Documentation ¶
Index ¶
- func DefaultStateGenerator() string
- type AuthorizationCallbackListener
- type AuthorizationCodeExchangeRequest
- type AuthorizationCodeProvider
- type AuthorizationCodeResult
- type AuthorizationTokenExchanger
- type AuthorizationTokenResponse
- type CachingTokenProvider
- type CallbackResponse
- type CallbackService
- func (c *CallbackService) AwaitResponse(response chan CallbackResponse, state string)
- func (c *CallbackService) BuildCodeResponseHandler(responseC chan CallbackResponse, state string) func(w http.ResponseWriter, r *http.Request)
- func (c *CallbackService) Close()
- func (c *CallbackService) GetCallbackURL() string
- type Challenge
- type Challenger
- type ConfigBackedCachingProvider
- type HTTPAuthTransport
- type HTTPServer
- type Issuer
- type KeyringCachingProvider
- type KeyringProvider
- type LocalCodeProvider
- type OIDCWellKnownEndpoints
- type OSInteractor
- type RefreshTokenExchangeRequest
- type State
- type TokenProvider
- type TokenResult
- type TokenRetriever
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultStateGenerator ¶
func DefaultStateGenerator() string
DefaultStateGenerator generates a default State
Types ¶
type AuthorizationCallbackListener ¶
type AuthorizationCallbackListener interface { GetCallbackURL() string AwaitResponse(response chan CallbackResponse, state string) Close() }
AuthorizationCallbackListener abstracts listening for the authorization callback
type AuthorizationCodeExchangeRequest ¶
type AuthorizationCodeExchangeRequest struct { ClientID string CodeVerifier string Code string RedirectURI string }
AuthorizationCodeExchangeRequest is used to request the exchange of an authorization code for a token
type AuthorizationCodeProvider ¶
type AuthorizationCodeProvider interface {
GetCode(challenge Challenge, additionalScopes ...string) (*AuthorizationCodeResult, error)
}
AuthorizationCodeProvider abstracts getting an authorization code
type AuthorizationCodeResult ¶
AuthorizationCodeResult holds the needed code and redirect URI needed to exchange a authorization code for tokens
type AuthorizationTokenExchanger ¶
type AuthorizationTokenExchanger interface { ExchangeCode(req AuthorizationCodeExchangeRequest) (*TokenResult, error) ExchangeRefreshToken(req RefreshTokenExchangeRequest) (*TokenResult, error) }
AuthorizationTokenExchanger abstracts exchanging for tokens
type AuthorizationTokenResponse ¶
type AuthorizationTokenResponse struct { AccessToken string `json:"access_token"` ExpiresIn int `json:"expires_in"` IDToken string `json:"id_token"` RefreshToken string `json:"refresh_token"` TokenType string `json:"token_type"` }
AuthorizationTokenResponse is the HTTP response when asking for a new token. Note that not all fields will contain data based on what kind of request was sent
type CachingTokenProvider ¶
type CachingTokenProvider struct {
// contains filtered or unexported fields
}
CachingTokenProvider satisfies the cmd.tokenProvider interface and is a token provider that uses a cache to store tokens
func NewCachingTokenProvider ¶
func NewCachingTokenProvider(cache cachingProvider, issuerTokenProvider issuerTokenProvider) *CachingTokenProvider
NewCachingTokenProvider builds a new CachingTokenProvider using the passed in interface satisfiers
func (*CachingTokenProvider) GetAccessToken ¶
func (c *CachingTokenProvider) GetAccessToken() (string, error)
GetAccessToken returns an access token using the cache and falls back to an issuer token provider if the cache is empty
func (*CachingTokenProvider) GetIDToken ¶ added in v0.3.0
func (c *CachingTokenProvider) GetIDToken() (string, error)
GetIDToken returns an id token using the cache and falls back to an issuer token provider if the cache is empty
type CallbackResponse ¶
CallbackResponse holds the code gotten from the authorization callback. Error will hold an error struct if an error occurred.
type CallbackService ¶
type CallbackService struct {
// contains filtered or unexported fields
}
CallbackService is used to handle the callback received in the PKCE flow
func NewCallbackListener ¶
func NewCallbackListener(addr string, httpServer HTTPServer) *CallbackService
NewCallbackListener creates a new CallbackService that uses the passed in httpServer to listen on the passed in addr
func NewLocalCallbackListener ¶ added in v0.3.2
func NewLocalCallbackListener(port int) *CallbackService
NewLocalCallbackListener creates a new CallbackService with a callbackServer that listens on 127.0.0.1
func (*CallbackService) AwaitResponse ¶
func (c *CallbackService) AwaitResponse(response chan CallbackResponse, state string)
AwaitResponse sets up the response channel to receive the code that comes in the from authorizatino code callback handler
func (*CallbackService) BuildCodeResponseHandler ¶
func (c *CallbackService) BuildCodeResponseHandler(responseC chan CallbackResponse, state string) func(w http.ResponseWriter, r *http.Request)
BuildCodeResponseHandler builds the HTTP handler func that receives the authorization code callback
func (*CallbackService) Close ¶
func (c *CallbackService) Close()
Close tells the HTTP server to gracefully shutdown
func (*CallbackService) GetCallbackURL ¶
func (c *CallbackService) GetCallbackURL() string
GetCallbackURL returns the callback url that is used to receive the authorization code
type Challenge ¶
Challenge holds challenge and verification data needed for the PKCE flow
func DefaultChallengeGenerator ¶
func DefaultChallengeGenerator() Challenge
DefaultChallengeGenerator generates a default Challenge
type ConfigBackedCachingProvider ¶
type ConfigBackedCachingProvider struct {
// contains filtered or unexported fields
}
ConfigBackedCachingProvider wraps a configProvider in order to conform to the cachingProvider interface
func NewConfigBackedCachingProvider ¶
func NewConfigBackedCachingProvider(clientID, audience string, config configProvider) *ConfigBackedCachingProvider
NewConfigBackedCachingProvider builds and returns a CachingTokenProvider that utilizes a configProvider to cache tokens
func (*ConfigBackedCachingProvider) CacheTokens ¶
func (c *ConfigBackedCachingProvider) CacheTokens(toCache *TokenResult) error
CacheTokens caches the id and refresh token from TokenResult in the configProvider
func (*ConfigBackedCachingProvider) GetTokens ¶
func (c *ConfigBackedCachingProvider) GetTokens() (*TokenResult, error)
GetTokens gets the tokens from the cache and returns them as a TokenResult
type HTTPAuthTransport ¶
HTTPAuthTransport abstracts how an HTTP exchange request is sent and received
type HTTPServer ¶
type HTTPServer interface { Start(addr string) Shutdown() }
HTTPServer abstracts the functions needed for starting and shutting down an HTTP server
type KeyringCachingProvider ¶ added in v0.3.0
type KeyringCachingProvider struct {
// contains filtered or unexported fields
}
KeyringCachingProvider satisfies the cachingProvider interface and caches tokens using the github.com/99designs/keyring interface
func NewKeyringCachingProvider ¶ added in v0.3.0
func NewKeyringCachingProvider(clientID, audience string, krp KeyringProvider) *KeyringCachingProvider
NewKeyringCachingProvider builds a new KeyringCachingProvider using the passed in interface satisfiers
func (*KeyringCachingProvider) CacheTokens ¶ added in v0.3.0
func (kcp *KeyringCachingProvider) CacheTokens(tr *TokenResult) error
CacheTokens stores the TokenResult in keyring
func (*KeyringCachingProvider) GetTokens ¶ added in v0.3.0
func (kcp *KeyringCachingProvider) GetTokens() (*TokenResult, error)
GetTokens gets the TokenResult from keyring
type KeyringProvider ¶ added in v0.3.0
type KeyringProvider interface { Get(key string) (keyring.Item, error) Set(item keyring.Item) error }
KeyringProvider is a small subset of the github.com/99designs/keyring interface that only defines the functionality that we use
type LocalCodeProvider ¶ added in v0.3.2
type LocalCodeProvider struct { Issuer // contains filtered or unexported fields }
LocalCodeProvider holds the information needed to easily get an authorization code locally.
func NewLocalCodeProvider ¶ added in v0.3.2
func NewLocalCodeProvider( issuer Issuer, oidcWellKnownEndpoints OIDCWellKnownEndpoints, callbackListener AuthorizationCallbackListener, osInteractor OSInteractor, state State) *LocalCodeProvider
NewLocalCodeProvider allows for the easy setup of LocalCodeProvider
func (*LocalCodeProvider) GetCode ¶ added in v0.3.2
func (cp *LocalCodeProvider) GetCode(challenge Challenge, additionalScopes ...string) (*AuthorizationCodeResult, error)
GetCode opens a URL to authenticate and authorize a user and then returns the authorization code that is sent to the callback. Additional scopes beyond openid and email can be sent by passing in arguments for <additionalScopes>.
type OIDCWellKnownEndpoints ¶ added in v0.3.0
type OIDCWellKnownEndpoints struct { AuthorizationEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` }
OIDCWellKnownEndpoints holds the well known OIDC endpoints
func GetOIDCWellKnownEndpointsFromIssuerURL ¶ added in v0.3.0
func GetOIDCWellKnownEndpointsFromIssuerURL(issuerURL string) (*OIDCWellKnownEndpoints, error)
GetOIDCWellKnownEndpointsFromIssuerURL gets the well known endpoints for the passed in issuer url
type OSInteractor ¶
OSInteractor abstracts opening a url on the users OS
type RefreshTokenExchangeRequest ¶
RefreshTokenExchangeRequest is used to request the exchange of a refresh token for a refreshed token
type TokenProvider ¶ added in v0.3.0
type TokenProvider struct {
// contains filtered or unexported fields
}
TokenProvider takes care of the mechanics needed for getting an access Token
func NewAccessTokenProvider ¶
func NewAccessTokenProvider( allowRefresh bool, issuerData Issuer, codeProvider AuthorizationCodeProvider, exchanger AuthorizationTokenExchanger, challenger Challenger) *TokenProvider
NewAccessTokenProvider allows for the easy setup AccessTokenProvider
func NewDefaultAccessTokenProvider ¶
func NewDefaultAccessTokenProvider(issuerData Issuer, allowRefresh bool, port uint16) (*TokenProvider, error)
NewDefaultAccessTokenProvider provides an easy way to build up a default token provider with all the correct configuration. If refresh tokens should be allowed pass in true for <allowRefresh>
func (*TokenProvider) Authenticate ¶ added in v0.3.0
func (p *TokenProvider) Authenticate() (*TokenResult, error)
Authenticate is used to retrieve a TokenResult when the user has not yet authenticated
func (*TokenProvider) FromRefreshToken ¶ added in v0.3.0
func (p *TokenProvider) FromRefreshToken(refreshToken string) (*TokenResult, error)
FromRefreshToken is used to retrieve a TokenResult when the user has already authenticated but their Access Token has expired
type TokenResult ¶
type TokenResult struct { AccessToken string `json:"access_token"` IDToken string `json:"id_token"` RefreshToken string `json:"refresh_token"` ExpiresIn int `json:"expires_in"` }
TokenResult holds token information
type TokenRetriever ¶
type TokenRetriever struct {
// contains filtered or unexported fields
}
TokenRetriever implements AuthTokenExchanger in order to facilitate getting Tokens
func NewTokenRetriever ¶
func NewTokenRetriever(oidcWellKnownEndpoints OIDCWellKnownEndpoints, authTransport HTTPAuthTransport) *TokenRetriever
NewTokenRetriever allows a TokenRetriever the internal of a new TokenRetriever to be easily set up
func (*TokenRetriever) ExchangeCode ¶
func (ce *TokenRetriever) ExchangeCode(req AuthorizationCodeExchangeRequest) (*TokenResult, error)
ExchangeCode uses the AuthCodeExchangeRequest to exchange an authorization code for tokens
func (*TokenRetriever) ExchangeRefreshToken ¶
func (ce *TokenRetriever) ExchangeRefreshToken(req RefreshTokenExchangeRequest) (*TokenResult, error)
ExchangeRefreshToken uses the RefreshTokenExchangeRequest to exchange a refresh token for refreshed tokens