Documentation
¶
Overview ¶
Package sstauth contains utilities for authentication in SST based on OAuth2 for Remote Repository implementation. Other applications may also use the utilities.
Index ¶
- func AuthFunc(issuer string, testOverride tokenToUserInfoFuncForTest) grpc_auth.AuthFunc
- func ContextWithAuthProvider(ctx context.Context, provider AuthProvider) context.Context
- func ContextWithSstUserInfo(ctx context.Context, info *SstUserInfo) context.Context
- func NewOIDCVerifier(ctx context.Context, issuer string, clientID string) (*oidc.IDTokenVerifier, error)
- func ProviderFromHeader(issuer string) func(http.Handler) http.Handler
- func RolesForClient(c KCClaims, clientID string) map[string]bool
- func StreamRBACInterceptor(verifier *oidc.IDTokenVerifier, clientID string, ...) grpc.StreamServerInterceptor
- func UnaryRBACInterceptor(verifier *oidc.IDTokenVerifier, clientID string, ...) grpc.UnaryServerInterceptor
- func WithPrincipal(ctx context.Context, p *Principal) context.Context
- type AuthProvider
- type KCClaims
- type Principal
- type Provider
- type SstUserInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthFunc ¶
AuthFunc returns a grpc_auth.AuthFunc that authenticates a token from the context metadata and converts it to SstUserInfo.
Parameters: - issuer: A string representing the token issuer. - tokenToUserInfo: A function that converts a token to SstUserInfo.
The returned grpc_auth.AuthFunc extracts the token from the context metadata, verifies it, and converts it to authentication information. If the token is invalid, it returns an error with the Unauthenticated status code.
The function uses a tokenVerifierHolder to manage token verification and periodically updates the token verifier.
func ContextWithAuthProvider ¶
func ContextWithAuthProvider(ctx context.Context, provider AuthProvider) context.Context
takes an input context and returns an enhanced context with authenticationProvider
func ContextWithSstUserInfo ¶
func ContextWithSstUserInfo(ctx context.Context, info *SstUserInfo) context.Context
func NewOIDCVerifier ¶
func ProviderFromHeader ¶
ProviderFromHeader creates a middleware that extracts an access token from the request header. Then, it adds the authentication provider(includes access token) to the request context and calls the next handler.
Parameters:
- issuer: The expected issuer of the token; e.g. the KeyCloak URL to use
Returns:
The returned middleware function modify the handler for the http.Request and the http.Response.
func StreamRBACInterceptor ¶
func StreamRBACInterceptor( verifier *oidc.IDTokenVerifier, clientID string, methodRoles map[string][]string, expectedRepoName string, ) grpc.StreamServerInterceptor
func UnaryRBACInterceptor ¶
func UnaryRBACInterceptor( verifier *oidc.IDTokenVerifier, clientID string, methodRoles map[string][]string, expectedRepoName string, ) grpc.UnaryServerInterceptor
Types ¶
type AuthProvider ¶
AuthProvider defines an interface for authentication providers. It requires two methods:
- AuthProvider: A method to implement the authentication logic.
- Info: A method to retrieve the email and name of the authenticated user, returning an error if the information cannot be retrieved.
func AuthProviderFromContext ¶
func AuthProviderFromContext(ctx context.Context) AuthProvider
takes an input context and extract the authenticationProvider out
type Principal ¶
type SstUserInfo ¶
type SstUserInfo struct {
Email string
}
SstUserInfo identifies who is using the Repository by email and name. This data is used to create a commit.
func SstUserInfoFromContext ¶
func SstUserInfoFromContext(ctx context.Context) *SstUserInfo
SstUserInfoFromContext extract [sstUserInfo] from context.
Source Files