Package accesspolicy provides functionality to check and validate access policies.

Package actor implements the context marking for internal/external actors.

Package auth0 related operations such as ID token/JWT verification.

Package handler contains HTTP server interceptors related to authentication and authorization.

Package interceptor contains gRPC server interceptors related to authentication and authorization.

Package role contains the role definitions and checks.

Package scope contains the scope definitions and checks.

Package serviceaccount defines common code for creating a service account.

Package user contains the auth.User and auth.Identity related operations.

Check checks the given context for the given authentication and authorization conditions.

CheckGRPC wraps Check function returning gRPC error codes.

DefaultCheckOptions returns the default check options.

EnsureAuthConfigResource creates/configures the auth config resource.

WithExactRoles checks the context to have exactly one of the given roles.

WithRole checks the context to have the given role.

WithValidSignature checks if the context has a valid signature.

WithVerifiedEmail checks if there is a verified email in the context.

CLIAuthFlow is the name of the authentication flow used for CLI authentication.

FlowQueryParam is the name of the query parameter used to specify the authentication flow.

ProxyAuthFlow is the name of the authentication flow used for proxy authentication.

RedirectQueryParam is the name of the query parameter used to specify URL or route to redirect after authentication flow is complete.

tsgen:samlSessionHeader.

ServiceAccountMaxAllowedLifetime is the maximum allowed lifetime for a service account.

tsgen:SignatureVersionV1.

ErrUnauthenticated is returned when the context does not contain the required authentication information.

ErrUnauthorized is returned when the context does not contain the required authorization information.

Authenticator represents an authenticator.

CheckOptions are the options for the checks.

CheckResult is the result of a successful check.

EnabledAuthContextKey is the context key for enabled authentication.

GRPCMessageContextKey is the context key for the GRPC message.

IdentityContextKey is the context key for the user identity.

RoleContextKey is the context key for the role.

UserIDContextKey is the context key for the user ID.

VerifiedEmailContextKey is the context key for the verified email address.

AuthenticatorFunc represents a function that returns an authenticator for the given public key fingerprint.

CheckOption is a functional option for Check.