doorman/authn/authn.go

// Package authn is in charge authenticating requests.
//
// Authenticators will be instantiated per identity provider URI.
// Currently only OpenID is supported.
//
// OpenID configuration and keys will be cached.
package authn

import (
	"fmt"
	"net/http"
	"strings"
)

// UserInfo contains the necessary attributes used in Doorman policies.
type UserInfo struct {
	ID     string
	Email  string
	Groups []string
}

// Authenticator is in charge of authenticating requests.
type Authenticator interface {
	ValidateRequest(*http.Request) (*UserInfo, error)
}

var authenticators map[string]Authenticator

func init() {
	authenticators = map[string]Authenticator{}
}

// NewAuthenticator instantiates or reuses an existing one for the specified
// identity provider.
func NewAuthenticator(idP string) (Authenticator, error) {
	if !strings.HasPrefix(idP, "https://") {
		return nil, fmt.Errorf("identify provider %q does not use the https:// scheme", idP)
	}
	// Reuse authenticator instances.
	a, ok := authenticators[idP]
	if !ok {
		// Only OpenID is currently supported.
		a = newOpenIDAuthenticator(idP)
		authenticators[idP] = a
	}
	return a, nil
}
Split JWT code to authn module (ref #86) (#87) * Split JWT code to authn module * Clean up public members of the authn package 2018-01-19 19:36:52 +03:00			`// Package authn is in charge authenticating requests.`
Add some package docstrings (fixes #85) 2018-01-26 12:55:53 +03:00			`//`
Fetch userinfos when access token is provided (fixes #80) (#89) 2018-01-26 11:26:21 +03:00			`// Authenticators will be instantiated per identity provider URI.`
			`// Currently only OpenID is supported.`
			`//`
			`// OpenID configuration and keys will be cached.`
Split JWT code to authn module (ref #86) (#87) * Split JWT code to authn module * Clean up public members of the authn package 2018-01-19 19:36:52 +03:00			`package authn`
Verify JWT token 2017-10-03 17:27:04 +03:00
			`import (`
Remove Auth0 specific code (fixes #82) (#83) 2018-01-17 17:50:04 +03:00			`"fmt"`
Add tests for token verification 2017-10-05 16:55:56 +03:00			`"net/http"`
First phase, using payload info (ref #55) 2017-12-04 20:12:04 +03:00			`"strings"`
Verify JWT token 2017-10-03 17:27:04 +03:00			`)`

Fetch userinfos when access token is provided (fixes #80) (#89) 2018-01-26 11:26:21 +03:00			`// UserInfo contains the necessary attributes used in Doorman policies.`
			`type UserInfo struct {`
			`ID string`
			`Email string`
			`Groups []string`
Mock and unit test Auth0 JWT claims extraction 2017-10-30 17:05:12 +03:00			`}`

Fetch userinfos when access token is provided (fixes #80) (#89) 2018-01-26 11:26:21 +03:00			`// Authenticator is in charge of authenticating requests.`
			`type Authenticator interface {`
			`ValidateRequest(http.Request) (UserInfo, error)`
			`}`

			`var authenticators map[string]Authenticator`
Verify JWT token 2017-10-03 17:27:04 +03:00
Move JWT issuer to config 2017-11-17 17:15:19 +03:00			`func init() {`
Fetch userinfos when access token is provided (fixes #80) (#89) 2018-01-26 11:26:21 +03:00			`authenticators = map[string]Authenticator{}`
Move JWT issuer to config 2017-11-17 17:15:19 +03:00			`}`
Split Auth0 code from rest of JWT 2017-11-06 14:57:43 +03:00
Fetch userinfos when access token is provided (fixes #80) (#89) 2018-01-26 11:26:21 +03:00			`// NewAuthenticator instantiates or reuses an existing one for the specified`
			`// identity provider.`
			`func NewAuthenticator(idP string) (Authenticator, error) {`
			`if !strings.HasPrefix(idP, "https://") {`
			`return nil, fmt.Errorf("identify provider %q does not use the https:// scheme", idP)`
Remove Auth0 specific code (fixes #82) (#83) 2018-01-17 17:50:04 +03:00			`}`
Fetch userinfos when access token is provided (fixes #80) (#89) 2018-01-26 11:26:21 +03:00			`// Reuse authenticator instances.`
Move handlers to dedicated package (Fixes #86) 2018-01-29 15:02:10 +03:00			`a, ok := authenticators[idP]`
Move JWT issuer to config 2017-11-17 17:15:19 +03:00			`if !ok {`
Fetch userinfos when access token is provided (fixes #80) (#89) 2018-01-26 11:26:21 +03:00			`// Only OpenID is currently supported.`
Move handlers to dedicated package (Fixes #86) 2018-01-29 15:02:10 +03:00			`a = newOpenIDAuthenticator(idP)`
			`authenticators[idP] = a`
Verify JWT token 2017-10-03 17:27:04 +03:00			`}`
Move handlers to dedicated package (Fixes #86) 2018-01-29 15:02:10 +03:00			`return a, nil`
Verify JWT token 2017-10-03 17:27:04 +03:00			`}`