providers

package

v3.2.0+incompatible Latest Latest Go to latest Published: Apr 12, 2019 License: MIT Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/amiya-elear/oauth2_proxy-1

Documentation ¶

Index ¶

type AzureProvider
- func NewAzureProvider(p *ProviderData) *AzureProvider
- func (p *AzureProvider) Configure(tenant string)
- func (p *AzureProvider) GetEmailAddress(s *SessionState) (string, error)
type FacebookProvider
- func NewFacebookProvider(p *ProviderData) *FacebookProvider
- func (p *FacebookProvider) GetEmailAddress(s *SessionState) (string, error)
- func (p *FacebookProvider) ValidateSessionState(s *SessionState) bool
type GitHubProvider
- func NewGitHubProvider(p *ProviderData) *GitHubProvider
- func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)
- func (p *GitHubProvider) GetUserName(s *SessionState) (string, error)
- func (p *GitHubProvider) SetOrgTeam(org, team string)
type GitLabProvider
- func NewGitLabProvider(p *ProviderData) *GitLabProvider
- func (p *GitLabProvider) GetEmailAddress(s *SessionState) (string, error)
type GoogleProvider
- func NewGoogleProvider(p *ProviderData) *GoogleProvider
- func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error)
- func (p *GoogleProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)
- func (p *GoogleProvider) SetGroupRestriction(groups []string, adminEmail string, credentialsReader io.Reader)
- func (p *GoogleProvider) ValidateGroup(email string) bool
type LinkedInProvider
- func NewLinkedInProvider(p *ProviderData) *LinkedInProvider
- func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error)
- func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool
type LoginGovProvider
- func NewLoginGovProvider(p *ProviderData) *LoginGovProvider
- func (p *LoginGovProvider) GetLoginURL(redirectURI, state string) string
- func (p *LoginGovProvider) Redeem(redirectURL, code string) (s *SessionState, err error)
type OIDCProvider
- func NewOIDCProvider(p *ProviderData) *OIDCProvider
- func (p *OIDCProvider) Redeem(redirectURL, code string) (s *SessionState, err error)
- func (p *OIDCProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)
- func (p *OIDCProvider) ValidateSessionState(s *SessionState) bool
type Provider
- func New(provider string, p *ProviderData) Provider
type ProviderData
- func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)
- func (p *ProviderData) Data() *ProviderData
- func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)
- func (p *ProviderData) GetLoginURL(redirectURI, state string) string
- func (p *ProviderData) GetUserName(s *SessionState) (string, error)
- func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)
- func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)
- func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)
- func (p *ProviderData) ValidateGroup(email string) bool
- func (p *ProviderData) ValidateSessionState(s *SessionState) bool
type SessionState
- func DecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error)
- func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)
- func (s *SessionState) IsExpired() bool
- func (s *SessionState) String() string
type SessionStateJSON

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AzureProvider ¶

type AzureProvider struct {
	*ProviderData
	Tenant string
}

AzureProvider represents an Azure based Identity Provider

func NewAzureProvider ¶

func NewAzureProvider(p *ProviderData) *AzureProvider

NewAzureProvider initiates a new AzureProvider

func (*AzureProvider) Configure ¶

func (p *AzureProvider) Configure(tenant string)

Configure defaults the AzureProvider configuration options

func (*AzureProvider) GetEmailAddress ¶

func (p *AzureProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

type FacebookProvider ¶

type FacebookProvider struct {
	*ProviderData
}

FacebookProvider represents an Facebook based Identity Provider

func NewFacebookProvider ¶

func NewFacebookProvider(p *ProviderData) *FacebookProvider

NewFacebookProvider initiates a new FacebookProvider

func (*FacebookProvider) GetEmailAddress ¶

func (p *FacebookProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*FacebookProvider) ValidateSessionState ¶

func (p *FacebookProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type GitHubProvider ¶

type GitHubProvider struct {
	*ProviderData
	Org  string
	Team string
}

GitHubProvider represents an GitHub based Identity Provider

func NewGitHubProvider ¶

func NewGitHubProvider(p *ProviderData) *GitHubProvider

NewGitHubProvider initiates a new GitHubProvider

func (*GitHubProvider) GetEmailAddress ¶

func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*GitHubProvider) GetUserName ¶

func (p *GitHubProvider) GetUserName(s *SessionState) (string, error)

GetUserName returns the Account user name

func (*GitHubProvider) SetOrgTeam ¶

func (p *GitHubProvider) SetOrgTeam(org, team string)

SetOrgTeam adds GitHub org reading parameters to the OAuth2 scope

type GitLabProvider ¶

type GitLabProvider struct {
	*ProviderData
}

GitLabProvider represents an GitLab based Identity Provider

func NewGitLabProvider ¶

func NewGitLabProvider(p *ProviderData) *GitLabProvider

NewGitLabProvider initiates a new GitLabProvider

func (*GitLabProvider) GetEmailAddress ¶

func (p *GitLabProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

type GoogleProvider ¶

type GoogleProvider struct {
	*ProviderData
	RedeemRefreshURL *url.URL
	// GroupValidator is a function that determines if the passed email is in
	// the configured Google group.
	GroupValidator func(string) bool
}

GoogleProvider represents an Google based Identity Provider

func NewGoogleProvider ¶

func NewGoogleProvider(p *ProviderData) *GoogleProvider

NewGoogleProvider initiates a new GoogleProvider

func (*GoogleProvider) Redeem ¶

func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

func (*GoogleProvider) RefreshSessionIfNeeded ¶

func (p *GoogleProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required

func (*GoogleProvider) SetGroupRestriction ¶

func (p *GoogleProvider) SetGroupRestriction(groups []string, adminEmail string, credentialsReader io.Reader)

SetGroupRestriction configures the GoogleProvider to restrict access to the specified group(s). AdminEmail has to be an administrative email on the domain that is checked. CredentialsFile is the path to a json file containing a Google service account credentials.

func (*GoogleProvider) ValidateGroup ¶

func (p *GoogleProvider) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured Google group(s).

type LinkedInProvider ¶

type LinkedInProvider struct {
	*ProviderData
}

LinkedInProvider represents an LinkedIn based Identity Provider

func NewLinkedInProvider ¶

func NewLinkedInProvider(p *ProviderData) *LinkedInProvider

NewLinkedInProvider initiates a new LinkedInProvider

func (*LinkedInProvider) GetEmailAddress ¶

func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*LinkedInProvider) ValidateSessionState ¶

func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type LoginGovProvider ¶

type LoginGovProvider struct {
	*ProviderData

	// TODO (@timothy-spencer): Ideally, the nonce would be in the session state, but the session state
	// is created only upon code redemption, not during the auth, when this must be supplied.
	Nonce     string
	AcrValues string
	JWTKey    *rsa.PrivateKey
	PubJWKURL *url.URL
}

LoginGovProvider represents an OIDC based Identity Provider

func NewLoginGovProvider ¶

func NewLoginGovProvider(p *ProviderData) *LoginGovProvider

NewLoginGovProvider initiates a new LoginGovProvider

func (*LoginGovProvider) GetLoginURL ¶

func (p *LoginGovProvider) GetLoginURL(redirectURI, state string) string

GetLoginURL overrides GetLoginURL to add login.gov parameters

func (*LoginGovProvider) Redeem ¶

func (p *LoginGovProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

type OIDCProvider ¶

type OIDCProvider struct {
	*ProviderData

	Verifier *oidc.IDTokenVerifier
}

OIDCProvider represents an OIDC based Identity Provider

func NewOIDCProvider ¶

func NewOIDCProvider(p *ProviderData) *OIDCProvider

NewOIDCProvider initiates a new OIDCProvider

func (*OIDCProvider) Redeem ¶

func (p *OIDCProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

func (*OIDCProvider) RefreshSessionIfNeeded ¶

func (p *OIDCProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required

func (*OIDCProvider) ValidateSessionState ¶

func (p *OIDCProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState checks that the session's IDToken is still valid

type Provider ¶

type Provider interface {
	Data() *ProviderData
	GetEmailAddress(*SessionState) (string, error)
	GetUserName(*SessionState) (string, error)
	Redeem(string, string) (*SessionState, error)
	ValidateGroup(string) bool
	ValidateSessionState(*SessionState) bool
	GetLoginURL(redirectURI, finalRedirect string) string
	RefreshSessionIfNeeded(*SessionState) (bool, error)
	SessionFromCookie(string, *cookie.Cipher) (*SessionState, error)
	CookieForSession(*SessionState, *cookie.Cipher) (string, error)
}

Provider represents an upstream identity provider implementation

func New ¶

func New(provider string, p *ProviderData) Provider

New provides a new Provider based on the configured provider string

type ProviderData ¶

type ProviderData struct {
	ProviderName      string
	ClientID          string
	ClientSecret      string
	LoginURL          *url.URL
	RedeemURL         *url.URL
	ProfileURL        *url.URL
	ProtectedResource *url.URL
	ValidateURL       *url.URL
	Scope             string
	ApprovalPrompt    string
}

ProviderData contains information required to configure all implementations of OAuth2 providers

func (*ProviderData) CookieForSession ¶

func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)

CookieForSession serializes a session state for storage in a cookie

func (*ProviderData) Data ¶

func (p *ProviderData) Data() *ProviderData

Data returns the ProviderData

func (*ProviderData) GetEmailAddress ¶

func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*ProviderData) GetLoginURL ¶

func (p *ProviderData) GetLoginURL(redirectURI, state string) string

GetLoginURL with typical oauth parameters

func (*ProviderData) GetUserName ¶

func (p *ProviderData) GetUserName(s *SessionState) (string, error)

GetUserName returns the Account username

func (*ProviderData) Redeem ¶

func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem provides a default implementation of the OAuth2 token redemption process

func (*ProviderData) RefreshSessionIfNeeded ¶

func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded should refresh the user's session if required and do nothing if a refresh is not required

func (*ProviderData) SessionFromCookie ¶

func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)

SessionFromCookie deserializes a session from a cookie value

func (*ProviderData) ValidateGroup ¶

func (p *ProviderData) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured provider email group(s).

func (*ProviderData) ValidateSessionState ¶

func (p *ProviderData) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type SessionState ¶

type SessionState struct {
	AccessToken  string    `json:",omitempty"`
	IDToken      string    `json:",omitempty"`
	ExpiresOn    time.Time `json:"-"`
	RefreshToken string    `json:",omitempty"`
	Email        string    `json:",omitempty"`
	User         string    `json:",omitempty"`
}

SessionState is used to store information about the currently authenticated user session

func DecodeSessionState ¶

func DecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error)

DecodeSessionState decodes the session cookie string into a SessionState

func (*SessionState) EncodeSessionState ¶

func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)

EncodeSessionState returns string representation of the current session

func (*SessionState) IsExpired ¶

func (s *SessionState) IsExpired() bool

IsExpired checks whether the session has expired

func (*SessionState) String ¶

func (s *SessionState) String() string

String constructs a summary of the session state

type SessionStateJSON ¶

type SessionStateJSON struct {
	*SessionState
	ExpiresOn *time.Time `json:",omitempty"`
}

SessionStateJSON is used to encode SessionState into JSON without exposing time.Time zero value

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL