auth package - github.com/sap/cloud-security-client-go/auth

auth package - github.com/sap/cloud-security-client-go/auth - Go Packages

SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors

SPDX-License-Identifier: Apache-2.0

SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors

SPDX-License-Identifier: Apache-2.0

This section is empty.

ErrClaimNotExists shows that the requested custom claim does not exist in the token

type Certificate struct {
	
}

Certificate is the public API to access claims of the X509 client certificate.

ClientCertificateFromCtx retrieves the X.509 client certificate of a request which have been injected before via the auth middleware

GetThumbprint returns the thumbprint without padding.

The ContextKey type is used as a key for library related values in the go context. See also TokenCtxKey

const (
	TokenCtxKey             ContextKey = 0
	ClientCertificateCtxKey ContextKey = 1
)

TokenCtxKey is the key that holds the authorization value (*OIDCClaims) in the request context ClientCertificateCtxKey is the key that holds the x509 client certificate in the request context

type ErrorHandler ¶ added in v0.5.2

ErrorHandler is the type for the Error Handler which is called on unsuccessful token validation and if the AuthenticationHandler middleware func is used

type Middleware struct {
	
}

Middleware is the main entrypoint to the authn client library, instantiate with NewMiddleware. It holds information about the oAuth config and configured options. Use either the ready to use AuthenticationHandler as a middleware or implement your own middleware with the help of Authenticate.

NewMiddleware instantiates a new Middleware with defaults for not provided Options.

Authenticate authenticates a request and returns the Token if validation was successful, otherwise error is returned

AuthenticateWithProofOfPossession authenticates a request and returns the Token and the client certificate if validation was successful, otherwise error is returned

func (*Middleware) AuthenticationHandler ¶ added in v0.5.4

AuthenticationHandler authenticates a request and injects the claims into the request context. If the authentication (see Authenticate) does not succeed, the specified error handler (see Options.ErrorHandler) will be called and the current request will stop. In case of successful authentication the request context is enriched with the token, as well as the client certificate (if given).

func (m *Middleware) ClearCache()

ClearCache clears the entire storage of cached oidc tenants including their JWKs

GetTokenFlows creates or returns TokenFlows, otherwise error is returned

func (*Middleware) ParseAndValidateJWT ¶ added in v0.23.0

ParseAndValidateJWT parses the token into its claims, verifies the claims and verifies the signature

type Options struct {
	ErrorHandler ErrorHandler 
	HTTPClient   *http.Client 
}

Options can be used as a argument to instantiate a AuthMiddle with NewMiddleware.

NewToken creates a Token from an encoded jwt. !!! WARNING !!! No validation done when creating a Token this way. Use only in tests!

TokenFromCtx retrieves the claims of a request which have been injected before via the auth middleware

AppTID returns "app_tid" claim, if it doesn't exist empty string is returned

Audience returns "aud" claim, if it doesn't exist empty string is returned

Azp returns "azp" claim, if it doesn't exist empty string is returned

CustomIssuer returns "iss" claim if it is a custom domain (i.e. "ias_iss" claim available), otherwise empty string is returned

Email returns "email" claim, if it doesn't exist empty string is returned

Expiration returns "exp" claim, if it doesn't exist empty string is returned

FamilyName returns "family_name" claim, if it doesn't exist empty string is returned

func (t Token) GetAllClaimsAsMap() map[string]interface{}

GetAllClaimsAsMap returns a map of all claims contained in the token. The claim name is case sensitive. Includes also custom claims

GetClaimAsMap returns a map of all members and its values of a custom claim in the token. The member name is case sensitive. Returns error if the claim is not available or not a map

GetClaimAsString returns a custom claim type asserted as string. Returns error if the claim is not available or not a string.

GetClaimAsStringSlice returns a custom claim type asserted as string slice. The claim name is case-sensitive. Returns error if the claim is not available or not an array

GivenName returns "given_name" claim, if it doesn't exist empty string is returned

Groups returns "groups" claim, if it doesn't exist empty string is returned

HasClaim returns true if the provided claim exists in the token

func (t Token) IsExpired() bool

IsExpired returns true, if 'exp' claim + leeway time of 1 minute is before current time

IssuedAt returns "iat" claim, if it doesn't exist empty string is returned

Issuer returns token issuer with SAP domain; by default "iss" claim is returned or in case it is a custom domain, "ias_iss" is returned

NotBefore returns "nbf" claim, if it doesn't exist empty string is returned

ScimID returns "scim_id" claim, if it doesn't exist empty string is returned

Subject returns "sub" claim, if it doesn't exist empty string is returned

TokenValue returns encoded token string

UserUUID returns "user_uuid" claim, if it doesn't exist empty string is returned

ZoneID returns "app_tid" claim, if it doesn't exist empty string is returned Deprecated: is replaced by AppTID and will be removed with the next major release