miseadapter

package

v0.0.0-...-c78d89f Latest Latest Go to latest Published: Nov 4, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Azure/ARO-RP

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Client
- func New(httpClient *http.Client, miseAddress string) *Client
- func (c Client) ValidateRequest(ctx context.Context, input Input, log *logrus.Entry) (Result, error)
type FakeMISEAdapter
type Input
type MISEAdapter
- func NewAuthorizer(miseAddress string, log *logrus.Entry) MISEAdapter
- func NewFakeAuthorizer(miseAddress string, log *logrus.Entry, fakeclient *http.Client) MISEAdapter
type Result

Constants ¶

View Source

const (
	SubjectTokenClaimPrefix        = "Subject-Token-Claim-"
	ActorTokenClaimPrefix          = "Actor-Token-Claim-"
	EncodedSubjectTokenClaimPrefix = "Subject-Token-Encoded-Claim-"
	EncodedActorTokenClaimPrefix   = "Actor-Token-Encoded-Claim-"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client can delegate token validation to the Mise container.

func New ¶

func New(httpClient *http.Client, miseAddress string) *Client

New creates a Client able to delegate token validation.

func (Client) ValidateRequest ¶

func (c Client) ValidateRequest(ctx context.Context, input Input, log *logrus.Entry) (Result, error)

ValidateRequest transforms the Input object to a request to the Mise container and returns the Result object.

type FakeMISEAdapter ¶

type FakeMISEAdapter interface {
	IsAuthorized(ctx context.Context, r *http.Request) (bool, error)
	IsReady() bool
}

type Input ¶

type Input struct {
	// OriginalUri is the Uri of the original request being validated.
	OriginalUri string

	// OriginalMethod is the method of the original request being validated.
	OriginalMethod string

	// OriginalIpAddress is the IP address of original request being validated.
	OriginalIPAddress string

	// AuthorizationHeader is the authorization header of the original request being validated.
	AuthorizationHeader string

	// ReturnAllActorClaims specifies whether to return all claims from the actor token.
	ReturnAllActorClaims bool

	// ReturnAllSubjectClaims specifies whether to return all claims from the subject token.
	ReturnAllSubjectClaims bool

	// ActorClaimsToReturn specifies the specific claims to return from the actor token if present.
	ActorClaimsToReturn []string

	// SubjectClaimsToReturn specifies the specific claims to return from the subject token.
	SubjectClaimsToReturn []string
}

Input is the set of input options for Client.

type MISEAdapter ¶

type MISEAdapter interface {
	IsAuthorized(ctx context.Context, r *http.Request) (bool, error)
	IsReady() bool
}

func NewAuthorizer ¶

func NewAuthorizer(miseAddress string, log *logrus.Entry) MISEAdapter

func NewFakeAuthorizer ¶

func NewFakeAuthorizer(miseAddress string, log *logrus.Entry, fakeclient *http.Client) MISEAdapter

type Result ¶

type Result struct {
	// ActorClaims is the set of claims extracted from the actor token based on the input options.
	ActorClaims map[string][]string

	// SubjectClaims is the set of claims extracted from the subject token based on the input options.
	SubjectClaims map[string][]string

	// ErrorDescription is the description of the error from validating the token.
	ErrorDescription []string

	// WWWAuthenticate is the value of the WWWAuthenticate header when the request is unauthorized.
	WWWAuthenticate []string

	// StatusCode is the status code that the Mise container returns as a result of validating the token.
	StatusCode int
}

Result is the authentication result.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL