Documentation
¶
Overview ¶
Package credential provides interfaces and implementations for credential management.
Package credential provides interfaces and implementations for credential management.
Package credential provides interfaces and implementations for credential management.
Package credential provides interfaces and implementations for credential management.
Index ¶
- Constants
- func ExtractFromRequest(ctx context.Context, request securityifaces.Request) (securityifaces.Credential, error)
- func ExtractFromTransport(tr transport.Transporter) (securityifaces.Credential, error)
- func NewCredential(credentialType string, rawCredential string, payload proto.Message, ...) (securityifaces.Credential, error)
- func NewCredentialResponse(crType string, payload *securityv1.Payload, meta map[string][]string) securityifaces.CredentialResponse
- func NewEmptyCredential() securityifaces.Credential
- func PayloadAPIKeyCredential(cred securityifaces.Credential) (*apikeyv1.KeyCredential, error)
- func PayloadBearerCredential(cred securityifaces.Credential) (*securityv1.BearerCredential, error)
- func PayloadOIDCCredential(cred securityifaces.Credential) (*oidcv1.OidcCredential, error)
- type Creator
- type Refresher
- type Revoker
Constants ¶
const ( // BearerCredentialType represents the type for bearer tokens (e.g., JWT). BearerCredentialType = "jwt" // OIDCCredentialType represents the type for OpenID Connect (OIDC) tokens. OIDCCredentialType = "oidc" // APIKeyCredentialType represents the type for API keys. APIKeyCredentialType = "api_key" )
const (
// AuthorizationHeader is the canonical header name for authorization.
AuthorizationHeader = "Authorization"
)
Variables ¶
This section is empty.
Functions ¶
func ExtractFromRequest ¶
func ExtractFromRequest(ctx context.Context, request securityifaces.Request) (securityifaces.Credential, error)
ExtractFromRequest extracts a security.Credential from a security.Request. It is responsible for all extraction and parsing logic, preparing all necessary components and then calling the pure NewCredential constructor.
func ExtractFromTransport ¶
func ExtractFromTransport(tr transport.Transporter) (securityifaces.Credential, error)
ExtractFromTransport extracts a security.Credential from a Kratos transport.Transporter. It handles both HTTP and gRPC transports uniformly via the transport.Transporter interface.
func NewCredential ¶
func NewCredential( credentialType string, rawCredential string, payload proto.Message, meta map[string][]string, ) (securityifaces.Credential, error)
NewCredential is a pure constructor for creating a new Credential instance. It receives the final, prepared components in Go-idiomatic types.
func NewCredentialResponse ¶
func NewCredentialResponse( crType string, payload *securityv1.Payload, meta map[string][]string, ) securityifaces.CredentialResponse
NewCredentialResponse creates a CredentialResponse instance. It receives the final, prepared components in Go-idiomatic types.
func NewEmptyCredential ¶
func NewEmptyCredential() securityifaces.Credential
NewEmptyCredential creates and returns an empty, unauthenticated credential.
func PayloadAPIKeyCredential ¶
func PayloadAPIKeyCredential(cred securityifaces.Credential) (*apikeyv1.KeyCredential, error)
func PayloadBearerCredential ¶
func PayloadBearerCredential(cred securityifaces.Credential) (*securityv1.BearerCredential, error)
func PayloadOIDCCredential ¶
func PayloadOIDCCredential(cred securityifaces.Credential) (*oidcv1.OidcCredential, error)
Types ¶
type Creator ¶
type Creator interface {
// CreateCredential issues a new credential for the given principal and returns
// a standard, serializable Credential.
CreateCredential(ctx context.Context, p security.Principal) (security.CredentialResponse, error)
}
Creator defines the contract for issuing new credentials.
type Refresher ¶ added in v1.3.0
type Refresher interface {
// RefreshCredential issues a new credential based on a valid refresh token.
RefreshCredential(ctx context.Context, refreshToken string) (security.CredentialResponse, error)
}
Refresher defines the contract for refreshing credentials.
type Revoker ¶
type Revoker interface {
// Revoke invalidates the given credential, making it unusable for future authentication.
// Implementations should parse the provided Credential object to extract the necessary
// information (e.g., a token ID) to perform the revocation, for instance, by adding it
// to a denylist.
Revoke(ctx context.Context, cred security.Credential) error
}
Revoker is responsible for invalidating or revoking previously issued credentials. This is typically used for logout, forced sign-out, or security-related credential invalidation.
Source Files