Documentation
¶
Index ¶
Constants ¶
View Source
const ( // AuthTypeStatic should be used when we have a JWT token. AuthTypeStatic = "static" // AuthTypeInsecureStatic should be used when we have a JWT token but we're not using TLS for transport security. AuthTypeInsecureStatic = "insecureStatic" // AuthTypeClientCredentials should be used when we're using client credentials authentication. AuthTypeClientCredentials = "clientCredentials" // AuthTypeAuthorizationCode should be used when we're using authorization code authentication. AuthTypeAuthorizationCode = "authorizationCode" )
Supported authentication types for Canton participant APIs.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthConfig ¶
type AuthConfig struct {
// Type selects the auth scheme: "static", "insecureStatic", "clientCredentials", or "authorizationCode".
// Defaults to "static" when omitted (backward compatible).
Type string `toml:"type" validate:"required,oneof=static insecureStatic clientCredentials authorizationCode"`
// UserID is the user ID for the authentication. Required for clientCredentials and authorizationCode only.
UserID string `toml:"user_id" validate:"required_if=Type clientCredentials,required_if=Type authorizationCode"`
// JWT is a pre-obtained token. Required when Type is "static" or "insecureStatic".
JWT string `` /* 165-byte string literal not displayed */
// AuthURL is the OIDC authorization server base URL. Required for clientCredentials and authorizationCode.
AuthURL string `toml:"auth_url,omitempty" validate:"required_if=Type clientCredentials,required_if=Type authorizationCode,omitempty,url"`
// ClientID is the OAuth2 client identifier. Required for clientCredentials and authorizationCode.
ClientID string `toml:"client_id,omitempty" validate:"required_if=Type clientCredentials,required_if=Type authorizationCode"`
// ClientSecret is the OAuth2 client secret. Required for clientCredentials only.
ClientSecret string `toml:"client_secret,omitempty" validate:"required_if=Type clientCredentials,excluded_unless=Type clientCredentials"`
// Audience is the OAuth2 "audience" request parameter, identifying the API the issued
// access token should target (its JWT "aud" claim). It is an Auth0-specific extension
// and is only honored by Auth0 (or servers that emulate Auth0). Other authorization
// servers (Okta, Keycloak, ...) determine the audience server-side and ignore this
// parameter; see the docs on clientcredentials.WithAudience / authorizationcode.WithAudience
// for details.
//
// Optional; only applicable to clientCredentials and authorizationCode. Leave unset to
// let the authorization server choose the audience.
Audience string `toml:"audience,omitempty" validate:"excluded_unless=Type clientCredentials|excluded_unless=Type authorizationCode"`
}
AuthConfig configures authentication for a Canton participant endpoint.
func (*AuthConfig) NewProvider ¶
func (a *AuthConfig) NewProvider(ctx context.Context) (authentication.Provider, error)
NewProvider builds an authentication.Provider from this config. It validates the config (including JWT/URL format) before building the provider.
func (*AuthConfig) Validate ¶
func (a *AuthConfig) Validate() error
Click to show internal directories.
Click to hide internal directories.