-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathextractor.go
More file actions
26 lines (23 loc) · 1015 Bytes
/
extractor.go
File metadata and controls
26 lines (23 loc) · 1015 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// Copyright 2026 Hyperscale. All rights reserved.
// Use of this source code is governed by a MIT
// license that can be found in the LICENSE file.
package security
import "context"
// Extractor pulls raw, unauthenticated credentials from a [Carrier] and
// returns an [Authentication] that captures them. The returned value MUST
// have IsAuthenticated() == false: validation is the [Authenticator]'s job.
//
// Sentinel conventions:
//
// - Return (nil, nil) when no credentials of the supported scheme are
// present. The Engine treats this as "this extractor does not apply"
// and consults the next one.
// - Return (nil, err) wrapping a security sentinel when credentials were
// present but malformed (e.g. invalid base64 in Basic). The Engine
// surfaces err to the caller and stops; downstream authenticators are
// not invoked.
//
// Implementations MUST be safe for concurrent use.
type Extractor interface {
Extract(ctx context.Context, c Carrier) (Authentication, error)
}