Documentation ¶
Index ¶
- Variables
- type Claims
- type OAuthProxy
- func (p *OAuthProxy) AuthenticateOnly(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) ClearCSRFCookie(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) error
- func (p *OAuthProxy) ErrorJSON(rw http.ResponseWriter, code int)
- func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string)
- func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
- func (p *OAuthProxy) GetRedirectURI(host string) string
- func (p *OAuthProxy) IsValidRedirect(redirect string) bool
- func (p *OAuthProxy) IsWhitelistedPath(path string) bool
- func (p *OAuthProxy) IsWhitelistedRequest(req *http.Request) bool
- func (p *OAuthProxy) LoadCookiedSession(req *http.Request) (*sessionsapi.SessionState, error)
- func (p *OAuthProxy) MakeCSRFCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie
- func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter)
- func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *sessionsapi.SessionState) error
- func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, val string)
- func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) SkipAuthProxy(rw http.ResponseWriter, req *http.Request)
- func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNeedsLogin means the user should be redirected to the login page ErrNeedsLogin = errors.New("redirect to login page") )
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct { Proxy struct { UserAttributes map[string]interface{} `json:"user_attributes"` } `json:"ak_proxy"` }
func (*Claims) FromIDToken ¶
type OAuthProxy ¶
type OAuthProxy struct { CookieSeed string CookieName string CSRFCookieName string CookieDomains []string CookiePath string CookieSecure bool CookieHTTPOnly bool CookieExpire time.Duration CookieRefresh time.Duration CookieSameSite string RobotsPath string SignInPath string SignOutPath string OAuthStartPath string OAuthCallbackPath string AuthOnlyPath string UserInfoPath string ProxyPrefix string SetXAuthRequest bool SetBasicAuth bool PassUserHeaders bool BasicAuthUserAttribute string BasicAuthPasswordAttribute string PassAccessToken bool SetAuthorization bool PassAuthorization bool PreferEmailToUser bool // contains filtered or unexported fields }
OAuthProxy is the main authentication proxy
func NewOAuthProxy ¶
func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error)
NewOAuthProxy creates a new instance of OAuthProxy from the options provided
func (*OAuthProxy) AuthenticateOnly ¶
func (p *OAuthProxy) AuthenticateOnly(rw http.ResponseWriter, req *http.Request)
AuthenticateOnly checks whether the user is currently logged in
func (*OAuthProxy) ClearCSRFCookie ¶
func (p *OAuthProxy) ClearCSRFCookie(rw http.ResponseWriter, req *http.Request)
ClearCSRFCookie creates a cookie to unset the CSRF cookie stored in the user's session
func (*OAuthProxy) ClearSessionCookie ¶
func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) error
ClearSessionCookie creates a cookie to unset the user's authentication cookie stored in the user's session
func (*OAuthProxy) ErrorJSON ¶
func (p *OAuthProxy) ErrorJSON(rw http.ResponseWriter, code int)
ErrorJSON returns the error code with an application/json mime type
func (*OAuthProxy) ErrorPage ¶
func (p *OAuthProxy) ErrorPage(rw http.ResponseWriter, code int, title string, message string)
ErrorPage writes an error response
func (*OAuthProxy) GetRedirect ¶
func (p *OAuthProxy) GetRedirect(req *http.Request) (redirect string, err error)
GetRedirect reads the query parameter to get the URL to redirect clients to once authenticated with the OAuthProxy
func (*OAuthProxy) GetRedirectURI ¶
func (p *OAuthProxy) GetRedirectURI(host string) string
GetRedirectURI returns the redirectURL that the upstream OAuth Provider will redirect clients to once authenticated
func (*OAuthProxy) IsValidRedirect ¶
func (p *OAuthProxy) IsValidRedirect(redirect string) bool
IsValidRedirect checks whether the redirect URL is whitelisted
func (*OAuthProxy) IsWhitelistedPath ¶
func (p *OAuthProxy) IsWhitelistedPath(path string) bool
IsWhitelistedPath is used to check if the request path is allowed without auth
func (*OAuthProxy) IsWhitelistedRequest ¶
func (p *OAuthProxy) IsWhitelistedRequest(req *http.Request) bool
IsWhitelistedRequest is used to check if auth should be skipped for this request
func (*OAuthProxy) LoadCookiedSession ¶
func (p *OAuthProxy) LoadCookiedSession(req *http.Request) (*sessionsapi.SessionState, error)
LoadCookiedSession reads the user's authentication details from the request
func (*OAuthProxy) MakeCSRFCookie ¶
func (p *OAuthProxy) MakeCSRFCookie(req *http.Request, value string, expiration time.Duration, now time.Time) *http.Cookie
MakeCSRFCookie creates a cookie for CSRF
func (*OAuthProxy) OAuthCallback ¶
func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request)
OAuthCallback is the OAuth2 authentication flow callback that finishes the OAuth2 authentication flow
func (*OAuthProxy) OAuthStart ¶
func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request)
OAuthStart starts the OAuth2 authentication flow
func (*OAuthProxy) Proxy ¶
func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request)
Proxy proxies the user request if the user is authenticated else it prompts them to authenticate
func (*OAuthProxy) RobotsTxt ¶
func (p *OAuthProxy) RobotsTxt(rw http.ResponseWriter)
RobotsTxt disallows scraping pages from the OAuthProxy
func (*OAuthProxy) SaveSession ¶
func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *sessionsapi.SessionState) error
SaveSession creates a new session cookie value and sets this on the response
func (*OAuthProxy) ServeHTTP ¶
func (p *OAuthProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)
func (*OAuthProxy) SetCSRFCookie ¶
func (p *OAuthProxy) SetCSRFCookie(rw http.ResponseWriter, req *http.Request, val string)
SetCSRFCookie adds a CSRF cookie to the response
func (*OAuthProxy) SignOut ¶
func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request)
SignOut sends a response to clear the authentication cookie
func (*OAuthProxy) SkipAuthProxy ¶
func (p *OAuthProxy) SkipAuthProxy(rw http.ResponseWriter, req *http.Request)
SkipAuthProxy proxies whitelisted requests and skips authentication
func (*OAuthProxy) UserInfo ¶
func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request)
UserInfo endpoint outputs session email and preferred username in JSON format