authkit/doc.go at master · meigma/authkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
// Package authkit provides core authentication and authorization contracts for
// Go Web API services.
//
// The core pipeline keeps credentials separate from authorization decisions:
// principal authenticators return internal Principal values for authkit-owned
// request credentials. External identities are verified and exchanged before a
// request reaches protected resource routes. An Authorizer evaluates
// authorization checks containing the principal, action, application Resource,
// and caller-supplied Facts.
//
// Subpackages are organised by role:
//
//   - access/jwt        — issue and verify authkit-owned access JWTs.
//   - access/middleware — adapt access JWTs to HTTP bearer authentication.
//   - authz/role        — authorize from local admin-managed roles and
//     effective action grants.
//   - authz/casbin      — adapt a Casbin enforcer to authkit.Authorizer.
//   - http/auth         — net/http middleware atop an authkit.Pipeline.
//   - http/facts        — opt-in HTTP request fact helpers.
//   - http/compose      — thin convenience wiring for common setups.
//   - proof/oidc        — verify trusted OIDC-issued JWT bearer tokens.
//   - proof/passkey     — WebAuthn passkey registration and login ceremonies.
//   - proof/apikey      — issue, verify, and revoke opaque API tokens.
//   - exchange          — trade verified external proof for an access JWT.
//   - onboarding        — attach identities and provision principals.
//   - provisioning      — opt-in auto-provisioning during principal resolution.
//   - management        — service facade for admin setup flows.
//   - store/memory      — in-memory storage adapter.
//   - store/postgres    — pgxpool-backed Postgres storage adapter.
package authkit