auth

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2020 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultErrorHandler 

func DefaultErrorHandler(w http.ResponseWriter, r *http.Request, err error)

DefaultErrorHandler responds with the error and HTTP status 401

Types

type AuthMiddleware 

type AuthMiddleware struct {
	// contains filtered or unexported fields
}

AuthMiddleware is the main entrypoint to the client library, instantiate with NewAuthMiddleware. It holds information about the oAuth config and configured options. Use either the ready to use Handler as a middleware or implement your own middleware with the help or Authenticate.

func NewAuthMiddleware 

func NewAuthMiddleware(oAuthConfig OAuthConfig, options Options) *AuthMiddleware

NewAuthMiddleware instantiates a new AuthMiddleware with defaults for not provided Options.

func (*AuthMiddleware) Authenticate 

func (m *AuthMiddleware) Authenticate(r *http.Request) (*OIDCClaims, error)

Authenticate authenticates a request and returns the Claims if successful, otherwise error

func (*AuthMiddleware) ClearCache 

func (m *AuthMiddleware) ClearCache()

ClearCache clears the entire storage of cached oidc tenants including their JWKs

func (*AuthMiddleware) Handler 

func (m *AuthMiddleware) Handler(next http.Handler) http.Handler

Handler implements a middleware func which takes a http.Handler and

type ErrorHandler added in v0.5.2 

type ErrorHandler func(w http.ResponseWriter, r *http.Request, err error)

ErrorHandler is the type for the Error Handler which is called on unsuccessful token validation and if the Handler middleware func is used

type MockConfig 

type MockConfig struct {
	ClientID     string
	ClientSecret string
	URL          string
	Domain       string
}

MockConfig represents the credentials to the mock server

func (MockConfig) GetClientID 

func (c MockConfig) GetClientID() string

GetClientID implements the auth.OAuthConfig interface.

func (MockConfig) GetClientSecret 

func (c MockConfig) GetClientSecret() string

GetClientSecret implements the auth.OAuthConfig interface.

func (MockConfig) GetDomain 

func (c MockConfig) GetDomain() string

GetDomain implements the auth.OAuthConfig interface.

func (MockConfig) GetURL 

func (c MockConfig) GetURL() string

GetURL implements the auth.OAuthConfig interface.

type MockServer 

type MockServer struct {
	Server              *httptest.Server // Server holds the httptest.Server and its Client.
	Config              *MockConfig      // Config holds the OIDC config which applications bind to the application.
	RSAKey              *rsa.PrivateKey  // RSAKey holds the servers private key to sign tokens.
	WellKnownHitCounter int              // JWKsHitCounter holds the number of requests to the WellKnownHandler.
	JWKsHitCounter      int              // JWKsHitCounter holds the number of requests to the JWKsHandler.
}

MockServer serves as a single tenant OIDC mock server for tests. Requests to the MockServer must be done by the mockServers client: MockServer.Server.Client()

func NewOIDCMockServer 

func NewOIDCMockServer() (*MockServer, error)

NewOIDCMockServer instantiates a new MockServer.

func (*MockServer) ClearAllHitCounters 

func (m *MockServer) ClearAllHitCounters()

ClearAllHitCounters resets all http handlers hit counters. See MockServer.WellKnownHitCounter and MockServer.JWKsHitCounter

func (*MockServer) DefaultClaims 

func (m *MockServer) DefaultClaims() OIDCClaims

DefaultClaims returns OIDCClaims with mock server specific default values for standard OIDC claims.

func (*MockServer) DefaultHeaders 

func (m *MockServer) DefaultHeaders() map[string]interface{}

DefaultHeaders returns JWT headers with mock server specific default values.

func (*MockServer) JWKsHandler 

func (m *MockServer) JWKsHandler(w http.ResponseWriter, _ *http.Request)

JWKsHandler is the http handler which answers requests to the mock servers OIDC discovery endpoint.

func (*MockServer) SignToken 

func (m *MockServer) SignToken(claims OIDCClaims, header map[string]interface{}) (string, error)

SignToken signs the provided OIDCClaims and header fields into a base64 encoded JWT token signed by the MockServer.

func (*MockServer) SignTokenWithAdditionalClaims 

func (m *MockServer) SignTokenWithAdditionalClaims(claims OIDCClaims, additionalClaims map[string]interface{}, header map[string]interface{}) (string, error)

SignTokenWithAdditionalClaims signs the token with additional non-standard oidc claims. additionalClaims must not contain any oidc standard claims or duplicates. See also: SignToken

func (*MockServer) WellKnownHandler 

func (m *MockServer) WellKnownHandler(w http.ResponseWriter, _ *http.Request)

WellKnownHandler is the http handler which answers requests to the mock servers OIDC discovery endpoint.

type OAuthConfig 

type OAuthConfig interface {
	GetClientID() string
	GetClientSecret() string
	GetURL() string
	GetDomain() string
}

OAuthConfig interface has to be implemented to instantiate NewAuthMiddleware. For IAS the standard implementation IASConfig from ../env/iasConfig.go package can be used.

type OIDCClaims 

type OIDCClaims struct {
	jwtgo.StandardClaims
	GivenName  string `json:"given_name,omitempty"`
	FamilyName string `json:"family_name,omitempty"`
	Email      string `json:"email,omitempty"`
	ZoneID     string `json:"zone_uuid,omitempty"`
	UserUUID   string `json:"user_uuid,omitempty"`
	// contains filtered or unexported fields
}

OIDCClaims represents all claims that the JWT holds

func (OIDCClaims) GetClaimAsString 

func (c OIDCClaims) GetClaimAsString(claim string) (string, error)

GetClaimAsString returns a custom claim type asserted as string. The claim name is case sensitive. Returns error if the claim is not available or not a string.

func (OIDCClaims) GetClaimAsStringSlice 

func (c OIDCClaims) GetClaimAsStringSlice(claim string) ([]string, error)

GetClaimAsStringSlice returns a custom claim type asserted as string slice. The claim name is case sensitive. Returns error if the claim is not available or not an array.

type OIDCClaimsBuilder 

type OIDCClaimsBuilder struct {
	// contains filtered or unexported fields
}

OIDCClaimsBuilder can construct token claims for test cases

func NewOIDCClaimsBuilder 

func NewOIDCClaimsBuilder(base OIDCClaims) *OIDCClaimsBuilder

NewOIDCClaimsBuilder instantiates a new OIDCClaimsBuilder with a base (e.g. MockServer.DefaultClaims)

func (*OIDCClaimsBuilder) Audience 

func (b *OIDCClaimsBuilder) Audience(aud ...string) *OIDCClaimsBuilder

Audience sets the aud field

func (*OIDCClaimsBuilder) Build 

func (b *OIDCClaimsBuilder) Build() OIDCClaims

Build returns the finished token OIDCClaims

func (*OIDCClaimsBuilder) Email 

func (b *OIDCClaimsBuilder) Email(email string) *OIDCClaimsBuilder

Email sets the email field

func (*OIDCClaimsBuilder) ExpiresAt 

func (b *OIDCClaimsBuilder) ExpiresAt(expiresAt time.Time) *OIDCClaimsBuilder

ExpiresAt sets the exp field

func (*OIDCClaimsBuilder) FamilyName 

func (b *OIDCClaimsBuilder) FamilyName(familyName string) *OIDCClaimsBuilder

FamilyName sets the family_name field

func (*OIDCClaimsBuilder) GivenName 

func (b *OIDCClaimsBuilder) GivenName(givenName string) *OIDCClaimsBuilder

GivenName sets the given_name field

func (*OIDCClaimsBuilder) ID 

func (b *OIDCClaimsBuilder) ID(id string) *OIDCClaimsBuilder

ID sets the id field

func (*OIDCClaimsBuilder) IssuedAt 

func (b *OIDCClaimsBuilder) IssuedAt(issuedAt time.Time) *OIDCClaimsBuilder

IssuedAt sets the iat field

func (*OIDCClaimsBuilder) Issuer 

func (b *OIDCClaimsBuilder) Issuer(issuer string) *OIDCClaimsBuilder

Issuer sets the iss field

func (*OIDCClaimsBuilder) NotBefore 

func (b *OIDCClaimsBuilder) NotBefore(notBefore time.Time) *OIDCClaimsBuilder

NotBefore sets the nbf field

func (*OIDCClaimsBuilder) Subject 

func (b *OIDCClaimsBuilder) Subject(subject string) *OIDCClaimsBuilder

Subject sets the sub field

func (*OIDCClaimsBuilder) UserUUID 

func (b *OIDCClaimsBuilder) UserUUID(userUUID string) *OIDCClaimsBuilder

UserUUID sets the user_uuid field

func (*OIDCClaimsBuilder) WithoutAudience 

func (b *OIDCClaimsBuilder) WithoutAudience() *OIDCClaimsBuilder

WithoutAudience removes the aud claim

func (*OIDCClaimsBuilder) WithoutExpiresAt 

func (b *OIDCClaimsBuilder) WithoutExpiresAt() *OIDCClaimsBuilder

WithoutExpiresAt removes the exp claim

func (*OIDCClaimsBuilder) WithoutIssuedAt 

func (b *OIDCClaimsBuilder) WithoutIssuedAt() *OIDCClaimsBuilder

WithoutIssuedAt removes the iat claim

func (*OIDCClaimsBuilder) WithoutNotBefore 

func (b *OIDCClaimsBuilder) WithoutNotBefore() *OIDCClaimsBuilder

WithoutNotBefore removes the nbf claim

func (*OIDCClaimsBuilder) ZoneID 

func (b *OIDCClaimsBuilder) ZoneID(zoneID string) *OIDCClaimsBuilder

ZoneID sets the zone_uuid field

type OIDCHeaderBuilder 

type OIDCHeaderBuilder struct {
	// contains filtered or unexported fields
}

OIDCHeaderBuilder can construct header fields for test cases

func NewOIDCHeaderBuilder 

func NewOIDCHeaderBuilder(base map[string]interface{}) *OIDCHeaderBuilder

NewOIDCHeaderBuilder instantiates a new OIDCHeaderBuilder with a base (e.g. MockServer.DefaultHeaders)

func (*OIDCHeaderBuilder) Alg 

func (b *OIDCHeaderBuilder) Alg(alg string) *OIDCHeaderBuilder

Alg sets the alg field

func (*OIDCHeaderBuilder) Build 

func (b *OIDCHeaderBuilder) Build() map[string]interface{}

Build returns the finished http header fields

func (*OIDCHeaderBuilder) KeyID 

func (b *OIDCHeaderBuilder) KeyID(keyID string) *OIDCHeaderBuilder

KeyID sets the keyID field

type Options 

type Options struct {
	UserContext  UserContext  // UserContext property under which the token is accessible in the request context. Default: "user"
	ErrorHandler ErrorHandler // ErrorHandler called if the jwt verification fails and the Handler middleware func is used. Default: DefaultErrorHandler
	HTTPClient   *http.Client // HTTPClient which is used for OIDC discovery and to retrieve JWKs (JSON Web Keys). Default: basic http.Client with a timeout of 15 seconds
}

Options can be used as a argument to instantiate a AuthMiddle with NewAuthMiddleware.

type UserContext added in v0.5.2 

type UserContext string

UserContext is the type that holds the custom key under which the OIDCClaims are stored in the request context

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.