Documentation
¶
Overview ¶
Package serviceauth provides constant-time validation of shared service-to-service tokens. It is intended for the IAM mono-repo's service-to-service auth edges (auth ↔ caller, dataaccess ↔ caller, ...) and answers the question "is the calling process a trusted peer service". It does NOT establish end-user identity — see pkg/userauth for that.
Each service owns its own metadata header name and interceptor; this package only owns the comparison logic.
Index ¶
Constants ¶
This section is empty.
Variables ¶
ErrUnauthorized is returned when the presented token does not match any of the configured tokens.
Functions ¶
This section is empty.
Types ¶
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
Validator performs constant-time token validation against a set of pre-computed SHA-512 hashes. It is safe for concurrent use.
func NewValidator ¶
NewValidator creates a Validator that accepts the given tokens. Empty token strings are silently ignored so callers can pass an optional next-token slot without conditional logic.