oauth

package
v3.0.0-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 4, 2019 License: OSL-3.0 Imports: 9 Imported by: 0

README

Auth module

OpenId connect implementation to login against a configured SSO

Configuration example

auth:
  server: '%%ENV:AUTH_SERVER%%'
  secret: '%%ENV:AUTH_CLIENT_SECRET%%'
  clientid: '%%ENV:AUTH_CLIENT_ID%%'
  myhost: '%%ENV:FLAMINGO_HOSTNAME%%'
  disableOfflineToken: true

Specific scopes

By default, email and profile are added into scopes list (openid scope is attached always to the list, so it's not necessary to add it).

auth:
  ...
  scopes:
  - email
  - profile
  - address

Specific claims

As openid connect standard it's possible to require claims in auth request. By default, claims are empty, but it's possible to define a list of voluntaries claims as a list named "claims".

auth:
  ...
  claims:
  - someName
  - someEmail
  - someSalutation

Specific mapping

If it's necessary, fields from id_token and userinfo can be mapped to the actual user entity. By default, only sub, name and email fields are mapped.

To map to a specific field, use top-level attribute mapping (in example, fields, like someEmail or someName from id_token, would be mapped to desired fields email and name in the user entity).

auth:
  ...
  mapping.idToken:
    sub: someSub
    name: someName
    email: someEmail
    salutation: someSalutation
    firstName: someFirstName
    lastName: someLastName
    street: someStreet
    zipCode: someZipCode
    city: someCity
    dateOfBirth: someDateOfBirth
    country: someCountry
    customFields:
    - someField1
    - someField2

Use fakes

For testing purposes it's possible to use fakes. In this case, login/logout process is simulated and it doesn't use any real SSO service. Still, all login and logout links are valid and clickable, and user data provided from UserService is still present, after "login". Whole process simply redirects to internal pages and handle session user data. To specify using of fake services and user data, check configuration below. Attribute names used for fakeUserData are the same ones used for id_token mapping.

auth:
  ...
  useFake: true
  fakeLoginTemplate: "fake/login"
  fakeUserData:
    sub: ID123456
    email: email@domain.com
    name: "Mr. Flamingo"
    ...

It's possible to provide fake login page. In this case, the template for fake login page would be shown. Expected behaviour would be to have a login button that points to auth.callback handler, so it can finish the login process. Fake user data is stored in session anyway, but with fakeLoginTemplate parameter it's allowed to add a dummy login page in the middle of fake auth process.

html
  ...
  a(href=url("auth.callback")) Login

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Module

type Module struct {
	UseFake                     bool   `inject:"config:oauth.useFake"`
	PreventSimultaneousSessions bool   `inject:"config:oauth.preventSimultaneousSessions"`
	SessionBackend              string `inject:"config:session.backend"`
}

Module for core.auth

func (*Module) Configure

func (m *Module) Configure(injector *dingo.Injector)

Configure core.auth module

func (*Module) DefaultConfig

func (m *Module) DefaultConfig() config.Map

DefaultConfig for auth module

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL