idp

package

v1.3.0 Latest Latest Go to latest Published: Nov 15, 2019 License: AGPL-3.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/CanonicalLtd/candid

Links

Open Source Insights

Documentation ¶

Overview ¶

Package idp defines the API provided by all identity providers.

Index ¶

func Register(idpType string, f func(func(interface{}) error) (IdentityProvider, error))
type Config
- func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error
type DischargeTokenCreator
type IdentityProvider
type InitParams
type VisitCompleter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Register ¶

func Register(idpType string, f func(func(interface{}) error) (IdentityProvider, error))

Register is used by identity providers to register a function that can be used to unmarshal an identity provider type. When the identity provider with the given name is used, f will be called to unmarshal its parameters from YAML. Its argument will be an unmarshalYAML function that can be used to unmarshal the configuration parameters into its argument according to the rules specified in gopkg.in/yaml.v2.

Types ¶

type Config ¶

type Config struct {
	IdentityProvider
}

Config allows an IdentityProvider instance to be unmarshaled from a YAML configuration file. The "type" field determines which registered provider is used for the unmarshaling.

func (*Config) UnmarshalYAML ¶

func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error

type DischargeTokenCreator ¶

type DischargeTokenCreator interface {
	// DischargeToken creates a new httpbakery.DischargeToken for the
	// given identity.
	DischargeToken(ctx context.Context, id *store.Identity) (*httpbakery.DischargeToken, error)
}

A DischargeTokenCreator is used by the identity providers to create a new httpbakery.DischargeToken for authenticated identity.

type IdentityProvider ¶

type IdentityProvider interface {
	// Name is the short name for the identity provider, this will
	// appear in urls.
	Name() string

	// Domain is the domain in which this identity provider will
	// create users.
	Domain() string

	// Description is a name for the identity provider used to show
	// end users.
	Description() string

	// IconURL returns the URL of an icon image that represents the
	// identity provider.
	IconURL() string

	// Interactive indicates whether login is provided by the end
	// user interacting directly with the identity provider (usually
	// through a web browser).
	Interactive() bool

	// Hidden indicates that the IDP should not be listed on the
	// interactive login page, unless it has specifically been
	// requested (via a domain).
	Hidden() bool

	// Init is used to perform any one time initialization tasks that
	// are needed for the identity provider. Init is called once by
	// the identity manager once it has determined the identity
	// providers final location, any initialization tasks that depend
	// on having access to the final URL, or the per identity
	// provider database should be performed here.
	Init(ctx context.Context, params InitParams) error

	// URL returns the URL to use to attempt a login with this
	// identity provider. If the identity provider is interactive
	// then the user will be redirected to the URL. Otherwise the URL
	// is returned in the response to a request for login methods.
	// The given state value should be round-tripped through the
	// login interaction and used to verify the login when it
	// completes.
	URL(state string) string

	// SetInteraction adds interaction information for this identity
	// provider to the given interaction required error.
	SetInteraction(ierr *httpbakery.Error, dischargeID string)

	// Handle handles any requests sent to the identity provider's
	// endpoints. The URL.Path in the request will contain only the
	// handler local path, that is the part after URLPrefix above.
	// The given request will have had ParseForm called.
	Handle(ctx context.Context, w http.ResponseWriter, req *http.Request)

	// GetGroups retrieves additional group information that is
	// stored in the identity provider for the given identity.
	// TODO define what happens when the identity doesn't exist.
	GetGroups(ctx context.Context, id *store.Identity) (groups []string, err error)
}

IdentityProvider is the interface that is satisfied by all identity providers.

type InitParams ¶

type InitParams struct {
	// Store contains the identity store being used in the identity
	// server.
	Store store.Store

	// KeyValueStore contains a store that the provider may use to
	// store additional data that is not related to identities.
	KeyValueStore simplekv.Store

	// Oven contains an oven that may be used in the identity
	// provider to mint new macaroons.
	Oven *bakery.Oven

	// Codec contains the codec used to encode/decode session cookies
	// in the login flow.
	Codec *secret.Codec

	// Location contains the root location of the candid server.
	Location string

	// URLPrefix contains the prefix of all requests to the Handle
	// method. The URL.Path parameter in the request passed to handle
	// will contain only the part after this prefix.
	URLPrefix string

	// DischargeTokenCreator is the DischargeTokenCreator that the identity
	// provider should use to create discharge tokens.
	DischargeTokenCreator DischargeTokenCreator

	// VisitCompleter is the LoginCompleter that the identity
	// provider should use to complete visit requests.
	VisitCompleter VisitCompleter

	// Template contains the templates loaded in the identity server.
	Template *template.Template
}

InitParams are passed to the identity provider to initialise it.

type VisitCompleter ¶

type VisitCompleter interface {
	// Success is used by an identity provider to indicate that a
	// successful login has been completed for the given identity.
	Success(ctx context.Context, w http.ResponseWriter, req *http.Request, dischargeID string, id *store.Identity)

	// Failure is used by an identity provider to indicate that a
	// login attempt has failed with the specified error.
	Failure(ctx context.Context, w http.ResponseWriter, req *http.Request, dischargeID string, err error)

	// RedirectFailure redirects to the given returnTo address with the given error.
	RedirectFailure(ctx context.Context, w http.ResponseWriter, req *http.Request, returnTo, state string, err error)

	// RedirectSuccess redirects to the given returnTo address
	// providing a code which can be used by the client to obtain a
	// disharge token for the given id.
	RedirectSuccess(ctx context.Context, w http.ResponseWriter, req *http.Request, returnTo, state string, id *store.Identity)
}

A VisitCompleter is used by the identity providers to finish login visit attempts.

Source Files ¶

View all Source files

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
agent Package agent is an identity provider that uses the agent authentication scheme.	Package agent is an identity provider that uses the agent authentication scheme.
azure Package azure is an identity provider that authenticates with azure.	Package azure is an identity provider that authenticates with azure.
google Package google is an identity provider that authenticates with google.	Package google is an identity provider that authenticates with google.
idptest
idputil Package idputil contains utility routines common to many identity providers.	Package idputil contains utility routines common to many identity providers.
secret
keystone Package keystone contains identity providers that validate against keystone servers.	Package keystone contains identity providers that validate against keystone servers.
internal/keystone Package keystone implements a keystone client.	Package keystone implements a keystone client.
internal/mockkeystone
ldap Package ldap contains identity providers that validate against ldap servers.	Package ldap contains identity providers that validate against ldap servers.
openid Package openid provides identity providers that use OpenID to determine the identity.	Package openid provides identity providers that use OpenID to determine the identity.
static Package static contains identity providers that validate against a static list of users.	Package static contains identity providers that validate against a static list of users.
usso Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID.	Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID.
internal/kvnoncestore Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore.	Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore.
internal/mockusso
ussodischarge Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol.	Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol.
ussodischarge/cmd/login login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol.	login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol.
ussooauth Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth.	Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth.