auth

package

v0.0.0-...-ab689eb Latest Latest Go to latest Published: Mar 28, 2024 License: BSD-3-Clause-Clear Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/opentdf/platform

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ContextWithJWK(ctx context.Context, key jwk.Key) context.Context
func GetJWKFromContext(ctx context.Context) jwk.Key
type AuthNConfig
type Authentication
- func NewAuthenticator(cfg AuthNConfig, d *db.Client) (*Authentication, error)
- func (a Authentication) MuxHandler(handler http.Handler) http.Handler
- func (a Authentication) UnaryServerInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, ...) (any, error)
type CasbinConfig
type Config
type Enforcer
- func NewCasbinEnforcer(c CasbinConfig) (*Enforcer, error)
- func (e Enforcer) Enforce(token jwt.Token, resource, action string) (bool, error)
type OIDCConfiguration
- func DiscoverOIDCConfiguration(ctx context.Context, issuer string) (*OIDCConfiguration, error)
type PolicyConfig

Constants ¶

View Source

const (
	// DiscoveryPath is the path to the discovery endpoint
	DiscoveryPath = "/.well-known/openid-configuration"
)

Variables ¶

This section is empty.

Functions ¶

func ContextWithJWK ¶

func ContextWithJWK(ctx context.Context, key jwk.Key) context.Context

func GetJWKFromContext ¶

func GetJWKFromContext(ctx context.Context) jwk.Key

Types ¶

type AuthNConfig ¶

type AuthNConfig struct {
	Issuer            string   `yaml:"issuer" json:"issuer"`
	Audience          string   `yaml:"audience" json:"audience"`
	Clients           []string `yaml:"clients" json:"clients"`
	OIDCConfiguration `yaml:"-" json:"-"`
	Policy            PolicyConfig `yaml:"policy" json:"policy"`
}

AuthNConfig is the configuration need for the platform to validate tokens

type Authentication ¶

type Authentication struct {
	// contains filtered or unexported fields
}

Authentication holds a jwks cache and information about the openid configuration

func NewAuthenticator ¶

func NewAuthenticator(cfg AuthNConfig, d *db.Client) (*Authentication, error)

Creates new authN which is used to verify tokens for a set of given issuers

func (Authentication) MuxHandler ¶

func (a Authentication) MuxHandler(handler http.Handler) http.Handler

verifyTokenHandler is a http handler that verifies the token

func (Authentication) UnaryServerInterceptor ¶

func (a Authentication) UnaryServerInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

UnaryServerInterceptor is a grpc interceptor that verifies the token in the metadata

type CasbinConfig ¶

type CasbinConfig struct {
	PolicyConfig
	Db *sql.DB
}

type Config ¶

type Config struct {
	Enabled     bool `yaml:"enabled" default:"true" `
	AuthNConfig `mapstructure:",squash"`
}

AuthConfig pulls AuthN and AuthZ together

type Enforcer ¶

type Enforcer struct {
	*casbin.Enforcer
	Config CasbinConfig
	Policy string
}

func NewCasbinEnforcer ¶

func NewCasbinEnforcer(c CasbinConfig) (*Enforcer, error)

newCasbinEnforcer creates a new casbin enforcer

func (Enforcer) Enforce ¶

func (e Enforcer) Enforce(token jwt.Token, resource, action string) (bool, error)

casbinEnforce is a helper function to enforce the policy with casbin TODO implement a common type so this can be used for both http and grpc

type OIDCConfiguration ¶

type OIDCConfiguration struct {
	Issuer                           string   `json:"issuer"`
	AuthorizationEndpoint            string   `json:"authorization_endpoint"`
	TokenEndpoint                    string   `json:"token_endpoint"`
	JwksURI                          string   `json:"jwks_uri"`
	ResponseTypesSupported           []string `json:"response_types_supported"`
	SubjectTypesSupported            []string `json:"subject_types_supported"`
	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
	RequireRequestURIRegistration    bool     `json:"require_request_uri_registration"`
}

OIDCConfiguration holds the openid configuration for the issuer. Currently only required fields are included (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata)

func DiscoverOIDCConfiguration ¶

func DiscoverOIDCConfiguration(ctx context.Context, issuer string) (*OIDCConfiguration, error)

DiscoverOPENIDConfiguration discovers the openid configuration for the issuer provided

type PolicyConfig ¶

type PolicyConfig struct {
	Default   string            `yaml:"default" json:"default"`
	RoleClaim string            `yaml:"claim" json:"claim"`
	RoleMap   map[string]string `yaml:"map" json:"map"`
	Csv       string            `yaml:"csv" json:"csv"`
	Model     string            `yaml:"model" json:"model"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL