/
options.go
79 lines (60 loc) · 2.72 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package token
import (
"time"
"github.com/xmidt-org/themis/key"
)
// RemoteClaims describes a remote HTTP endpoint that can produce claims given the
// metadata from a token request.
type RemoteClaims struct {
// Method is the HTTP method used to invoke the URL
Method string
// URL is the remote endpoint that is expected to receive Request.Metadata and return a JSON document
// which is merged into the token claims
URL string
}
// Value represents information pulled from either the HTTP request or statically, via config.
type Value struct {
// Header is an HTTP header from which the value is pulled
Header string
// Parameter is a URL query parameter (including form data) from which the value is pulled
Parameter string
// Variable is a URL gorilla/mux variable from with the value is pulled
Variable string
// Required indicates that this value is required. Only applies to HTTP values.
Required bool
// Value is the statically assigned value from configuration
Value interface{}
}
// Options holds the configurable information for a token Factory
type Options struct {
// Alg is the required JWT signing algorithm to use
Alg string
// Key describes the signing key to use
Key key.Descriptor
// Claims is an optional map of claims to add to every token emitted by this factory.
// Any claims here can be overridden by claims within a token Request.
Claims map[string]Value
// Metadata describes non-claim data, which can be statically configured or supplied via a request
Metadata map[string]Value
// Nonce indicates whether a nonce (jti) should be applied to each token emitted
// by this factory.
Nonce bool
// DisableTime completely disables all time-based claims, such as iat. Setting this to true
// also causes Duration and NotBeforeDelta to be ignored.
DisableTime bool
// Duration specifies how long the token should be valid for. An exp claim is set
// using this duration from the current time if this field is positive.
Duration time.Duration
// DisableNotBefore specifically controls the nbf claim.
DisableNotBefore bool
// NotBeforeDelta is a golang duration that determines the nbf field. This field
// is parsed and added to the current time at the moment a token is issued. The result
// is set as an nbf claim. Note that the duration may be zero or negative.
//
// If either DisableTime or DisableNotBefore are true, this field is ignored and no nbf claim is emitted.
NotBeforeDelta time.Duration
// Remote specifies an optional external system that takes metadata from a token request
// and returns a set of claims to be merged into tokens returned by the Factory. Returned
// claims from the remote system do not override claims configured on the Factory.
Remote *RemoteClaims
}