authenticators

package
v0.0.0-...-90ba4ba Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 16, 2026 License: Apache-2.0 Imports: 20 Imported by: 1

Documentation

Overview

* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.

* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.

* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.

* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.

* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrAuthenticationFailed = errors.New("authentication failed")
	ErrNoAuthenticators     = errors.New("no authenticators registered")
)
View Source
var (
	ErrInvalidToken     = errors.New("invalid token")
	ErrExpiredToken     = errors.New("token has expired")
	ErrInvalidSignature = errors.New("invalid token signature")
)
View Source
var (
	ErrNoAuthenticator = errors.New("no suitable authenticator found")
)

Functions

func AuthMiddleware

func AuthMiddleware(config models.AuthConfig, logger *slog.Logger) (func(http.Handler) http.Handler, error)

AuthMiddleware creates a unified authentication middleware supporting both Basic and Bearer auth. Initialize authenticators once at startup (middleware creation time). Any configuration errors (e.g., JWT JWKS init failures) should fail fast here rather than per-request.

func AuthorizationMiddleware

func AuthorizationMiddleware(config models.AuthConfig, logger *slog.Logger) func(http.Handler) http.Handler

AuthorizationMiddleware enforces resource->roles mapping stored in config.ResourceRoles. Route keys use the net/http ServeMux pattern format: "METHOD /path/{param}".

func GetAuthContext

func GetAuthContext(r *http.Request) (models.AuthContext, bool)

GetAuthContext retrieves the AuthContext stored by AuthMiddleware.

func GetAuthzSkip

func GetAuthzSkip(r *http.Request) bool

GetAuthzSkip returns true when the authz middleware should skip role checks.

func WithAuthContext

func WithAuthContext(ctx context.Context, authCtx models.AuthContext) context.Context

WithAuthContext returns a new context with the provided AuthContext stored under the same key used by AuthMiddleware. This is intended for use in tests and other contexts where the auth middleware has not run.

Types

type AuthResult

type AuthResult struct {
	Success           bool
	UserID            string
	Roles             []string
	Claims            map[string]interface{}
	ErrorMessage      string
	SkipAuthorization bool // when true the authz middleware skips role checks
}

AuthResult contains the result of an authentication attempt

type Authenticator

type Authenticator interface {
	// Authenticate verifies the provided credentials
	Authenticate(r *http.Request) (*AuthResult, error)

	// Name returns the name of the authenticator
	Name() string

	// CanHandle checks if this authenticator can handle the given credentials
	CanHandle(r *http.Request) bool
}

Authenticator defines the interface for authentication methods

type BasicAuthenticator

type BasicAuthenticator struct {
	// contains filtered or unexported fields
}

BasicAuthenticator implements HTTP Basic Authentication

func NewBasicAuthenticator

func NewBasicAuthenticator(authConfig models.AuthConfig, logger *slog.Logger) *BasicAuthenticator

NewBasicAuthenticator creates a new BasicAuthenticator

func (*BasicAuthenticator) Authenticate

func (b *BasicAuthenticator) Authenticate(r *http.Request) (*AuthResult, error)

Authenticate verifies basic authentication credentials from context

func (*BasicAuthenticator) CanHandle

func (b *BasicAuthenticator) CanHandle(r *http.Request) bool

CanHandle checks if credentials in context are BasicCredentials

func (*BasicAuthenticator) Name

func (b *BasicAuthenticator) Name() string

Name returns the authenticator name

type Credentials

type Credentials interface{}

Credentials represents generic authentication credentials

type JWTAuthenticator

type JWTAuthenticator struct {
	// contains filtered or unexported fields
}

JWTAuthenticator implements JWT authentication

func NewJWTAuthenticator

func NewJWTAuthenticator(config *models.AuthConfig, logger *slog.Logger) (*JWTAuthenticator, error)

NewJWTAuthenticator creates a new JWT authenticator

func (*JWTAuthenticator) Authenticate

func (j *JWTAuthenticator) Authenticate(r *http.Request) (*AuthResult, error)

Authenticate verifies JWT token from context

func (*JWTAuthenticator) CanHandle

func (j *JWTAuthenticator) CanHandle(r *http.Request) bool

CanHandle checks if credentials in context are JWTCredentials

func (*JWTAuthenticator) Name

func (j *JWTAuthenticator) Name() string

Name returns the authenticator name

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL