auth

package
v2.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 27, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var MissingRolesError = fmt.Errorf("missing roles")

Functions

func HasAnyRole added in v2.2.3

func HasAnyRole(holder TokenRoles, clientId string, roles ...string) bool

func HasRoles

func HasRoles(holder TokenRoles, clientId string, roles ...string) bool

func RealmFromIDToken added in v2.0.14

func RealmFromIDToken(oidcToken *oidc.IDToken) (string, error)

func WithJwtContext

func WithJwtContext(ctx context.Context, realmUrl string, jwtContext JwtContext) context.Context

func WithJwtContextStorage

func WithJwtContextStorage(ctx context.Context) context.Context

func WithRawTokenSource added in v2.2.11

func WithRawTokenSource(ctx context.Context, rawTokenSource RawTokenSource) context.Context

func WrapAsRoleCheckFailedError added in v2.2.12

func WrapAsRoleCheckFailedError(err error) error

Types

type JwtContext

type JwtContext interface {
	RolesFromToken(ctx context.Context, token string, clientId string) (TokenRoles, error)
	OAuthConfig(ctx context.Context, clientId string, clientSecret string) (*oauth2.Config, error)
	ExchangeToken(ctx context.Context, token string, fromClient string, toClient string) (*oauth2.Token, error)
	ExchangeTokenWithConfig(ctx context.Context, token string, toClient string, oauthConfig oauth2.Config) (*oauth2.Token, error)
	GetToken(ctx context.Context, client string, username string, pwd string) (*oauth2.Token, error)
	GetTokenFromLiteralAccessToken(ctx context.Context, literalAccessToken, clientId string, withOfflineRefresh bool) (*oauth2.Token, error)
	GetTokenFromLiteralAccessTokenWithConfig(ctx context.Context, literalAccessToken string, withOfflineRefresh bool, oauthConfig oauth2.Config) (*oauth2.Token, error)
	RefreshToken(ctx context.Context, refreshToken string, client string) (*oauth2.Token, error)
	RefreshTokenWithConfig(ctx context.Context, refreshToken string, oauthConfig oauth2.Config) (*oauth2.Token, error)
	Sourcify(ctx context.Context, token *oauth2.Token, client string) (oauth2.TokenSource, error)
	OAuthEndpoint(ctx context.Context) (*oauth2.Endpoint, error)
	IdToken(ctx context.Context, token, clientId string) (*oidc.IDToken, error)
}

func JwtContextFromContext

func JwtContextFromContext(ctx context.Context, realmUrl string) JwtContext

type JwtContextImpl

type JwtContextImpl struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*JwtContextImpl) ExchangeToken deprecated

func (c *JwtContextImpl) ExchangeToken(ctx context.Context, token string, fromClient string, toClient string) (*oauth2.Token, error)

Deprecated: Use specialized GetTokenFromLiteralAccessToken and RefreshToken funcs instead

func (*JwtContextImpl) ExchangeTokenWithConfig deprecated

func (c *JwtContextImpl) ExchangeTokenWithConfig(ctx context.Context, token string, toClient string, oauthConfig oauth2.Config) (*oauth2.Token, error)

Deprecated: Use specialized GetTokenFromLiteralAccessToken and RefreshToken funcs instead

func (*JwtContextImpl) GetToken

func (c *JwtContextImpl) GetToken(ctx context.Context, client string, username string, pwd string) (*oauth2.Token, error)

func (*JwtContextImpl) GetTokenFromLiteralAccessToken

func (c *JwtContextImpl) GetTokenFromLiteralAccessToken(ctx context.Context, literalAccessToken, clientId string, withOfflineRefresh bool) (*oauth2.Token, error)

func (*JwtContextImpl) GetTokenFromLiteralAccessTokenWithConfig

func (c *JwtContextImpl) GetTokenFromLiteralAccessTokenWithConfig(ctx context.Context, literalAccessToken string, withOfflineRefresh bool, oauthConfig oauth2.Config) (*oauth2.Token, error)

func (*JwtContextImpl) IdToken added in v2.1.0

func (c *JwtContextImpl) IdToken(ctx context.Context, token, clientId string) (*oidc.IDToken, error)

func (*JwtContextImpl) OAuthConfig

func (c *JwtContextImpl) OAuthConfig(ctx context.Context, clientId string, clientSecret string) (*oauth2.Config, error)

func (*JwtContextImpl) OAuthEndpoint

func (c *JwtContextImpl) OAuthEndpoint(ctx context.Context) (*oauth2.Endpoint, error)

func (*JwtContextImpl) RefreshToken

func (c *JwtContextImpl) RefreshToken(ctx context.Context, refreshToken string, client string) (*oauth2.Token, error)

func (*JwtContextImpl) RefreshTokenWithConfig

func (c *JwtContextImpl) RefreshTokenWithConfig(ctx context.Context, refreshToken string, oauthConfig oauth2.Config) (*oauth2.Token, error)

func (*JwtContextImpl) RolesFromToken added in v2.0.14

func (c *JwtContextImpl) RolesFromToken(ctx context.Context, token, clientId string) (TokenRoles, error)

func (*JwtContextImpl) Sourcify

func (c *JwtContextImpl) Sourcify(ctx context.Context, token *oauth2.Token, client string) (oauth2.TokenSource, error)

type RawTokenSource added in v2.2.11

type RawTokenSource interface {
	RawToken(ctx context.Context) (string, error)
}

func RawTokenSourceFromContext added in v2.2.11

func RawTokenSourceFromContext(ctx context.Context) RawTokenSource

type RoleCheckFailedError added in v2.2.11

type RoleCheckFailedError struct {
	Cause error
}

func (*RoleCheckFailedError) Error added in v2.2.11

func (r *RoleCheckFailedError) Error() string

func (*RoleCheckFailedError) Unwrap added in v2.2.11

func (r *RoleCheckFailedError) Unwrap() error

type RoleCheckingHandlerFunc added in v2.2.11

type RoleCheckingHandlerFunc func(loginClientId string, tokenRoles TokenRoles) error

RoleCheckingHandlerFunc should return MissingRolesError if the check failed due to a missing role or unsatisfied user capabilities

func ClientRoleCheckingHandlerFunc added in v2.2.11

func ClientRoleCheckingHandlerFunc(clientId string, roles ...string) RoleCheckingHandlerFunc

ClientRoleCheckingHandlerFunc uses the given clientId to look for the requested roles If an error occurs it will always be an RoleCheckFailedError

func DefaultRoleCheckingHandlerFunc added in v2.2.11

func DefaultRoleCheckingHandlerFunc(roles ...string) RoleCheckingHandlerFunc

DefaultRoleCheckingHandlerFunc uses the login client to look for the requested roles If an error occurs it will always be an RoleCheckFailedError

type TokenRoles

type TokenRoles interface {
	ClientRoles(clientId string) []string
}

func ResolveTokenRoles added in v2.2.11

func ResolveTokenRoles(ctx context.Context, jwtIssuer string, rawToken string, loginClientId string) (TokenRoles, error)

ResolveTokenRoles validates <rawToken>; checks if it is from <jwtIssuer>. Extracts all user roles and returns the roles container If an error occurs it will always be an RoleCheckFailedError

func TokenRolesFromIDToken added in v2.0.13

func TokenRolesFromIDToken(oidcToken *oidc.IDToken) (TokenRoles, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL