commonconfig

package
v1.0.0-preupgrade Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AuthTypeStatic should be used when we have a JWT token.
	AuthTypeStatic = "static"

	// AuthTypeInsecureStatic should be used when we have a JWT token but we're not using TLS for transport security.
	AuthTypeInsecureStatic = "insecureStatic"

	// AuthTypeClientCredentials should be used when we're using client credentials authentication.
	AuthTypeClientCredentials = "clientCredentials"

	// AuthTypeAuthorizationCode should be used when we're using authorization code authentication.
	AuthTypeAuthorizationCode = "authorizationCode"
)

Supported authentication types for Canton participant APIs.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthConfig

type AuthConfig struct {
	// Type selects the auth scheme: "static", "insecureStatic", "clientCredentials", or "authorizationCode".
	// Defaults to "static" when omitted (backward compatible).
	Type string `toml:"type" validate:"required,oneof=static insecureStatic clientCredentials authorizationCode"`

	// UserID is the user ID for the authentication. Required for clientCredentials and authorizationCode only.
	UserID string `toml:"user_id" validate:"required_if=Type clientCredentials,required_if=Type authorizationCode"`

	// JWT is a pre-obtained token. Required when Type is "static" or "insecureStatic".
	JWT string `` /* 165-byte string literal not displayed */

	// AuthURL is the OIDC authorization server base URL. Required for clientCredentials and authorizationCode.
	AuthURL string `toml:"auth_url,omitempty" validate:"required_if=Type clientCredentials,required_if=Type authorizationCode,omitempty,url"`

	// ClientID is the OAuth2 client identifier. Required for clientCredentials and authorizationCode.
	ClientID string `toml:"client_id,omitempty" validate:"required_if=Type clientCredentials,required_if=Type authorizationCode"`

	// ClientSecret is the OAuth2 client secret. Required for clientCredentials only.
	ClientSecret string `toml:"client_secret,omitempty" validate:"required_if=Type clientCredentials,excluded_unless=Type clientCredentials"`

	// Audience is the OAuth2 "audience" request parameter, identifying the API the issued
	// access token should target (its JWT "aud" claim). It is an Auth0-specific extension
	// and is only honored by Auth0 (or servers that emulate Auth0). Other authorization
	// servers (Okta, Keycloak, ...) determine the audience server-side and ignore this
	// parameter; see the docs on clientcredentials.WithAudience / authorizationcode.WithAudience
	// for details.
	//
	// Optional; only applicable to clientCredentials and authorizationCode. Leave unset to
	// let the authorization server choose the audience.
	Audience string `toml:"audience,omitempty" validate:"excluded_unless=Type clientCredentials|excluded_unless=Type authorizationCode"`
}

AuthConfig configures authentication for a Canton participant endpoint.

func (*AuthConfig) NewProvider

func (a *AuthConfig) NewProvider(ctx context.Context) (authentication.Provider, error)

NewProvider builds an authentication.Provider from this config. It validates the config (including JWT/URL format) before building the provider.

func (*AuthConfig) Validate

func (a *AuthConfig) Validate() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL