Commit Graph

25 Commits

Author SHA1 Message Date
Asim Aslam
6920677f1e Move rules.Verify to auth.VerifyAccess 2020-07-19 13:12:03 +01:00
Asim Aslam
96233b2d9b auth jwt / service package comments 2020-07-19 10:53:38 +01:00
ben-toogood
09ec20fded
runtime: provide credentials to services (#1817)
* runtime: inject credentials into service

* util/auth: self generate accounts (needed for jwt)

* runtime/kubernetes: add logging for creds

* runtime/kubernetes: serialize secret name

* runtime/kubernetes: remove unused code

* runtime/kubernetes: base64 encode secret

* runtime/kubernetes: remove metadata from secret

* util/kubernetes/client: omit empty secret metadata

* util/kubernetes/client: fix secret template

* util/kubernetes/client: fix secrets

* web: update auth util

* util/auth: fix missing arg

* extend token expiry

* extend token expiry
2020-07-10 16:25:46 +01:00
ben-toogood
9d3365c4be
auth: rename auth.Namespace to auth.Issuer (#1710) 2020-06-17 12:26:27 +01:00
huanghuan.27@bytedance.com
219d29f664 fix jwt revoke 2020-06-02 10:26:33 +08:00
Ben Toogood
5712cc9c62 Merge master 2020-05-26 15:52:21 +01:00
Ben Toogood
12061bd006 Add account issuers 2020-05-21 16:41:55 +01:00
Ben Toogood
856c73b341 Remove roles (replaced with scope) 2020-05-21 14:56:17 +01:00
Ben Toogood
344ce061ce Verify Options 2020-05-20 16:49:52 +01:00
Ben Toogood
f6d9416a9e Add Rule to Auth interface 2020-05-20 11:59:01 +01:00
Ben Toogood
dc10f88c12 Replace auth account.Namespace with account.Scopes 2020-05-19 18:17:17 +01:00
Ben Toogood
16af265e8b Seperate JWT refresh / access tokens 2020-05-14 13:56:51 +01:00
Ben Toogood
70736e24c0 Set RefreshToken 2020-04-29 13:33:22 +01:00
Ben Toogood
94971aee77 Complete JWT implementation 2020-04-29 13:21:51 +01:00
Ben Toogood
0ed66d0664 Fix Typo 2020-04-29 09:38:39 +01:00
Ben Toogood
7e27c97c6c Remove Comment 2020-04-29 09:22:15 +01:00
Ben Toogood
669364985e JWT auth implementation 2020-04-29 09:21:17 +01:00
ben-toogood
e0e77f3983
Updated auth interface (#1384)
* Updated  auth interface

* Add Rule

* Remove Rule

* Return token from Renew

* Renew => Refresh

* Implement Tokens & Default Auth Implementation

* Change default auth to noop

* Change default auth to noop

* Move token.Token to auth.Token

* Remove Token from Account

* Auth service implementation

* Decode JWT locally

* Cookie for secret

* Move string to bottom of interface definition

* Depricate auth_exclude

* Update auth wrappers

* Update go.sum

Co-authored-by: Ben Toogood <ben@micro.mu>
2020-03-23 16:19:30 +00:00
ben-toogood
8a41d369f2
Auth JWT ID Fix (#1359)
* Auth JWT ID Fix

* Remove unused ID in jwt claims

Co-authored-by: Ben Toogood <ben@micro.mu>
2020-03-17 16:59:57 +00:00
mlboy
1a4f608ed1
add: auth add generate options Expiry for set token expires (#1319)
Co-authored-by: mlboy <ml3@meitu.com>
Co-authored-by: Asim Aslam <asim@aslam.me>
2020-03-09 17:16:31 +00:00
Asim Aslam
6aaaf54275
add MICRO_AUTH_TOKEN, parse token in wrapper, preload config and othe… (#1261)
* add MICRO_AUTH_TOKEN, parse token in wrapper, preload config and other things

* fix wrapper panic
2020-02-25 22:15:44 +00:00
ben-toogood
36bcd3bd82
Improve JWT Package Errors (#1206)
Co-authored-by: Asim Aslam <asim@aslam.me>
2020-02-19 09:51:43 +01:00
58598d0fe0
fixes for safe conversation and avoid panics (#1213)
* fixes for safe convertation

Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>

* fix client publish panic

If broker connect returns error we dont check it status and use
it later to publish message, mostly this is unexpected because
broker connection failed and we cant use it.
Also proposed solution have benefit - we flag connection status
only when we have succeseful broker connection

Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>

* api/handler/broker: fix possible broker publish panic

Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>
2020-02-18 23:05:38 +00:00
ben-toogood
4401c12e6c Auth Wrapper (#1174)
* Auth Wrapper

* Tweak cmd flag

* auth_excludes => auth_exclude

* Make Auth.Excludes variadic

* Use metadata.Get (passes through http and http2 it will go through various case formats)

* fix auth wrapper auth.Auth interface initialisation

Co-authored-by: Asim Aslam <asim@aslam.me>
2020-02-10 08:26:28 +00:00
ben-toogood
d621548120
Auth (#1147)
Implement the Auth interface, with JWT and service implementations.

* Update Auth Interface

* Define Auth Service Implementation

* Support Service Auth

* Add Auth Service Proto

* Remove erronious files

* Implement Auth Service Package

* Update Auth Interface

* Update Auth Interface. Add Validate, remove Add/Remove roles

* Make Revoke interface more explicit

* Refactor serializing and deserializing service accounts

* Fix srv name & update interface to be more explicit

* Require jwt public key for auth

* Rename Variables (Resource.ID => Resource.Name & ServiceAccount => Account)

* Implement JWT Auth Package

* Remove parent, add ID

* Update auth imports to v2. Add String() to auth interface
2020-02-03 08:16:02 +00:00