auth

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2021 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultErrorHandler 

func DefaultErrorHandler(w http.ResponseWriter, r *http.Request, err error)

DefaultErrorHandler responds with the error and HTTP status 401

Types

type ContextKey added in v0.5.4 

type ContextKey int

The ContextKey type is used as a key for library related values in the go context. See also UserContextKey 

const UserContextKey ContextKey = 0

UserContextKey is the key that holds the authorization value (*OIDCClaims) in the request context

type ErrorHandler added in v0.5.2 

type ErrorHandler func(w http.ResponseWriter, r *http.Request, err error)

ErrorHandler is the type for the Error Handler which is called on unsuccessful token validation and if the AuthenticationHandler middleware func is used

type Middleware added in v0.5.4 

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware is the main entrypoint to the client library, instantiate with NewMiddleware. It holds information about the oAuth config and configured options. Use either the ready to use AuthenticationHandler as a middleware or implement your own middleware with the help of Authenticate.

func NewMiddleware added in v0.5.4 

func NewMiddleware(oAuthConfig OAuthConfig, options Options) *Middleware

NewMiddleware instantiates a new Middleware with defaults for not provided Options.

func (*Middleware) Authenticate added in v0.5.4 

func (m *Middleware) Authenticate(r *http.Request) (*OIDCClaims, error)

Authenticate authenticates a request and returns the Claims if successful, otherwise error

func (*Middleware) AuthenticationHandler added in v0.5.4 

func (m *Middleware) AuthenticationHandler(next http.Handler) http.Handler

AuthenticationHandler authenticates a request and injects the claims into the request context. If the authentication (see Authenticate) does not succeed, the specified error handler (see Options.ErrorHandler) will be called and the current request will stop.

func (*Middleware) ClearCache added in v0.5.4 

func (m *Middleware) ClearCache()

ClearCache clears the entire storage of cached oidc tenants including their JWKs

type MockConfig 

type MockConfig struct {
	ClientID             string
	ClientSecret         string
	URL                  string
	Domain               string
	ZoneUUID             uuid.UUID
	ProofTokenURL        string
	OsbURL               string
	Certificate          string
	Key                  string
	CertificateExpiresAt string
}

MockConfig represents the credentials to the mock server

func (MockConfig) GetCertificate added in v0.7.0 

func (c MockConfig) GetCertificate() string

GetCertificate implements the auth.OAuthConfig interface.

func (MockConfig) GetCertificateExpiresAt added in v0.7.0 

func (c MockConfig) GetCertificateExpiresAt() string

GetCertificateExpiresAt implements the auth.OAuthConfig interface.

func (MockConfig) GetClientID 

func (c MockConfig) GetClientID() string

GetClientID implements the auth.OAuthConfig interface.

func (MockConfig) GetClientSecret 

func (c MockConfig) GetClientSecret() string

GetClientSecret implements the auth.OAuthConfig interface.

func (MockConfig) GetDomain 

func (c MockConfig) GetDomain() string

GetDomain implements the auth.OAuthConfig interface.

func (MockConfig) GetKey added in v0.7.0 

func (c MockConfig) GetKey() string

GetKey implements the auth.OAuthConfig interface.

func (MockConfig) GetOsbURL added in v0.7.0 

func (c MockConfig) GetOsbURL() string

GetOsbURL implements the auth.OAuthConfig interface.

func (MockConfig) GetProofTokenURL added in v0.7.0 

func (c MockConfig) GetProofTokenURL() string

GetProofTokenURL implements the auth.OAuthConfig interface.

func (MockConfig) GetURL 

func (c MockConfig) GetURL() string

GetURL implements the auth.OAuthConfig interface.

func (MockConfig) GetZoneUUID added in v0.7.0 

func (c MockConfig) GetZoneUUID() uuid.UUID

GetZoneUUID implements the auth.OAuthConfig interface.

type MockServer 

type MockServer struct {
	Server              *httptest.Server // Server holds the httptest.Server and its Client.
	Config              *MockConfig      // Config holds the OIDC config which applications bind to the application.
	RSAKey              *rsa.PrivateKey  // RSAKey holds the servers private key to sign tokens.
	WellKnownHitCounter int              // JWKsHitCounter holds the number of requests to the WellKnownHandler.
	JWKsHitCounter      int              // JWKsHitCounter holds the number of requests to the JWKsHandler.
}

MockServer serves as a single tenant OIDC mock server for tests. Requests to the MockServer must be done by the mockServers client: MockServer.Server.Client()

func NewOIDCMockServer 

func NewOIDCMockServer() (*MockServer, error)

NewOIDCMockServer instantiates a new MockServer.

func (*MockServer) ClearAllHitCounters 

func (m *MockServer) ClearAllHitCounters()

ClearAllHitCounters resets all http handlers hit counters. See MockServer.WellKnownHitCounter and MockServer.JWKsHitCounter

func (*MockServer) DefaultClaims 

func (m *MockServer) DefaultClaims() OIDCClaims

DefaultClaims returns OIDCClaims with mock server specific default values for standard OIDC claims.

func (*MockServer) DefaultHeaders 

func (m *MockServer) DefaultHeaders() map[string]interface{}

DefaultHeaders returns JWT headers with mock server specific default values.

func (*MockServer) JWKsHandler 

func (m *MockServer) JWKsHandler(w http.ResponseWriter, _ *http.Request)

JWKsHandler is the http handler which answers requests to the mock servers OIDC discovery endpoint.

func (*MockServer) SignToken 

func (m *MockServer) SignToken(claims OIDCClaims, header map[string]interface{}) (string, error)

SignToken signs the provided OIDCClaims and header fields into a base64 encoded JWT token signed by the MockServer.

func (*MockServer) SignTokenWithAdditionalClaims 

func (m *MockServer) SignTokenWithAdditionalClaims(claims OIDCClaims, additionalClaims map[string]interface{}, header map[string]interface{}) (string, error)

SignTokenWithAdditionalClaims signs the token with additional non-standard oidc claims. additionalClaims must not contain any oidc standard claims or duplicates. See also: SignToken

func (*MockServer) WellKnownHandler 

func (m *MockServer) WellKnownHandler(w http.ResponseWriter, _ *http.Request)

WellKnownHandler is the http handler which answers requests to the mock servers OIDC discovery endpoint.

type OAuthConfig 

type OAuthConfig interface {
	GetClientID() string             // Returns the client id of the oAuth client.
	GetClientSecret() string         // Returns the client secret. Optional
	GetURL() string                  // Returns the url to the Identity tenant. E.g. https://abcdefgh.accounts.ondemand.com
	GetDomain() string               // Returns the domain of the Identity service. E.g. accounts.ondemand.com
	GetZoneUUID() uuid.UUID          // Returns the zone uuid. Optional
	GetProofTokenURL() string        // Returns the proof token url. Optional
	GetCertificate() string          // Returns the client certificate. Optional
	GetKey() string                  // Returns the client certificate key. Optional
	GetCertificateExpiresAt() string // Returns the client certificate expiration time. Optional
}

OAuthConfig interface has to be implemented to instantiate NewMiddleware. For IAS the standard implementation IASConfig from ../env/iasConfig.go package can be used.

type OIDCClaims 

type OIDCClaims struct {
	jwtgo.StandardClaims
	GivenName  string `json:"given_name,omitempty"`
	FamilyName string `json:"family_name,omitempty"`
	Email      string `json:"email,omitempty"`
	ZoneID     string `json:"zone_uuid,omitempty"`
	UserUUID   string `json:"user_uuid,omitempty"`
	// contains filtered or unexported fields
}

OIDCClaims represents all claims that the JWT holds

func GetClaims added in v0.5.3 

func GetClaims(r *http.Request) *OIDCClaims

GetClaims retrieves the claims of a request which have been injected before via the auth middleware

func (OIDCClaims) GetAllCustomClaims added in v0.6.0 

func (c OIDCClaims) GetAllCustomClaims() map[string]interface{}

GetAllCustomClaims returns all a map of all claims contained in the token. This includes any custom claims.

func (OIDCClaims) GetClaimAsString 

func (c OIDCClaims) GetClaimAsString(claim string) (string, error)

GetClaimAsString returns a custom claim type asserted as string. The claim name is case sensitive. Returns error if the claim is not available or not a string.

func (OIDCClaims) GetClaimAsStringSlice 

func (c OIDCClaims) GetClaimAsStringSlice(claim string) ([]string, error)

GetClaimAsStringSlice returns a custom claim type asserted as string slice. The claim name is case sensitive. Returns error if the claim is not available or not an array.

type OIDCClaimsBuilder 

type OIDCClaimsBuilder struct {
	// contains filtered or unexported fields
}

OIDCClaimsBuilder can construct token claims for test cases

func NewOIDCClaimsBuilder 

func NewOIDCClaimsBuilder(base OIDCClaims) *OIDCClaimsBuilder

NewOIDCClaimsBuilder instantiates a new OIDCClaimsBuilder with a base (e.g. MockServer.DefaultClaims)

func (*OIDCClaimsBuilder) Audience 

func (b *OIDCClaimsBuilder) Audience(aud ...string) *OIDCClaimsBuilder

Audience sets the aud field

func (*OIDCClaimsBuilder) Build 

func (b *OIDCClaimsBuilder) Build() OIDCClaims

Build returns the finished token OIDCClaims

func (*OIDCClaimsBuilder) Email 

func (b *OIDCClaimsBuilder) Email(email string) *OIDCClaimsBuilder

Email sets the email field

func (*OIDCClaimsBuilder) ExpiresAt 

func (b *OIDCClaimsBuilder) ExpiresAt(expiresAt time.Time) *OIDCClaimsBuilder

ExpiresAt sets the exp field

func (*OIDCClaimsBuilder) FamilyName 

func (b *OIDCClaimsBuilder) FamilyName(familyName string) *OIDCClaimsBuilder

FamilyName sets the family_name field

func (*OIDCClaimsBuilder) GivenName 

func (b *OIDCClaimsBuilder) GivenName(givenName string) *OIDCClaimsBuilder

GivenName sets the given_name field

func (*OIDCClaimsBuilder) ID 

func (b *OIDCClaimsBuilder) ID(id string) *OIDCClaimsBuilder

ID sets the id field

func (*OIDCClaimsBuilder) IssuedAt 

func (b *OIDCClaimsBuilder) IssuedAt(issuedAt time.Time) *OIDCClaimsBuilder

IssuedAt sets the iat field

func (*OIDCClaimsBuilder) Issuer 

func (b *OIDCClaimsBuilder) Issuer(issuer string) *OIDCClaimsBuilder

Issuer sets the iss field

func (*OIDCClaimsBuilder) NotBefore 

func (b *OIDCClaimsBuilder) NotBefore(notBefore time.Time) *OIDCClaimsBuilder

NotBefore sets the nbf field

func (*OIDCClaimsBuilder) Subject 

func (b *OIDCClaimsBuilder) Subject(subject string) *OIDCClaimsBuilder

Subject sets the sub field

func (*OIDCClaimsBuilder) UserUUID 

func (b *OIDCClaimsBuilder) UserUUID(userUUID string) *OIDCClaimsBuilder

UserUUID sets the user_uuid field

func (*OIDCClaimsBuilder) WithoutAudience 

func (b *OIDCClaimsBuilder) WithoutAudience() *OIDCClaimsBuilder

WithoutAudience removes the aud claim

func (*OIDCClaimsBuilder) WithoutExpiresAt 

func (b *OIDCClaimsBuilder) WithoutExpiresAt() *OIDCClaimsBuilder

WithoutExpiresAt removes the exp claim

func (*OIDCClaimsBuilder) WithoutIssuedAt 

func (b *OIDCClaimsBuilder) WithoutIssuedAt() *OIDCClaimsBuilder

WithoutIssuedAt removes the iat claim

func (*OIDCClaimsBuilder) WithoutNotBefore 

func (b *OIDCClaimsBuilder) WithoutNotBefore() *OIDCClaimsBuilder

WithoutNotBefore removes the nbf claim

func (*OIDCClaimsBuilder) ZoneID 

func (b *OIDCClaimsBuilder) ZoneID(zoneID string) *OIDCClaimsBuilder

ZoneID sets the zone_uuid field

type OIDCHeaderBuilder 

type OIDCHeaderBuilder struct {
	// contains filtered or unexported fields
}

OIDCHeaderBuilder can construct header fields for test cases

func NewOIDCHeaderBuilder 

func NewOIDCHeaderBuilder(base map[string]interface{}) *OIDCHeaderBuilder

NewOIDCHeaderBuilder instantiates a new OIDCHeaderBuilder with a base (e.g. MockServer.DefaultHeaders)

func (*OIDCHeaderBuilder) Alg 

func (b *OIDCHeaderBuilder) Alg(alg string) *OIDCHeaderBuilder

Alg sets the alg field

func (*OIDCHeaderBuilder) Build 

func (b *OIDCHeaderBuilder) Build() map[string]interface{}

Build returns the finished http header fields

func (*OIDCHeaderBuilder) KeyID 

func (b *OIDCHeaderBuilder) KeyID(keyID string) *OIDCHeaderBuilder

KeyID sets the keyID field

type Options 

type Options struct {
	ErrorHandler ErrorHandler // ErrorHandler called if the jwt verification fails and the AuthenticationHandler middleware func is used. Default: DefaultErrorHandler
	HTTPClient   *http.Client // HTTPClient which is used for OIDC discovery and to retrieve JWKs (JSON Web Keys). Default: basic http.Client with a timeout of 15 seconds
}

Options can be used as a argument to instantiate a AuthMiddle with NewMiddleware.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.