oauth

package

v1.0.47 Latest Latest Go to latest Published: Feb 6, 2024 License: Apache-2.0 Imports: 35 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andrewsonpradeep/go-authcrunch

Links

Open Source Insights

Documentation ¶

Index ¶

type Config
- func (cfg *Config) Validate() error
type IdentityProvider
- func NewIdentityProvider(cfg *Config, logger *zap.Logger) (*IdentityProvider, error)
type JwksKey
- func NewJwksKeyFromRSAPrivateKey(privKey *rsa.PrivateKey) (*JwksKey, error)
- func NewJwksKeyFromRSAPublicKeyPEM(kid, fp string) (*JwksKey, error)
- func (k *JwksKey) GetPublic() interface{}
- func (k *JwksKey) Validate() error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	Name              string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
	Realm             string `json:"realm,omitempty" xml:"realm,omitempty" yaml:"realm,omitempty"`
	Driver            string `json:"driver,omitempty" xml:"driver,omitempty" yaml:"driver,omitempty"`
	DomainName        string `json:"domain_name,omitempty" xml:"domain_name,omitempty" yaml:"domain_name,omitempty"`
	ClientID          string `json:"client_id,omitempty" xml:"client_id,omitempty" yaml:"client_id,omitempty"`
	ClientSecret      string `json:"client_secret,omitempty" xml:"client_secret,omitempty" yaml:"client_secret,omitempty"`
	ServerID          string `json:"server_id,omitempty" xml:"server_id,omitempty" yaml:"server_id,omitempty"`
	ServerName        string `json:"server_name,omitempty" xml:"server_name,omitempty" yaml:"server_name,omitempty"`
	AppSecret         string `json:"app_secret,omitempty" xml:"app_secret,omitempty" yaml:"app_secret,omitempty"`
	TenantID          string `json:"tenant_id,omitempty" xml:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`
	IdentityTokenName string `json:"identity_token_name,omitempty" xml:"identity_token_name,omitempty" yaml:"identity_token_name,omitempty"`

	// AWS Cognito User Pool ID
	UserPoolID string `json:"user_pool_id,omitempty" xml:"user_pool_id,omitempty" yaml:"user_pool_id,omitempty"`
	// AWS Region
	Region string `json:"region,omitempty" xml:"region,omitempty" yaml:"region,omitempty"`

	Scopes []string `json:"scopes,omitempty" xml:"scopes,omitempty" yaml:"scopes,omitempty"`

	// The number if seconds to wait before getting key material
	// from an OAuth 2.0 identity provider.
	DelayStart int `json:"delay_start,omitempty" xml:"delay_start,omitempty" yaml:"delay_start,omitempty"`
	// The number of the retry attempts getting key material
	// from an OAuth 2.0 identity provider.
	RetryAttempts int `json:"retry_attempts,omitempty" xml:"retry_attempts,omitempty" yaml:"retry_attempts,omitempty"`
	// The number of seconds to wait until the retrying.
	RetryInterval int `json:"retry_interval,omitempty" xml:"retry_interval,omitempty" yaml:"retry_interval,omitempty"`

	UserRoleMapList []map[string]interface{} `json:"user_roles,omitempty" xml:"user_roles,omitempty" yaml:"user_roles,omitempty"`

	// The URL to OAuth 2.0 Custom Authorization Server.
	BaseAuthURL string `json:"base_auth_url,omitempty" xml:"base_auth_url,omitempty" yaml:"base_auth_url,omitempty"`

	// The URL to OAuth 2.0 metadata related to your Custom Authorization Server.
	MetadataURL string `json:"metadata_url,omitempty" xml:"metadata_url,omitempty" yaml:"metadata_url,omitempty"`

	// The regex filters for user groups extracted via IdP API.
	UserGroupFilters []string `json:"user_group_filters,omitempty" xml:"user_group_filters,omitempty" yaml:"user_group_filters,omitempty"`
	// The regex filters for user orgs extracted via IdP API.
	UserOrgFilters []string `json:"user_org_filters,omitempty" xml:"user_org_filters,omitempty" yaml:"user_org_filters,omitempty"`

	// Disables metadata discovery via public metadata URL.
	MetadataDiscoveryDisabled bool `` /* 133-byte string literal not displayed */

	KeyVerificationDisabled bool `` /* 127-byte string literal not displayed */
	PassGrantTypeDisabled   bool `json:"pass_grant_type_disabled,omitempty" xml:"pass_grant_type_disabled,omitempty" yaml:"pass_grant_type_disabled,omitempty"`
	ResponseTypeDisabled    bool `json:"response_type_disabled,omitempty" xml:"response_type_disabled,omitempty" yaml:"response_type_disabled,omitempty"`
	NonceDisabled           bool `json:"nonce_disabled,omitempty" xml:"nonce_disabled,omitempty" yaml:"nonce_disabled,omitempty"`
	ScopeDisabled           bool `json:"scope_disabled,omitempty" xml:"scope_disabled,omitempty" yaml:"scope_disabled,omitempty"`

	AcceptHeaderEnabled bool `json:"accept_header_enabled,omitempty" xml:"accept_header_enabled,omitempty" yaml:"accept_header_enabled,omitempty"`

	JsCallbackEnabled bool `json:"js_callback_enabled,omitempty" xml:"js_callback_enabled,omitempty" yaml:"js_callback_enabled,omitempty"`

	// If enabled, portal redirects to identity provider logout URL. This would end the session with the provider.
	LogoutEnabled bool `json:"logout_enabled,omitempty" xml:"logout_enabled,omitempty" yaml:"logout_enabled,omitempty"`

	ResponseType []string `json:"response_type,omitempty" xml:"response_type,omitempty" yaml:"response_type,omitempty"`

	AuthorizationURL string `json:"authorization_url,omitempty" xml:"authorization_url,omitempty" yaml:"authorization_url,omitempty"`
	TokenURL         string `json:"token_url,omitempty" xml:"token_url,omitempty" yaml:"token_url,omitempty"`

	RequiredTokenFields []string `json:"required_token_fields,omitempty" xml:"required_token_fields,omitempty" yaml:"required_token_fields,omitempty"`

	TLSInsecureSkipVerify bool `json:"tls_insecure_skip_verify,omitempty" xml:"tls_insecure_skip_verify,omitempty" yaml:"tls_insecure_skip_verify,omitempty"`

	// The predefined public RSA based JWKS keys.
	JwksKeys map[string]string `json:"jwks_keys,omitempty" xml:"jwks_keys,omitempty" yaml:"jwks_keys,omitempty"`

	// Disables the check for the presence of email field in a token.
	EmailClaimCheckDisabled bool `` /* 130-byte string literal not displayed */

	// LoginIcon is the UI login icon attributes.
	LoginIcon *icons.LoginIcon `json:"login_icon,omitempty" xml:"login_icon,omitempty" yaml:"login_icon,omitempty"`

	UserInfoFields         []string `json:"user_info_fields,omitempty" xml:"user_info_fields,omitempty" yaml:"user_info_fields,omitempty"`
	UserInfoRolesFieldName string   `` /* 130-byte string literal not displayed */

	// The name of the cookie storing id_token from OAuth provider.
	IdentityTokenCookieName string `` /* 130-byte string literal not displayed */
	// Enables the storing of id_token from OAuth provider in a HTTP cookie.
	IdentityTokenCookieEnabled bool `` /* 139-byte string literal not displayed */

	// The name of the cookie storing id_token from OAuth provider.
	RefreshTokenCookieName string `` /* 127-byte string literal not displayed */
	// Enables the storing of id_token from OAuth provider in a HTTP cookie.
	RefreshTokenCookieEnabled bool `` /* 136-byte string literal not displayed */
}

Config holds the configuration for the IdentityProvider.

func (*Config) Validate ¶

func (cfg *Config) Validate() error

Validate validates identity store configuration.

type IdentityProvider ¶

type IdentityProvider struct {
	// contains filtered or unexported fields
}

IdentityProvider represents OAuth-based identity provider.

func NewIdentityProvider ¶

func NewIdentityProvider(cfg *Config, logger *zap.Logger) (*IdentityProvider, error)

NewIdentityProvider returns an instance of IdentityProvider.

func (*IdentityProvider) Authenticate ¶

func (b *IdentityProvider) Authenticate(r *requests.Request) error

Authenticate performs authentication.

func (*IdentityProvider) Configure ¶

func (b *IdentityProvider) Configure() error

Configure configures IdentityProvider.

func (*IdentityProvider) Configured ¶

func (b *IdentityProvider) Configured() bool

Configured returns true if the identity provider was configured.

func (*IdentityProvider) GetConfig ¶

func (b *IdentityProvider) GetConfig() map[string]interface{}

GetConfig returns IdentityProvider configuration.

func (*IdentityProvider) GetDriver ¶

func (b *IdentityProvider) GetDriver() string

GetDriver returns the name of the driver associated with the provider.

func (*IdentityProvider) GetIdentityTokenCookieName ¶

func (b *IdentityProvider) GetIdentityTokenCookieName() string

GetIdentityTokenCookieName returns the name of the identity token cookie associated with the provider.

func (*IdentityProvider) GetKind ¶

func (b *IdentityProvider) GetKind() string

GetKind returns the authentication method associated with this identity provider.

func (*IdentityProvider) GetLoginIcon ¶

func (b *IdentityProvider) GetLoginIcon() *icons.LoginIcon

GetLoginIcon returns the instance of the icon associated with the provider.

func (*IdentityProvider) GetLogoutURL ¶

func (b *IdentityProvider) GetLogoutURL() string

GetLogoutURL returns the logout URL associated with the provider.

func (*IdentityProvider) GetName ¶

func (b *IdentityProvider) GetName() string

GetName return the name associated with this identity provider.

func (*IdentityProvider) GetRealm ¶

func (b *IdentityProvider) GetRealm() string

GetRealm return authentication realm.

func (*IdentityProvider) GetRefreshTokenCookieName ¶

func (b *IdentityProvider) GetRefreshTokenCookieName() string

GetRefreshTokenCookieName returns the name of the refresh token cookie associated with the provider.

func (*IdentityProvider) Request ¶

func (b *IdentityProvider) Request(op operator.Type, r *requests.Request) error

Request performs the requested identity provider operation.

func (*IdentityProvider) ScopeExists ¶

func (b *IdentityProvider) ScopeExists(scopes ...string) bool

ScopeExists returns true if any of the provided scopes exist.

type JwksKey ¶

type JwksKey struct {
	Algorithm    string `json:"alg,omitempty" xml:"alg,omitempty" yaml:"alg,omitempty"`
	Exponent     string `json:"e,omitempty" xml:"e,omitempty" yaml:"e,omitempty"`
	KeyID        string `json:"kid,omitempty" xml:"kid,omitempty" yaml:"kid,omitempty"`
	KeyType      string `json:"kty,omitempty" xml:"kty,omitempty" yaml:"kty,omitempty"`
	Modulus      string `json:"n,omitempty" xml:"n,omitempty" yaml:"n,omitempty"`
	PublicKeyUse string `json:"use,omitempty" xml:"use,omitempty" yaml:"use,omitempty"`
	NotBefore    string `json:"nbf,omitempty" xml:"nbf,omitempty" yaml:"nbf,omitempty"`

	Curve  string `json:"crv,omitempty" xml:"crv,omitempty" yaml:"crv,omitempty"`
	CoordX string `json:"x,omitempty" xml:"x,omitempty" yaml:"x,omitempty"`
	CoordY string `json:"y,omitempty" xml:"y,omitempty" yaml:"y,omitempty"`

	SharedSecret string `json:"k,omitempty" xml:"k,omitempty" yaml:"k,omitempty"`
	// contains filtered or unexported fields
}

JwksKey is a JSON object that represents a cryptographic key. See https://tools.ietf.org/html/rfc7517#section-4, https://tools.ietf.org/html/rfc7518#section-6.3

func NewJwksKeyFromRSAPrivateKey ¶

func NewJwksKeyFromRSAPrivateKey(privKey *rsa.PrivateKey) (*JwksKey, error)

NewJwksKeyFromRSAPrivateKey returns an instance of Jwks from RSA private key.

func NewJwksKeyFromRSAPublicKeyPEM ¶

func NewJwksKeyFromRSAPublicKeyPEM(kid, fp string) (*JwksKey, error)

NewJwksKeyFromRSAPublicKeyPEM returns an instance of Jwks from RSA public key in PEM format.

func (*JwksKey) GetPublic ¶

func (k *JwksKey) GetPublic() interface{}

GetPublic returns pointer to public key.

func (*JwksKey) Validate ¶

func (k *JwksKey) Validate() error

Validate returns error if JwksKey does not contain relevant information.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL