Documentation
¶
Index ¶
- Constants
- func CreateAuthorization(ctx context.Context, auth *Authorization) error
- func CreateJWTAuthorizationEndpoint(c *gin.Context)
- func CreateJWTToken(secret, realm, clientID, userID, scope string, duration int64) (string, error)
- func GetBearerToken(c *gin.Context) string
- func GetSecureJWTMiddleware(realm, secretKey string) (*jwt.GinJWTMiddleware, error)
- func GetToken(ctx context.Context, clientID, authType string) (string, error)
- func IdentityHandler(c *gin.Context) interface{}
- func PayloadMappingHandler(data interface{}) jwt.MapClaims
- func ScopeAuthorizationHandler(data interface{}, c *gin.Context) bool
- func ValidateJWTAuthorizationEndpoint(c *gin.Context)
- type Authorization
- type AuthorizationRequest
- type AuthorizationResponse
- type Client
Constants ¶
const ( // DatastoreAuthorizations collection AUTHORIZATION DatastoreAuthorizations string = "AUTHORIZATIONS" // AuthTypeJWT constant jwt AuthTypeJWT = "jwt" // AuthTypeSlack constant salack AuthTypeSlack = "slack" )
Variables ¶
This section is empty.
Functions ¶
func CreateAuthorization ¶ added in v0.0.4
func CreateAuthorization(ctx context.Context, auth *Authorization) error
CreateAuthorization creates all data needed for the OAuth fu
func CreateJWTAuthorizationEndpoint ¶ added in v0.12.0
CreateJWTAuthorizationEndpoint creates an JWT authorization
func CreateJWTToken ¶ added in v0.11.0
CreateJWTToken creates a token that can be used for JWT authentication / authorization
func GetBearerToken ¶ added in v0.12.0
GetBearerToken extracts the bearer token
func GetSecureJWTMiddleware ¶
func GetSecureJWTMiddleware(realm, secretKey string) (*jwt.GinJWTMiddleware, error)
GetSecureJWTMiddleware instantiates a JWT middleware and all the necessary handlers
func IdentityHandler ¶
IdentityHandler returns the Client structure
func PayloadMappingHandler ¶
PayloadMappingHandler extracts the client_id, user_id and scope of the request
func ScopeAuthorizationHandler ¶
ScopeAuthorizationHandler checks for required scopes
func ValidateJWTAuthorizationEndpoint ¶ added in v0.12.0
ValidateJWTAuthorizationEndpoint verifies that the token is valid and exists in the authorization table
Types ¶
type Authorization ¶
type Authorization struct {
ClientID string `json:"client_id" binding:"required"` // UNIQUE
Name string `json:"name"` // name of the domain, realm, tennant etc
Token string `json:"token" binding:"required"`
TokenType string `json:"token_type" binding:"required"` // user,app,bot
UserID string `json:"user_id"` // depends on TokenType. UserID could equal ClientID or BotUSerID in Slack
Scope string `json:"scope"` // a comma separated list of scopes, see below
Expires int64 `json:"expires"` // 0 = never
// internal
// FIXME: add revokation flag to the Authorization
AuthType string `json:"-"` // currently: jwt, slack
Created int64 `json:"-"`
Updated int64 `json:"-"`
}
Authorization represents a user, app or bot and its permissions
func FindAuthorization ¶ added in v0.12.0
func FindAuthorization(ctx context.Context, token string) (*Authorization, error)
FindAuthorization looks for an authorization by token
func GetAuthorization ¶ added in v0.0.4
func GetAuthorization(ctx context.Context, clientID, authType string) (*Authorization, error)
GetAuthorization looks for an authorization
func (*Authorization) IsValid ¶ added in v0.12.0
func (a *Authorization) IsValid() bool
IsValid verifies that the Authorization is still valid, i.e. not expired and not revoked.
type AuthorizationRequest ¶ added in v0.12.0
type AuthorizationRequest struct {
Secret string `json:"secret" binding:"required"`
Realm string `json:"realm" binding:"required"`
ClientID string `json:"client_id" binding:"required"`
ClientType string `json:"client_type" binding:"required"` // user,app,bot
UserID string `json:"user_id" binding:"required"`
Scope string `json:"scope" binding:"required"`
Duration int64 `json:"duration" binding:"required"`
}
AuthorizationRequest struct is used to request a token
type AuthorizationResponse ¶ added in v0.12.0
type AuthorizationResponse struct {
Realm string `json:"realm" binding:"required"`
ClientID string `json:"client_id" binding:"required"`
Token string `json:"token" binding:"required"`
}
AuthorizationResponse provides the token to the requestor