iap

Documentation

Index

• Constants
• func GetIAPAuthToken(domain, helperID, helperSecret, IAPclientID string, forcebrowserflow bool) (string, error)
• type Cookie
  • func NewCookie(domain string, forcebrowserflow bool) (*Cookie, error)
  • func ReadCookie(domain string) (*Cookie, error)
  • func (c *Cookie) Expired() bool

Constants

const (
	// CacheProtocol is the protocol used when saving the refresh-token in git-credential-store
	// It can be an arbitrary value.
	CacheProtocol = "iap"

	// CacheUsername is the username used when saving the refresh-token in git-credential-store.
	// It can be an arbitrary value.
	CacheUsername = "refresh-token"
)

const (
	// IAPCookieName is the name of the HTTP Cookie that will be used to send the IAP Token.
	// see: https://cloud.google.com/blog/products/gcp/getting-started-with-cloud-identity-aware-proxy
	IAPCookieName = "GCP_IAAP_AUTH_TOKEN"
)

Functions

func GetIAPAuthToken

func GetIAPAuthToken(domain, helperID, helperSecret, IAPclientID string, forcebrowserflow bool) (string, error)

GetIAPAuthToken take care of the IAP Authentication process when relevant. It optmize this workflow by detecting cases where an existing IAP auth token is already available, and caching a refresh-token. It returns a raw IAP auth token and any error encountered.

Types

type Cookie

type Cookie struct {
	JarPath string
	Domain  string
	Token   jwt.Token
	Claims  jwt.StandardClaims
}

A Cookie holds pieces of information required to manage the IAP cookie

func NewCookie

func NewCookie(domain string, forcebrowserflow bool) (*Cookie, error)

NewCookie takes care of the authentication workflow and creates the relevant IAP Cookie on the filesystem

func ReadCookie

func ReadCookie(domain string) (*Cookie, error)

ReadCookie lookup the http.cookieFile for a given domain and try to load it from the filesystem

func (*Cookie) Expired

func (c *Cookie) Expired() bool

Expired returns a boolean that indicate if the expires-at claim is in the future