Documentation
¶
Overview ¶
Package credential provides interfaces and implementations for credential management.
Package credential provides interfaces and implementations for credential management.
Package credential provides interfaces and implementations for credential management.
Index ¶
- Constants
- func ExtractFromRequest(ctx context.Context, request securityifaces.Request) (securityifaces.Credential, error)
- func ExtractFromTransport(tr transport.Transporter) (securityifaces.Credential, error)
- func NewCredential(credentialType string, rawCredential string, payload proto.Message, ...) (securityifaces.Credential, error)
- func NewCredentialResponse(crType string, payload *securityv1.Payload, meta map[string][]string) securityifaces.CredentialResponse
- func NewEmptyCredential() securityifaces.Credential
- func PayloadAPIKeyCredential(cred securityifaces.Credential) (*apikeyv1.KeyCredential, error)
- func PayloadBearerCredential(cred securityifaces.Credential) (*securityv1.BearerCredential, error)
- func PayloadOIDCCredential(cred securityifaces.Credential) (*oidcv1.OidcCredential, error)
- type Creator
- type Revoker
Constants ¶
const ( // BearerCredentialType represents the type for bearer tokens (e.g., JWT). BearerCredentialType = "jwt" // OIDCCredentialType represents the type for OpenID Connect (OIDC) tokens. OIDCCredentialType = "oidc" // APIKeyCredentialType represents the type for API keys. APIKeyCredentialType = "api_key" )
const (
// AuthorizationHeader is the canonical header name for authorization.
AuthorizationHeader = "Authorization"
)
Variables ¶
This section is empty.
Functions ¶
func ExtractFromRequest ¶
func ExtractFromRequest(ctx context.Context, request securityifaces.Request) (securityifaces.Credential, error)
ExtractFromRequest extracts a security.Credential from a security.Request. It is responsible for all extraction and parsing logic, preparing all necessary components and then calling the pure NewCredential constructor.
func ExtractFromTransport ¶
func ExtractFromTransport(tr transport.Transporter) (securityifaces.Credential, error)
ExtractFromTransport extracts a security.Credential from a Kratos transport.Transporter. It handles both HTTP and gRPC transports uniformly via the transport.Transporter interface.
func NewCredential ¶
func NewCredential( credentialType string, rawCredential string, payload proto.Message, meta map[string][]string, ) (securityifaces.Credential, error)
NewCredential is a pure constructor for creating a new Credential instance. It receives the final, prepared components in Go-idiomatic types.
func NewCredentialResponse ¶
func NewCredentialResponse( crType string, payload *securityv1.Payload, meta map[string][]string, ) securityifaces.CredentialResponse
NewCredentialResponse creates a CredentialResponse instance. It receives the final, prepared components in Go-idiomatic types.
func NewEmptyCredential ¶
func NewEmptyCredential() securityifaces.Credential
NewEmptyCredential creates and returns an empty, unauthenticated credential.
func PayloadAPIKeyCredential ¶
func PayloadAPIKeyCredential(cred securityifaces.Credential) (*apikeyv1.KeyCredential, error)
func PayloadBearerCredential ¶
func PayloadBearerCredential(cred securityifaces.Credential) (*securityv1.BearerCredential, error)
func PayloadOIDCCredential ¶
func PayloadOIDCCredential(cred securityifaces.Credential) (*oidcv1.OidcCredential, error)
Types ¶
type Creator ¶
type Creator interface {
// CreateCredential issues a new credential for the given principal and returns
// a standard, serializable Credential.
CreateCredential(ctx context.Context, p security.Principal) (security.CredentialResponse, error)
}
Creator defines the contract for issuing new credentials.
type Revoker ¶
type Revoker interface {
// Revoke invalidates the given credential, making it unusable for future authentication.
// Implementations should parse the provided Credential object to extract the necessary
// information (e.g., a token ID) to perform the revocation, for instance, by adding it
// to a denylist.
Revoke(ctx context.Context, cred security.Credential) error
}
Revoker is responsible for invalidating or revoking previously issued credentials. This is typically used for logout, forced sign-out, or security-related credential invalidation.
Source Files