Documentation
¶
Index ¶
- func ExtractBearerToken(authHeader string) (string, error)
- func GenerateClientID() (string, error)
- func GenerateClientSecret() (string, error)
- func ValidateHTTPSRequest(r *http.Request, requireHTTPS bool) error
- type JWK
- type JWKS
- type JWKSClient
- type JWTValidator
- type PKCEValidator
- type WWWAuthenticateBuilder
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractBearerToken ¶
ExtractBearerToken extracts a Bearer token from an Authorisation header
func GenerateClientID ¶
GenerateClientID generates a unique client ID
func GenerateClientSecret ¶
GenerateClientSecret generates a cryptographically secure client secret
Types ¶
type JWK ¶
type JWK struct {
Kty string `json:"kty"` // Key type
Use string `json:"use"` // Key use
Kid string `json:"kid"` // Key ID
Alg string `json:"alg"` // Algorithm
N string `json:"n"` // RSA modulus
E string `json:"e"` // RSA exponent
}
JWK represents a JSON Web Key
type JWKSClient ¶
type JWKSClient struct {
// contains filtered or unexported fields
}
JWKSClient handles fetching and caching JWKS
func NewJWKSClient ¶
func NewJWKSClient(jwksURL string, logger *logrus.Logger) (*JWKSClient, error)
NewJWKSClient creates a new JWKS client
func (*JWKSClient) GetJWKS ¶
func (c *JWKSClient) GetJWKS(ctx context.Context) (*JWKS, error)
GetJWKS returns the full JWKS
func (*JWKSClient) InvalidateCache ¶
func (c *JWKSClient) InvalidateCache()
InvalidateCache invalidates the JWKS cache
type JWTValidator ¶
type JWTValidator struct {
// contains filtered or unexported fields
}
JWTValidator implements token validation for OAuth 2.1 JWT tokens
func NewJWTValidator ¶
func NewJWTValidator(config *types.OAuth2Config, logger *logrus.Logger) (*JWTValidator, error)
NewJWTValidator creates a new JWT token validator
func (*JWTValidator) GetJWKS ¶
func (v *JWTValidator) GetJWKS(ctx context.Context) (any, error)
GetJWKS returns the JWKS for this validator
func (*JWTValidator) ValidateToken ¶
func (v *JWTValidator) ValidateToken(ctx context.Context, tokenString string) (*types.TokenClaims, error)
ValidateToken validates an OAuth 2.1 JWT token
type PKCEValidator ¶
type PKCEValidator struct {
// contains filtered or unexported fields
}
PKCEValidator handles PKCE code challenge validation
func NewPKCEValidator ¶
func NewPKCEValidator(logger *logrus.Logger) *PKCEValidator
NewPKCEValidator creates a new PKCE validator
func (*PKCEValidator) GenerateChallenge ¶
func (p *PKCEValidator) GenerateChallenge(method string) (*types.PKCEChallenge, error)
GenerateChallenge generates a PKCE code challenge and verifier
func (*PKCEValidator) ValidateChallenge ¶
func (p *PKCEValidator) ValidateChallenge(challenge, method, verifier string) error
ValidateChallenge validates a PKCE code challenge against a verifier
type WWWAuthenticateBuilder ¶
type WWWAuthenticateBuilder struct {
// contains filtered or unexported fields
}
WWWAuthenticateBuilder builds WWW-Authenticate headers for 401 responses
func NewWWWAuthenticateBuilder ¶
func NewWWWAuthenticateBuilder(resourceMetadataURL string) *WWWAuthenticateBuilder
NewWWWAuthenticateBuilder creates a new WWW-Authenticate header builder
func (*WWWAuthenticateBuilder) Build ¶
func (w *WWWAuthenticateBuilder) Build(realm, error, errorDescription string) string
Build builds a WWW-Authenticate header value
Source Files