWTTokenFromContext(ctx context.Context) *jwt.Token

func GetUsernameFromContext 

func GetUsernameFromContext(ctx context.Context) string

func SetJWTTokenContext added in v0.3.0 

func SetJWTTokenContext(ctx context.Context, token *jwt.Token) context.Context

func SetUsernameContext 

func SetUsernameContext(ctx context.Context, username string) context.Context

Types

type CallerIdentityConfig added in v0.3.0 

type CallerIdentityConfig struct {
	JWTIdentityClaim string
	HeaderName       string
}

CallerIdentityConfig controls how the caller identity is resolved for audit fields. Identity resolution is enabled by setting the relevant fields:

  • HeaderName: when non-empty, the named HTTP header is checked first
  • JWTIdentityClaim: when non-empty, the JWT claim is used as fallback (or primary when no header is configured)

type CallerIdentityMiddleware added in v0.3.0 

type CallerIdentityMiddleware interface {
	ResolveCallerIdentity(next http.Handler) http.Handler
}

CallerIdentityMiddleware resolves and attaches the caller identity used for audit fields.

func NewCallerIdentityMiddleware added in v0.3.0 

func NewCallerIdentityMiddleware(cfg CallerIdentityConfig) (CallerIdentityMiddleware, error)

type JWTHandler added in v0.3.0 

type JWTHandler struct {
	// contains filtered or unexported fields
}

JWTHandler validates JWT tokens on incoming requests. Call Close() during shutdown to stop the background JWKS refresh goroutine.

func NewJWTHandler added in v0.3.0 

func NewJWTHandler(ctx context.Context, cfg JWTHandlerConfig) (*JWTHandler, error)

func (*JWTHandler) Close added in v0.3.0 

func (h *JWTHandler) Close()

func (*JWTHandler) ServeHTTP added in v0.3.0 

func (h *JWTHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type JWTHandlerConfig added in v0.3.0 

type JWTHandlerConfig struct {
	Next        http.Handler
	KeysFile    string
	KeysURL     string
	IssuerURL   string
	Audience    string
	PublicPaths []string
}

type Payload 

type Payload struct {
	Username  string `json:"username"`
	FirstName string `json:"first_name"`
	LastName  string `json:"last_name"`
	Email     string `json:"email"`
	Issuer    string `json:"iss"`
	ClientID  string `json:"clientId"`
}

Payload defines the structure of the JWT payload we expect

func GetAuthPayload 

func GetAuthPayload(r *http.Request) (*Payload, error)

func GetAuthPayloadFromContext 

func GetAuthPayloadFromContext(ctx context.Context) (*Payload, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.