github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/pkg/usertokens/usertokens.go (about) 1 package usertokens 2 3 import ( 4 "context" 5 "fmt" 6 "net/url" 7 8 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/usertokens/common" 9 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/usertokens/oidc" 10 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/usertokens/pkitokens" 11 12 "go.uber.org/zap" 13 ) 14 15 // Verifier is a generic JWT verifier interface. Different implementations 16 // will use different client libraries to verify the tokens. Currently 17 // requires only one method. Given a token, return the claims and whether 18 // there is a verification error. 19 type Verifier interface { 20 VerifierType() common.JWTType 21 Validate(ctx context.Context, token string) ([]string, bool, string, error) 22 Callback(ctx context.Context, u *url.URL) (string, string, int, error) 23 IssueRedirect(string) string 24 } 25 26 // NewVerifier initializes data structures based on the interface that 27 // is transmitted over the RPC between main and remote enforcers. 28 func NewVerifier(ctx context.Context, v Verifier) (Verifier, error) { 29 if v == nil { 30 return nil, nil 31 } 32 switch v.VerifierType() { 33 case common.PKI: 34 p := v.(*pkitokens.PKIJWTVerifier) 35 v, err := pkitokens.NewVerifier(p) 36 if err != nil { 37 return nil, err 38 } 39 return v, nil 40 case common.OIDC: 41 p := v.(*oidc.TokenVerifier) 42 verifier, err := oidc.NewClient(ctx, p) 43 if err != nil { 44 zap.L().Debug("usertokens: oidc.NewClient() failed", zap.Error(err)) 45 return nil, err 46 } 47 return verifier, nil 48 } 49 return nil, fmt.Errorf("unknown verifier type") 50 }