binding

package
v0.29.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package binding is the single owner of the identity-binding format used by vMCP session storage. An identity binding encodes the OIDC principal that created a session as a single opaque string suitable for storage in a key/value store such as Redis or Valkey.

Format

A bound identity is encoded as iss + "\x00" + sub. NUL is rejected from either half by Format and Parse: OIDC Core does not formally forbid NUL in sub, but no real-world issuer emits one, and accepting it would let a corrupted or adversarial value re-split during Parse.

Sessions created before any auth middleware ran use the literal "unauthenticated" sentinel. The sentinel must not contain '\x00' so it cannot collide with any bound form; any future format change must keep the sentinel and the bound-form value sets non-overlapping.

Trust boundary

Bindings are stored plaintext at rest. They are PII but not credentials — they identify but do not authenticate. They carry no freshness signal (no exp, no nonce) and are NOT a substitute for token validation: callers must only compare a stored binding against a freshly-validated (iss, sub) pair from the current request's token.

Index

Constants

View Source 
const UnauthenticatedSentinel = "unauthenticated"

UnauthenticatedSentinel is the binding value stored for sessions that were created without an authenticated identity (auth middleware not present or identity nil).

Variables

View Source 
var ErrInvalidBinding = errors.New("invalid identity binding")

ErrInvalidBinding is returned by Format when either input is empty or contains a NUL byte.

Functions

func Format 

func Format(iss, sub string) (string, error)

Format returns the canonical on-the-wire form of an identity binding: iss + "\x00" + sub. Returns ErrInvalidBinding when either input is empty or contains a NUL byte.

func IsUnauthenticated 

func IsUnauthenticated(s string) bool

IsUnauthenticated reports whether s is the literal unauthenticated sentinel.

func Parse 

func Parse(s string) (iss, sub string, ok bool)

Parse splits an on-the-wire binding into its (iss, sub) components. Returns ok=true only when s contains exactly one NUL and both halves are non-empty. Returns ok=false for the unauthenticated sentinel, for malformed input, and for empty strings. Callers must check ok; the empty-string return values are not meaningful when ok=false.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.