Documentation
¶
Index ¶
- Constants
- Variables
- func BoolClaim(claims Claims, key string) (bool, bool)
- func GenerateSocialLoginNonce() (string, string, error)
- func GenerateToken(ctx context.Context, claims Claims) (string, error)
- func HTTPStatus(err error) int
- func IsCode(err error, code ErrorCode) bool
- func JWTAuth() gin.HandlerFunc
- func Module() jelly.Module
- func StringClaim(claims Claims, key string) (string, bool)
- func StringSliceClaim(claims Claims, key string) ([]string, bool)
- type AuthenticationCredential
- type AuthenticationLookup
- type AuthenticationOptions
- type AuthenticationRequest
- type AuthenticationResponse
- type AuthenticationResult
- type AuthenticationVerificationRequest
- type AuthenticatorAttachment
- type Claims
- type CompleteSocialLoginInput
- type CompleteSocialLoginResult
- type Config
- type CredentialDescriptor
- type CredentialFlags
- type CredentialTransport
- type Error
- type ErrorCode
- type Identity
- func VerifyAppleIDToken(ctx context.Context, idToken string) (Identity, error)
- func VerifyAppleIDTokenWithOptions(ctx context.Context, idToken string, opts VerifyIDTokenOptions) (Identity, error)
- func VerifyGoogleIDToken(ctx context.Context, idToken string) (Identity, error)
- func VerifyGoogleIDTokenWithOptions(ctx context.Context, idToken string, opts VerifyIDTokenOptions) (Identity, error)
- type JWTConfig
- type OIDCConfig
- type OIDCProviderConfig
- type PasskeyConfig
- type RegistrationCredential
- type RegistrationOptions
- type RegistrationRequest
- type RegistrationResponse
- type RegistrationResult
- type RegistrationUser
- type ResidentKeyRequirement
- type SocialLoginAttempt
- type SocialLoginAttemptStore
- type SocialProvider
- type StartSocialLoginInput
- type StartSocialLoginResult
- type StoredCredential
- type UserVerificationRequirement
- type VerifyIDTokenOptions
Constants ¶
View Source
const TokenClaimsContextKey = "jauth.jwt_claims"
Variables ¶
View Source
var ( ErrInvalidSocialProvider = errors.New("invalid social provider") ErrSocialLoginAttemptNotFound = errors.New("social login attempt not found") )
Functions ¶
func HTTPStatus ¶
func JWTAuth ¶
func JWTAuth() gin.HandlerFunc
Types ¶
type AuthenticationCredential ¶
type AuthenticationCredential struct {
ID string `json:"id"`
RawID string `json:"rawId"`
Type string `json:"type"`
AuthenticatorAttachment string `json:"authenticatorAttachment,omitempty"`
Response AuthenticationResponse `json:"response"`
ClientExtensionResults map[string]any `json:"clientExtensionResults,omitempty"`
}
func ParseAuthenticationCredential ¶
func ParseAuthenticationCredential(data []byte) (*AuthenticationCredential, error)
type AuthenticationLookup ¶
type AuthenticationLookup struct {
CredentialID []byte `json:"credential_id"`
UserHandle string `json:"user_handle,omitempty"`
}
func LookupAuthenticationCredential ¶
func LookupAuthenticationCredential(ctx context.Context, credential AuthenticationCredential) (*AuthenticationLookup, error)
type AuthenticationOptions ¶
type AuthenticationOptions struct {
PublicKey map[string]any `json:"public_key"`
CeremonyState string `json:"ceremony_state"`
ExpiresAt time.Time `json:"expires_at"`
}
func BuildAuthenticationOptions ¶
func BuildAuthenticationOptions(ctx context.Context, req AuthenticationRequest) (*AuthenticationOptions, error)
type AuthenticationRequest ¶
type AuthenticationRequest struct {
UserID string `json:"user_id,omitempty"`
AllowedCredentials []CredentialDescriptor `json:"allowed_credentials,omitempty"`
UserVerification UserVerificationRequirement `json:"user_verification,omitempty"`
}
type AuthenticationResponse ¶
type AuthenticationResult ¶
type AuthenticationResult struct {
CredentialID []byte `json:"credential_id"`
NewSignCount uint32 `json:"new_sign_count"`
UserID string `json:"user_id,omitempty"`
UserHandle string `json:"user_handle,omitempty"`
CloneWarning bool `json:"clone_warning,omitempty"`
}
func VerifyAuthentication ¶
func VerifyAuthentication(ctx context.Context, req AuthenticationVerificationRequest) (*AuthenticationResult, error)
type AuthenticationVerificationRequest ¶
type AuthenticationVerificationRequest struct {
CeremonyState string `json:"ceremony_state"`
Credential AuthenticationCredential `json:"credential"`
Credentials []StoredCredential `json:"credentials"`
}
type AuthenticatorAttachment ¶
type AuthenticatorAttachment string
const ( AttachmentPlatform AuthenticatorAttachment = "platform" AttachmentCrossPlatform AuthenticatorAttachment = "cross-platform" )
type CompleteSocialLoginInput ¶
type CompleteSocialLoginInput struct {
Provider SocialProvider
AttemptID string
IDToken string
Now time.Time
}
type CompleteSocialLoginResult ¶
type CompleteSocialLoginResult struct {
Identity Identity
Attempt SocialLoginAttempt
}
func CompleteSocialLogin ¶
func CompleteSocialLogin(ctx context.Context, store SocialLoginAttemptStore, input CompleteSocialLoginInput) (*CompleteSocialLoginResult, error)
type Config ¶
type Config struct {
JWT *JWTConfig `yaml:"jwt"`
OIDC *OIDCConfig `yaml:"oidc"`
Passkey *PasskeyConfig `yaml:"passkey,omitempty"`
}
func DefaultConfig ¶
func DefaultConfig() Config
type CredentialDescriptor ¶
type CredentialDescriptor struct {
CredentialID []byte `json:"credential_id"`
Transports []CredentialTransport `json:"transports,omitempty"`
}
type CredentialFlags ¶
type CredentialTransport ¶
type CredentialTransport string
type ErrorCode ¶
type ErrorCode string
const ( ErrCodeNotConfigured ErrorCode = "not_configured" ErrCodeInvalidConfig ErrorCode = "invalid_config" ErrCodeInvalidCeremonyState ErrorCode = "invalid_ceremony_state" ErrCodeInvalidCredential ErrorCode = "invalid_credential" ErrCodeInvalidChallenge ErrorCode = "invalid_challenge" ErrCodeInvalidOrExpiredState ErrorCode = "invalid_or_expired_ceremony_state" ErrCodeInvalidOrigin ErrorCode = "invalid_origin" ErrCodeInvalidRPID ErrorCode = "invalid_rp_id" ErrCodeUserVerification ErrorCode = "user_verification_required" ErrCodeCredentialNotFound ErrorCode = "credential_not_found" )
type Identity ¶
type Identity struct {
Provider string `json:"provider"`
Subject string `json:"subject"`
Email string `json:"email,omitempty"`
Name string `json:"name,omitempty"`
EmailVerified bool `json:"emailVerified"`
}
func VerifyAppleIDToken ¶
func VerifyGoogleIDToken ¶
type OIDCConfig ¶
type OIDCConfig struct {
Google *OIDCProviderConfig `yaml:"google"`
Apple *OIDCProviderConfig `yaml:"apple"`
}
type OIDCProviderConfig ¶
type OIDCProviderConfig struct {
ClientID string `yaml:"client-id"`
}
type PasskeyConfig ¶
type RegistrationCredential ¶
type RegistrationCredential struct {
ID string `json:"id"`
RawID string `json:"rawId"`
Type string `json:"type"`
AuthenticatorAttachment string `json:"authenticatorAttachment,omitempty"`
Response RegistrationResponse `json:"response"`
ClientExtensionResults map[string]any `json:"clientExtensionResults,omitempty"`
}
func ParseRegistrationCredential ¶
func ParseRegistrationCredential(data []byte) (*RegistrationCredential, error)
type RegistrationOptions ¶
type RegistrationOptions struct {
PublicKey map[string]any `json:"public_key"`
CeremonyState string `json:"ceremony_state"`
ExpiresAt time.Time `json:"expires_at"`
}
func BuildRegistrationOptions ¶
func BuildRegistrationOptions(ctx context.Context, req RegistrationRequest) (*RegistrationOptions, error)
type RegistrationRequest ¶
type RegistrationRequest struct {
User RegistrationUser `json:"user"`
ExcludeCredentials []CredentialDescriptor `json:"exclude_credentials,omitempty"`
ResidentKey ResidentKeyRequirement `json:"resident_key,omitempty"`
UserVerification UserVerificationRequirement `json:"user_verification,omitempty"`
AuthenticatorAttachment AuthenticatorAttachment `json:"authenticator_attachment,omitempty"`
}
type RegistrationResponse ¶
type RegistrationResponse struct {
ClientDataJSON string `json:"clientDataJSON"`
AttestationObject string `json:"attestationObject"`
Transports []CredentialTransport `json:"transports,omitempty"`
PublicKey string `json:"publicKey,omitempty"`
PublicKeyAlgorithm int `json:"publicKeyAlgorithm,omitempty"`
AuthenticatorData string `json:"authenticatorData,omitempty"`
}
type RegistrationResult ¶
type RegistrationResult struct {
CredentialID []byte `json:"credential_id"`
PublicKey []byte `json:"public_key"`
SignCount uint32 `json:"sign_count"`
AAGUID string `json:"aaguid"`
AuthenticatorAttachment string `json:"authenticator_attachment"`
AttestationType string `json:"attestation_type,omitempty"`
Transports []CredentialTransport `json:"transports,omitempty"`
Flags CredentialFlags `json:"flags,omitempty"`
}
func VerifyRegistration ¶
func VerifyRegistration(ctx context.Context, ceremonyState string, credential RegistrationCredential) (*RegistrationResult, error)
type RegistrationUser ¶
type ResidentKeyRequirement ¶
type ResidentKeyRequirement string
const ( ResidentKeyRequired ResidentKeyRequirement = "required" ResidentKeyPreferred ResidentKeyRequirement = "preferred" ResidentKeyDiscouraged ResidentKeyRequirement = "discouraged" )
type SocialLoginAttempt ¶
type SocialLoginAttemptStore ¶
type SocialLoginAttemptStore interface {
CreateSocialLoginAttempt(ctx context.Context, attempt SocialLoginAttempt) error
GetSocialLoginAttempt(ctx context.Context, provider SocialProvider, attemptID string) (*SocialLoginAttempt, error)
ConsumeSocialLoginAttempt(ctx context.Context, provider SocialProvider, attemptID string, now time.Time) (bool, error)
}
type SocialProvider ¶
type SocialProvider string
const ( SocialProviderGoogle SocialProvider = "google" SocialProviderApple SocialProvider = "apple" )
type StartSocialLoginInput ¶
type StartSocialLoginInput struct {
Provider SocialProvider
Now time.Time
}
type StartSocialLoginResult ¶
type StartSocialLoginResult struct {
AttemptID string `json:"attempt_id"`
Provider SocialProvider `json:"provider"`
Nonce string `json:"nonce"`
NonceSHA256 string `json:"nonce_sha256"`
ExpiresAt time.Time `json:"expires_at"`
}
func StartSocialLogin ¶
func StartSocialLogin(ctx context.Context, store SocialLoginAttemptStore, input StartSocialLoginInput) (*StartSocialLoginResult, error)
type StoredCredential ¶
type StoredCredential struct {
UserID string `json:"user_id"`
CredentialID []byte `json:"credential_id"`
PublicKey []byte `json:"public_key"`
SignCount uint32 `json:"sign_count"`
AAGUID string `json:"aaguid,omitempty"`
AuthenticatorAttachment string `json:"authenticator_attachment,omitempty"`
AttestationType string `json:"attestation_type,omitempty"`
Transports []CredentialTransport `json:"transports,omitempty"`
Flags CredentialFlags `json:"flags,omitempty"`
}
type UserVerificationRequirement ¶
type UserVerificationRequirement string
const ( UserVerificationRequired UserVerificationRequirement = "required" UserVerificationPreferred UserVerificationRequirement = "preferred" UserVerificationDiscouraged UserVerificationRequirement = "discouraged" )
type VerifyIDTokenOptions ¶
Source Files
Click to show internal directories.
Click to hide internal directories.