Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultErrorHandler ¶
func DefaultErrorHandler(w http.ResponseWriter, r *http.Request, err error)
DefaultErrorHandler responds with the error and HTTP status 401
Types ¶
type ContextKey ¶ added in v0.5.4
type ContextKey int
The ContextKey type is used as a key for library related values in the go context. See also TokenCtxKey
const (
TokenCtxKey ContextKey = 0
)
TokenCtxKey is the key that holds the authorization value (*OIDCClaims) in the request context
type ErrorHandler ¶ added in v0.5.2
type ErrorHandler func(w http.ResponseWriter, r *http.Request, err error)
ErrorHandler is the type for the Error Handler which is called on unsuccessful token validation and if the AuthenticationHandler middleware func is used
type Middleware ¶ added in v0.5.4
type Middleware struct {
// contains filtered or unexported fields
}
Middleware is the main entrypoint to the client library, instantiate with NewMiddleware. It holds information about the oAuth config and configured options. Use either the ready to use AuthenticationHandler as a middleware or implement your own middleware with the help of Authenticate.
func NewMiddleware ¶ added in v0.5.4
func NewMiddleware(oAuthConfig OAuthConfig, options Options) *Middleware
NewMiddleware instantiates a new Middleware with defaults for not provided Options.
func (*Middleware) Authenticate ¶ added in v0.5.4
func (m *Middleware) Authenticate(r *http.Request) (Token, error)
Authenticate authenticates a request and returns the Token if validation was successful, otherwise error is returned
func (*Middleware) AuthenticationHandler ¶ added in v0.5.4
func (m *Middleware) AuthenticationHandler(next http.Handler) http.Handler
AuthenticationHandler authenticates a request and injects the claims into the request context. If the authentication (see Authenticate) does not succeed, the specified error handler (see Options.ErrorHandler) will be called and the current request will stop.
func (*Middleware) ClearCache ¶ added in v0.5.4
func (m *Middleware) ClearCache()
ClearCache clears the entire storage of cached oidc tenants including their JWKs
type OAuthConfig ¶
type OAuthConfig interface {
GetClientID() string // Returns the client id of the oAuth client.
GetClientSecret() string // Returns the client secret. Optional
GetURL() string // Returns the url to the Identity tenant. E.g. https://abcdefgh.accounts.ondemand.com
GetDomains() []string // Returns the domains of the Identity service. E.g. ["accounts.ondemand.com"]
GetZoneUUID() uuid.UUID // Returns the zone uuid. Optional
GetProofTokenURL() string // Returns the proof token url. Optional
GetCertificate() string // Returns the client certificate. Optional
GetKey() string // Returns the client certificate key. Optional
GetCertificateExpiresAt() string // Returns the client certificate expiration time. Optional
}
OAuthConfig interface has to be implemented to instantiate NewMiddleware. For IAS the standard implementation IASConfig from ../env/iasConfig.go package can be used.
type Options ¶
type Options struct {
ErrorHandler ErrorHandler // ErrorHandler called if the jwt verification fails and the AuthenticationHandler middleware func is used. Default: DefaultErrorHandler
HTTPClient *http.Client // HTTPClient which is used for OIDC discovery and to retrieve JWKs (JSON Web Keys). Default: basic http.Client with a timeout of 15 seconds
}
Options can be used as a argument to instantiate a AuthMiddle with NewMiddleware.
type Token ¶ added in v0.8.0
type Token interface {
TokenValue() string // TokenValue returns encoded token string
Audience() []string // Audience returns "aud" claim, if it doesn't exist empty string is returned
Expiration() time.Time // Expiration returns "exp" claim, if it doesn't exist empty string is returned
IsExpired() bool // IsExpired returns true, if 'exp' claim + leeway time of 1 minute is before current time
IssuedAt() time.Time // IssuedAt returns "iat" claim, if it doesn't exist empty string is returned
Issuer() string // Issuer returns "iss" claim, if it doesn't exist empty string is returned
IasIssuer() string // IasIssuer returns "ias_iss" claim, if it doesn't exist empty string is returned
NotBefore() time.Time // NotBefore returns "nbf" claim, if it doesn't exist empty string is returned
Subject() string // Subject returns "sub" claim, if it doesn't exist empty string is returned
GivenName() string // GivenName returns "given_name" claim, if it doesn't exist empty string is returned
FamilyName() string // FamilyName returns "family_name" claim, if it doesn't exist empty string is returned
Email() string // Email returns "email" claim, if it doesn't exist empty string is returned
ZoneID() string // ZoneID returns "zone_uuid" claim, if it doesn't exist empty string is returned
UserUUID() string // UserUUID returns "user_uuid" claim, if it doesn't exist empty string is returned
GetClaimAsString(claim string) (string, error) // GetClaimAsString returns a custom claim type asserted as string. Returns error if the claim is not available or not a string.
GetClaimAsStringSlice(claim string) ([]string, error) // GetClaimAsStringSlice returns a custom claim type asserted as string slice. The claim name is case sensitive. Returns error if the claim is not available or not an array
GetAllClaimsAsMap() map[string]interface{} // GetAllClaimsAsMap returns a map of all claims contained in the token. The claim name is case sensitive. Includes also custom claims
// contains filtered or unexported methods
}
Token is the public API to access claims of the token
func NewToken ¶ added in v0.8.1
NewToken creates a Token from an encoded jwt. !!! WARNING !!! No validation done when creating a Token this way. Use only in tests!
func TokenFromCtx ¶ added in v0.8.0
TokenFromCtx retrieves the claims of a request which have been injected before via the auth middleware
Source Files