authn

package
v0.0.0-...-76185f6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2015 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Asset 

func Asset(name string) ([]byte, error)

Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetDir 

func AssetDir(name string) ([]string, error)

AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy: 

data/
  foo.txt
  img/
    a.png
    b.png

then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.

func AssetInfo 

func AssetInfo(name string) (os.FileInfo, error)

AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetNames 

func AssetNames() []string

AssetNames returns the names of the assets.

func MustAsset 

func MustAsset(name string) []byte

MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.

func NewLdapAuth 

func NewLdapAuth(config *LdapAuthConfig) (*ldapAuth, error)

func NewStaticUserAuth 

func NewStaticUserAuth(users map[string]*Requirements) *staticUsersAuth

func RestoreAsset 

func RestoreAsset(dir, name string) error

RestoreAsset restores an asset under the given directory

func RestoreAssets 

func RestoreAssets(dir, name string) error

RestoreAssets restores an asset under the given directory recursively

Types

type Authenticator 

type Authenticator interface {
	// Given a user name and a password (plain text), responds with nil on success
	// or with any other error on failure.
	Authenticate(user string, password PasswordString) error

	// Finalize resources in preparation for shutdown.
	// When this call is made there are guaranteed to be no Authenticate requests in flight
	// and there will be no more calls made to this instance.
	Stop()
}

Authentication plugin interface. Implementations must be goroutine-safe.

type CodeToTokenResponse 

type CodeToTokenResponse struct {
	IDToken      string `json:"id_token,omitempty"`
	AccessToken  string `json:"access_token,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int64  `json:"expires_in,omitempty"`
	TokenType    string `json:"token_type,omitempty"`

	// Returned in case of error.
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

CodeToTokenResponse is sent by Google servers in response to the grant_type=authorization_code request.

type GoogleAuth 

type GoogleAuth struct {
	// contains filtered or unexported fields
}

func NewGoogleAuth 

func NewGoogleAuth(c *GoogleAuthConfig) (*GoogleAuth, error)

func (*GoogleAuth) Authenticate 

func (ga *GoogleAuth) Authenticate(user string, password PasswordString) error

func (*GoogleAuth) DoGoogleAuth 

func (ga *GoogleAuth) DoGoogleAuth(rw http.ResponseWriter, req *http.Request)

func (*GoogleAuth) Stop 

func (ga *GoogleAuth) Stop()

type GoogleAuthConfig 

type GoogleAuthConfig struct {
	Domain           string `yaml:"domain,omitempty"`
	ClientId         string `yaml:"client_id,omitempty"`
	ClientSecret     string `yaml:"client_secret,omitempty"`
	ClientSecretFile string `yaml:"client_secret_file,omitempty"`
	TokenDB          string `yaml:"token_db,omitempty"`
	HTTPTimeout      int    `yaml:"http_timeout,omitempty"`
}

type GoogleAuthRequest 

type GoogleAuthRequest struct {
	Action string `json:"action,omitempty"`
	Code   string `json:"code,omitempty"`
	Token  string `json:"token,omitempty"`
}

type GoogleTokenInfo 

type GoogleTokenInfo struct {
	// AccessType: The access type granted with this token. It can be
	// offline or online.
	AccessType string `json:"access_type,omitempty"`

	// Audience: Who is the intended audience for this token. In general the
	// same as issued_to.
	Audience string `json:"audience,omitempty"`

	// Email: The email address of the user. Present only if the email scope
	// is present in the request.
	Email string `json:"email,omitempty"`

	// ExpiresIn: The expiry time of the token, as number of seconds left
	// until expiry.
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// IssuedTo: To whom was the token issued to. In general the same as
	// audience.
	IssuedTo string `json:"issued_to,omitempty"`

	// Scope: The space separated list of scopes granted to this token.
	Scope string `json:"scope,omitempty"`

	// TokenHandle: The token handle associated with this token.
	TokenHandle string `json:"token_handle,omitempty"`

	// UserId: The obfuscated user id.
	UserId string `json:"user_id,omitempty"`

	// VerifiedEmail: Boolean flag which is true if the email address is
	// verified. Present only if the email scope is present in the request.
	VerifiedEmail bool `json:"verified_email,omitempty"`

	// Returned in case of error.
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

From github.com/google-api-go-client/oauth2/v2/oauth2-gen.go

type LdapAuthConfig 

type LdapAuthConfig struct {
	Host     string `yaml:"host,omitempty"`
	Port     int    `yaml:"port,omitempty"`
	Suffix   string `yaml:"suffix,omitempty"`
	Tls      bool   `yaml:"tls,omitempty"`
	Insecure bool   `yaml:"insecure,omitempty"`
}

type PasswordString 

type PasswordString string

func (PasswordString) String 

func (ps PasswordString) String() string

type ProfileResponse 

type ProfileResponse struct {
	Email         string `json:"email,omitempty"`
	VerifiedEmail bool   `json:"verified_email,omitempty"`
}

ProfileResponse is sent by the /userinfo/v2/me endpoint. We use it to validate access token and (re)verify the email address associated with it.

type RefreshTokenResponse 

type RefreshTokenResponse struct {
	AccessToken string `json:"access_token,omitempty"`
	ExpiresIn   int64  `json:"expires_in,omitempty"`
	TokenType   string `json:"token_type,omitempty"`

	// Returned in case of error.
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

CodeToTokenResponse is sent by Google servers in response to the grant_type=refresh_token request.

type Requirements 

type Requirements struct {
	Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
}

func (Requirements) String 

func (r Requirements) String() string

type TokenDBValue 

type TokenDBValue struct {
	TokenType    string    `json:"token_type,omitempty"` // Usually "Bearer"
	AccessToken  string    `json:"access_token,omitempty"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	ValidUntil   time.Time `json:"valid_until,omitempty"`
	// DockerPassword is the temporary password we use to authenticate Docker users.
	// Gneerated at the time of token creation, stored here as a BCrypt hash.
	DockerPassword string `json:"docker_password,omitempty"`
}

TokenDBValue is stored in the database, JSON-serialized.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.