Documentation
¶
Overview ¶
Package auth defines the authentication layer of the application.
Index ¶
- Constants
- func GenerateProviders(ctx context.Context, config Config, redirectURL string) (pp map[string]Provider, err error)
- func GetClaimsFromRequest(r *http.Request) (claims jwt.Claims, ok bool)
- type Auth
- type Config
- type GitHubProvider
- type OIDCClaims
- type OIDCProvider
- type Provider
- type ProviderConfig
- type ProviderType
Constants ¶
const (
// TokenCookieKey is the key of the cookie stored in the context.
TokenCookieKey = "session_token"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Auth ¶
Auth is a service that provides HTTP handlers and middlewares used for authentication.
func (*Auth) CallBack ¶
func (a *Auth) CallBack() http.HandlerFunc
CallBack is the handler called after login.
It:
1. Fetches the accessToken 2. Fetches some user info and wrap them in a JWT token 3. Store the JWT token in a cookie for the browser.
func (*Auth) Login ¶
func (a *Auth) Login() http.HandlerFunc
Login is the handler that redirect to the authentication page of the OAuth Provider.
func (*Auth) Logout ¶
func (a *Auth) Logout() http.HandlerFunc
Logout removes session cookies and redirect to home.
type Config ¶
type Config struct {
Providers []ProviderConfig `yaml:"providers"`
SelfHostUsers bool `yaml:"selfHostUsers"`
}
Config is the authentication configuration definition for the application.
type GitHubProvider ¶ added in v1.3.0
GitHubProvider is a authentication provider which uses OAuth2 from GitHub and GitHub API as identity provider.
func (*GitHubProvider) DisplayName ¶ added in v1.3.0
func (p *GitHubProvider) DisplayName() string
DisplayName returns the display name of the provider.
func (*GitHubProvider) GetIdentity ¶ added in v1.3.0
func (p *GitHubProvider) GetIdentity( ctx context.Context, token *oauth2.Token, ) (userID string, userName string, err error)
GetIdentity fetches the identity of the authenticated user from the GitHub API.
It returns <provider>:<user id>.
type OIDCClaims ¶
type OIDCClaims struct {
jwt.RegisteredClaims
Name string `json:"name"`
Email string `json:"email"`
}
OIDCClaims are the standard fields given by an OIDC provider.
type OIDCProvider ¶ added in v1.3.0
OIDCProvider is a authentication provider which uses OpenID Connect.
func (*OIDCProvider) DisplayName ¶ added in v1.3.0
func (p *OIDCProvider) DisplayName() string
DisplayName returns the public name of the authenticated user.
func (*OIDCProvider) GetIdentity ¶ added in v1.3.0
func (p *OIDCProvider) GetIdentity( ctx context.Context, token *oauth2.Token, ) (userID string, userName string, err error)
GetIdentity fetches the identity of the authenticated user from the ID token.
It returns <provider>:<user id>.
type Provider ¶
type Provider interface {
// AuthCodeURL returns the URL of the consent page that asks for permissions.
AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
// Exchange converts a code into an OAuth2 token.
Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error)
// DisplayName is the provider's name that can be displayed publicly.
DisplayName() string
GetIdentity(
ctx context.Context,
token *oauth2.Token,
) (userID string, userName string, err error)
}
Provider is the interface that defines the necessary methods of authentication providers.
type ProviderConfig ¶
type ProviderConfig struct {
Type ProviderType `yaml:"type"`
Name string `yaml:"name"`
ClientID string `yaml:"clientID"`
ClientSecret string `yaml:"clientSecret"`
Endpoint string `yaml:"endpoint"`
}
ProviderConfig is the configuration of one provider to achieve the OAuth2 flow.
type ProviderType ¶
type ProviderType string
ProviderType is a string uses the indentify edge cases in authentication.
const ( // ProviderGitHub is the type of the authentication provider that uses GitHub OAuth2. ProviderGitHub ProviderType = "github" // ProviderOIDC is the generic type of authentication provider that uses OIDC. ProviderOIDC ProviderType = "oidc" )
Source Files
Directories