sessions

package
v0.0.0-...-0c4ea9a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2023 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UserSessionCookie       = "authservice_session"
	UserSessionUserID       = "userid"
	UserSessionGroups       = "groups"
	UserSessionClaims       = "claims"
	UserSessionIDToken      = "idtoken"
	UserSessionOAuth2Tokens = "oauth2tokens"
)

Variables

This section is empty.

Functions

func CreateState 

func CreateState(r *http.Request, w http.ResponseWriter,
	store sessions.Store) (string, error)

CreateState creates the state parameter from the incoming request, stores it in the session store and sets a cookie with the session key. It returns the session key, which can be used as the state value to start an OIDC authentication request.

func InitiateSessionStores 

func InitiateSessionStores(c *common.Config) (ClosableStore, ClosableStore)

InitiateSessionStores initiates both the required stores for the: * users sessions * OIDC states Based on the configured session store (boltdb, or redis) this function will return these two session stores, or will terminate the execution with a fatal log message.

func NewSession 

func NewSession(store Store, name string) *sessions.Session

func RevokeOIDCSession 

func RevokeOIDCSession(ctx context.Context, w http.ResponseWriter,
	session *sessions.Session, provider oidc.Provider,
	oauth2Config *oauth2.Config, caBundle []byte) error

RevokeOIDCSession revokes the given session, which is assumed to be an OIDC session, for which it also performs the necessary cleanup. TODO: In the future, we may want to make this function take a function as input, instead of polluting it with extra arguments.

func SaveToken 

func SaveToken(session *sessions.Session, ctx context.Context,
	config *oauth2.Config, token *oauth2.Token,
	w http.ResponseWriter) (*oauth2.Token, error)

SaveToken triggers oidc.TokenSource to refresh access and refresh token if they have expired and saves them to the session

func SessionFromID 

func SessionFromID(id string, store sessions.Store) (*sessions.Session, error)

SessionFromID returns a session which has its key in a header. XXX: Because the session library we use doesn't support getting a session by key, we need to fake a cookie

func SessionFromRequest 

func SessionFromRequest(r *http.Request, store sessions.Store, cookie,
	header string) (*sessions.Session, string, error)

SessionFromRequest looks for a session id in a header and a cookie, in that order. If it doesn't find a valid session in the header, it will then check the cookie.

Types

type ClosableStore 

type ClosableStore interface {
	sessions.Store
	Close() error
}

type State 

type State struct {
	// FirstVisitedURL is the URL that the user visited when we redirected them
	// to login.
	FirstVisitedURL string
}

func VerifyState 

func VerifyState(r *http.Request, w http.ResponseWriter,
	store sessions.Store) (*State, error)

VerifyState gets the state from the cookie 'initState' saved. It also gets the state from an http param and:

  1. Confirms the two values match (CSRF check).
  2. Confirms the value is still valid by retrieving the session it points to. The state value might be invalid if it has been used before or the session expired.

Finally, it returns a State struct, which contains information associated with the particular OIDC flow.

type Store 

type Store sessions.Store

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.