external

Documentation

Overview

Package external implements an OAuth flow with an external identity provider

Index

• func NewExternalOAuthRedirector(provider Provider, state State, redirectURL string, ...) (handlers.AuthenticationRedirector, http.Handler, error)
• func NewOAuthPasswordAuthenticator(provider Provider, mapper authapi.UserIdentityMapper) (authenticator.Password, error)
• type Handler
  • func (h *Handler) AuthenticatePassword(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
  • func (h *Handler) AuthenticationRedirect(w http.ResponseWriter, req *http.Request) error
  • func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request)
• type Provider
• type RedirectorState
  • func CSRFRedirectingState(csrf csrf.CSRF) RedirectorState
• type State

Functions

func NewExternalOAuthRedirector

func NewExternalOAuthRedirector(provider Provider, state State, redirectURL string, success handlers.AuthenticationSuccessHandler, errorHandler handlers.AuthenticationErrorHandler, mapper authapi.UserIdentityMapper) (handlers.AuthenticationRedirector, http.Handler, error)

func NewOAuthPasswordAuthenticator

func NewOAuthPasswordAuthenticator(provider Provider, mapper authapi.UserIdentityMapper) (authenticator.Password, error)

Types

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler exposes an external oauth provider flow (including the call back) as an oauth.handlers.AuthenticationHandler to allow our internal oauth server to use an external oauth provider for authentication

func (*Handler) AuthenticatePassword

func (h *Handler) AuthenticatePassword(ctx context.Context, username, password string) (*authenticator.Response, bool, error)

func (*Handler) AuthenticationRedirect

func (h *Handler) AuthenticationRedirect(w http.ResponseWriter, req *http.Request) error

AuthenticationRedirect implements oauth.handlers.RedirectAuthHandler

func (*Handler) ServeHTTP

func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request)

ServeHTTP handles the callback request in response to an external oauth flow

type Provider

type Provider interface {
	// NewConfig returns a client information that allows a standard oauth client to communicate with external oauth
	NewConfig() (*osincli.ClientConfig, error)
	// GetTransport returns the transport to use for server-to-server calls. If nil is returned, http.DefaultTransport is used.
	GetTransport() (http.RoundTripper, error)
	// AddCustomParameters allows an external oauth provider to provide parameters that are extension to the spec.  Some providers require this.
	AddCustomParameters(*osincli.AuthorizeRequest)
	// GetUserIdentity takes the external oauth token information this and returns the user identity, isAuthenticated, and error
	GetUserIdentity(*osincli.AccessData) (authapi.UserIdentityInfo, bool, error)
}

Provider encapsulates the URLs, configuration, any custom authorize request parameters, and the method for transforming an access token into an identity, for an external OAuth provider.

type RedirectorState

type RedirectorState interface {
	State
	handlers.AuthenticationSuccessHandler
	handlers.AuthenticationErrorHandler
}

RedirectorState combines state generation/verification with redirections on authentication success and error

func CSRFRedirectingState

func CSRFRedirectingState(csrf csrf.CSRF) RedirectorState

type State

type State interface {
	Generate(w http.ResponseWriter, req *http.Request) (string, error)
	Check(state string, req *http.Request) (bool, error)
}

State handles generating and verifying the state parameter round-tripped to an external OAuth flow. Examples: CSRF protection, post authentication redirection