authorize

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2019 License: Apache-2.0 Imports: 6 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsRequestAuthorized

func IsRequestAuthorized(req *http.Request, a Authorizer, headerName string) error

Types

type Authorizer

type Authorizer interface {
	// Returns nil if token gives authority for the user.
	IsAuthorized(ctx context.Context, token string) error
}

func New

func New(ctx context.Context, config Config) (Authorizer, error)

type Condition

type Condition struct {
	// contains filtered or unexported fields
}

Condition is used to check whether user with tokenPerms has access.

func AND

func AND(conditions ...Condition) (Condition, error)

AND is an array of conditions with logic AND. If no condition is passed it returns false.

func Contains

func Contains(perm string) Condition

Contains is an condition that returns true token perms contains given permission.

func OR

func OR(conditions ...Condition) (Condition, error)

OR is an array of conditions with logic OR. If no condition is passed it returns false.

type Config

type Config struct {
	// OIDC issuer url.
	Provider string
	// Expected Audience of the token. For a majority of the cases this is expected to be
	// the ID of the client that initialized the login flow. It may occasionally differ if
	// the provider supports the authorizing party (azp) claim.
	ClientID string
	// Claim name that contains user permissions (sometimes called 'group')
	PermsClaim string

	// Permission condition that will authorize token.
	PermCondition Condition
}

Config is an authorize configuration. TODO(bwplotka): Add proper unmarshaller/marshaller for that data struct.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL