auth

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2025 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrInvalidToken = errors.New("invalid token")

The error that a TokenVerifier should return if the token cannot be verified.

Functions

func RequireBearerToken 

func RequireBearerToken(verifier TokenVerifier, opts *RequireBearerTokenOptions) func(http.Handler) http.Handler

RequireBearerToken returns a piece of middleware that verifies a bearer token using the verifier. If verification succeeds, the TokenInfo is added to the request's context and the request proceeds. If verification fails, the request fails with a 401 Unauthenticated, and the WWW-Authenticate header is populated to enable protected resource metadata.

Types

type RequireBearerTokenOptions 

type RequireBearerTokenOptions struct {
	// The URL for the resource server metadata OAuth flow, to be returned as part
	// of the WWW-Authenticate header.
	ResourceMetadataURL string
	// The required scopes.
	Scopes []string
}

RequireBearerTokenOptions are options for RequireBearerToken.

type TokenInfo 

type TokenInfo struct {
	Scopes     []string
	Expiration time.Time
	// TODO: add standard JWT fields
	Extra map[string]any
}

TokenInfo holds information from a bearer token.

func TokenInfoFromContext 

func TokenInfoFromContext(ctx context.Context) *TokenInfo

TokenInfoFromContext returns the TokenInfo stored in ctx, or nil if none.

type TokenVerifier 

type TokenVerifier func(ctx context.Context, token string) (*TokenInfo, error)

A TokenVerifier checks the validity of a bearer token, and extracts information from it. If verification fails, it should return an error that unwraps to ErrInvalidToken.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.