kratos

package
v0.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2026 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MinimumBackupCodesAmount     = 3
	RecoveryCodeSent             = 1060003
	InvalidProperty              = 4000002
	NotEnoughCharacters          = 4000003
	IncorrectCredentials         = 4000006
	DuplicateIdentifier          = 4000007
	InvalidAuthCode              = 4000008
	InactiveAccount              = 4000010
	BackupCodeAlreadyUsed        = 4000012
	MissingBackupCodesSetup      = 4000014
	MissingSecurityKeySetup      = 4000015
	InvalidBackupCode            = 4000016
	TooManyCharacters            = 4000017
	PasswordIdentifierSimilarity = 4000031
	PasswordTooLong              = 4000033
	IncorrectAccountIdentifier   = 4000037
	NewPasswordPolicyViolation   = 4000039
	InvalidRecoveryCode          = 4060006
	AmrPopValue                  = "pop"
)
View Source 
const KRATOS_SESSION_COOKIE_NAME = "ory_kratos_session"
View Source 
const LOGIN_UI_STATE_COOKIE = "login_ui_state"
View Source 
const RegenerateBackupCodesError = "regenerate_backup_codes"
View Source 
const SESSION_REFRESH_REQUIRED = "session_refresh_required"
View Source 
const TOTP_REGISTRATION_REQUIRED = "totp_registration_required"
View Source 
const WEBAUTHN_REGISTRATION_REQUIRED = "webauthn_registration_required"

Variables

This section is empty.

Functions

This section is empty.

Types

type API 

type API struct {
	// contains filtered or unexported fields
}

func NewAPI 

func NewAPI(
	service ServiceInterface,
	mfaEnabled,
	oidcWebAuthnSequencingEnabled bool,
	baseURL string,
	cookieManager AuthCookieManagerInterface,
	tracer tracing.TracingInterface,
	logger logging.LoggerInterface) *API

func (*API) RegisterEndpoints 

func (a *API) RegisterEndpoints(mux *chi.Mux)

type AuthCookieManager added in v0.18.4 

type AuthCookieManager struct {
	// contains filtered or unexported fields
}

func NewAuthCookieManager added in v0.18.4 

func NewAuthCookieManager(
	cookieTTLSeconds int,
	encrypt EncryptInterface,
	logger logging.LoggerInterface,
) *AuthCookieManager

func (*AuthCookieManager) ClearStateCookie added in v0.18.4 

func (a *AuthCookieManager) ClearStateCookie(w http.ResponseWriter)

func (*AuthCookieManager) GetStateCookie added in v0.18.4 

func (a *AuthCookieManager) GetStateCookie(r *http.Request) (FlowStateCookie, error)

func (*AuthCookieManager) SetStateCookie added in v0.18.4 

func (a *AuthCookieManager) SetStateCookie(w http.ResponseWriter, state FlowStateCookie) error

type AuthCookieManagerInterface added in v0.18.4 

type AuthCookieManagerInterface interface {
	// SetStateCookie sets the nonce cookie on the response with the specified duration as MaxAge
	SetStateCookie(http.ResponseWriter, FlowStateCookie) error
	// GetStateCookie returns the string value of the nonce cookie if present, or empty string otherwise
	GetStateCookie(*http.Request) (FlowStateCookie, error)
	// ClearStateCookie sets the expiration of the cookie to epoch
	ClearStateCookie(http.ResponseWriter)
}

type AuthorizerInterface added in v0.12.0 

type AuthorizerInterface interface {
	ListObjects(context.Context, string, string, string) ([]string, error)
}

type BrowserLocationChangeRequired added in v0.11.0 

type BrowserLocationChangeRequired struct {
	Error *kClient.GenericError `json:"error,omitempty"`
	// Points to where to redirect the user to next.
	RedirectTo *string `json:"redirect_to,omitempty"`
}

func (*BrowserLocationChangeRequired) GetCode added in v0.21.1 

func (e *BrowserLocationChangeRequired) GetCode() int

func (*BrowserLocationChangeRequired) GetErrorId added in v0.25.0 

func (e *BrowserLocationChangeRequired) GetErrorId() string

func (*BrowserLocationChangeRequired) GetRedirectTo added in v0.21.1 

func (e *BrowserLocationChangeRequired) GetRedirectTo() string

func (*BrowserLocationChangeRequired) HasError added in v0.15.0 

func (e *BrowserLocationChangeRequired) HasError() bool

func (*BrowserLocationChangeRequired) HasRedirectTo added in v0.15.0 

func (e *BrowserLocationChangeRequired) HasRedirectTo() bool

type Encrypt added in v0.18.4 

type Encrypt struct {
	// contains filtered or unexported fields
}

func NewEncrypt added in v0.18.4 

func NewEncrypt(secretKey []byte, logger logging.LoggerInterface, tracer tracing.TracingInterface) *Encrypt

func (*Encrypt) Decrypt added in v0.18.4 

func (e *Encrypt) Decrypt(hexData string) (string, error)

Decrypt takes hex encoded string and returns the decrypted plain string

func (*Encrypt) Encrypt added in v0.18.4 

func (e *Encrypt) Encrypt(data string) (string, error)

Encrypt takes a plain string and returns a hex encoded string

type EncryptInterface added in v0.18.4 

type EncryptInterface interface {
	// Encrypt a plain text string, returns the encrypted string in hex format or an error
	Encrypt(string) (string, error)
	// Decrypt a hex string, returns the decrypted string or an error
	Decrypt(string) (string, error)
}

type ErrorBrowserLocationChangeRequired added in v0.6.0 

type ErrorBrowserLocationChangeRequired struct {
	Error *kClient.GenericError `json:"error,omitempty"`
	// Points to where to redirect the user to next.
	RedirectBrowserTo *string `json:"redirect_browser_to,omitempty"`
}

We override the type from the kratos sdk, as it does not get marshalled correctly into json. For more info see: https://github.com/canonical/identity-platform-login-ui/pull/73/files#r1250460283

type FlowStateCookie added in v0.18.4 

type FlowStateCookie struct {
	LoginChallengeHash string `json:"lc,omitempty"`
	TotpSetup          bool   `json:"t,omitempty"`
	WebauthnSetup      bool   `json:"w,omitempty"`
	BackupCodeUsed     bool   `json:"bc,omitempty"`
}

type HydraClientInterface 

type HydraClientInterface interface {
	OAuth2API() hydra.OAuth2API
}

type KratosAdminClientInterface added in v0.16.0 

type KratosAdminClientInterface interface {
	IdentityApi() kClient.IdentityAPI
}

type KratosClientInterface 

type KratosClientInterface interface {
	FrontendApi() kClient.FrontendAPI
	ExecuteIdentifierFirstUpdateLoginRequest(context.Context, string, string, string, []*http.Cookie) (*http.Response, error)
}

type LookupSecrets added in v0.17.0 

type LookupSecrets []struct {
	Code   string    `json:"code"`
	UsedAt time.Time `json:"used_at,omitempty"`
}

type RedirectToInterface added in v0.21.1 

type RedirectToInterface interface {
	GetCode() int
	GetRedirectTo() string
}

type Service added in v0.6.0 

type Service struct {
	// contains filtered or unexported fields
}

func NewService added in v0.6.0 

func NewService(kratos KratosClientInterface, kratosAdmin KratosAdminClientInterface, hydra HydraClientInterface, authzClient AuthorizerInterface, oidcWebAuthnSequencingEnabled bool, tracer tracing.TracingInterface, monitor monitoring.MonitorInterface, logger logging.LoggerInterface) *Service

func (*Service) AcceptLoginRequest added in v0.6.0 

func (s *Service) AcceptLoginRequest(ctx context.Context, session *kClient.Session, lc string) (*BrowserLocationChangeRequired, []*http.Cookie, error)

func (*Service) CheckAllowedProvider added in v0.12.0 

func (s *Service) CheckAllowedProvider(ctx context.Context, loginFlow *kClient.LoginFlow, updateFlowBody *kClient.UpdateLoginFlowBody) (bool, error)

func (*Service) CheckSession added in v0.6.0 

func (s *Service) CheckSession(ctx context.Context, cookies []*http.Cookie) (*kClient.Session, []*http.Cookie, error)

func (*Service) CreateBrowserLoginFlow added in v0.6.0 

func (s *Service) CreateBrowserLoginFlow(
	ctx context.Context, aal, returnTo, loginChallenge string, refresh bool, cookies []*http.Cookie,
) (*kClient.LoginFlow, []*http.Cookie, error)

func (*Service) CreateBrowserRecoveryFlow added in v0.15.0 

func (s *Service) CreateBrowserRecoveryFlow(ctx context.Context, returnTo string, cookies []*http.Cookie) (*kClient.RecoveryFlow, []*http.Cookie, error)

func (*Service) CreateBrowserSettingsFlow added in v0.15.0 

func (s *Service) CreateBrowserSettingsFlow(ctx context.Context, returnTo string, cookies []*http.Cookie) (*kClient.SettingsFlow, *BrowserLocationChangeRequired, error)

func (*Service) FilterFlowProviderList added in v0.12.0 

func (s *Service) FilterFlowProviderList(ctx context.Context, flow *kClient.LoginFlow) (*kClient.LoginFlow, error)

func (*Service) GetFlowError added in v0.6.0 

func (s *Service) GetFlowError(ctx context.Context, id string) (*kClient.FlowError, []*http.Cookie, error)

func (*Service) GetLoginFlow added in v0.6.0 

func (s *Service) GetLoginFlow(ctx context.Context, id string, cookies []*http.Cookie) (*kClient.LoginFlow, []*http.Cookie, error)

func (*Service) GetLoginRequest added in v0.18.4 

func (s *Service) GetLoginRequest(ctx context.Context, loginChallenge string) (*hClient.OAuth2LoginRequest, []*http.Cookie, error)

func (*Service) GetRecoveryFlow added in v0.15.0 

func (s *Service) GetRecoveryFlow(ctx context.Context, id string, cookies []*http.Cookie) (*kClient.RecoveryFlow, []*http.Cookie, error)

func (*Service) GetSettingsFlow added in v0.15.0 

func (s *Service) GetSettingsFlow(ctx context.Context, id string, cookies []*http.Cookie) (*kClient.SettingsFlow, *BrowserLocationChangeRequired, error)

func (*Service) HasNotEnoughLookupSecretsLeft added in v0.17.0 

func (s *Service) HasNotEnoughLookupSecretsLeft(ctx context.Context, id string) (bool, error)

func (*Service) HasTOTPAvailable added in v0.16.0 

func (s *Service) HasTOTPAvailable(ctx context.Context, id string) (bool, error)

func (*Service) HasWebAuthnAvailable added in v0.20.0 

func (s *Service) HasWebAuthnAvailable(ctx context.Context, id string) (bool, error)

func (*Service) MustReAuthenticate added in v0.18.4 

func (s *Service) MustReAuthenticate(ctx context.Context, hydraLoginChallenge string, session *kClient.Session, c FlowStateCookie) (bool, error)

func (*Service) ParseIdentifierFirstLoginFlowMethodBody added in v0.22.0 

func (s *Service) ParseIdentifierFirstLoginFlowMethodBody(r *http.Request) (*kClient.UpdateLoginFlowWithIdentifierFirstMethod, []*http.Cookie, error)

func (*Service) ParseLoginFlowMethodBody added in v0.6.0 

func (s *Service) ParseLoginFlowMethodBody(r *http.Request) (*kClient.UpdateLoginFlowBody, []*http.Cookie, error)

func (*Service) ParseRecoveryFlowMethodBody added in v0.15.0 

func (s *Service) ParseRecoveryFlowMethodBody(r *http.Request) (*kClient.UpdateRecoveryFlowBody, error)

func (*Service) ParseSettingsFlowMethodBody added in v0.15.0 

func (s *Service) ParseSettingsFlowMethodBody(r *http.Request) (*kClient.UpdateSettingsFlowBody, error)

func (*Service) UpdateIdentifierFirstLoginFlow added in v0.22.0 

func (s *Service) UpdateIdentifierFirstLoginFlow(
	ctx context.Context, flow string, body kClient.UpdateLoginFlowWithIdentifierFirstMethod, cookies []*http.Cookie,
) (*BrowserLocationChangeRequired, []*http.Cookie, error)

func (*Service) UpdateLoginFlow added in v0.14.0 

func (s *Service) UpdateLoginFlow(
	ctx context.Context, flow string, body kClient.UpdateLoginFlowBody, cookies []*http.Cookie,
) (*BrowserLocationChangeRequired, *kClient.SuccessfulNativeLogin, []*http.Cookie, error)

func (*Service) UpdateRecoveryFlow added in v0.15.0 

func (s *Service) UpdateRecoveryFlow(
	ctx context.Context, flow string, body kClient.UpdateRecoveryFlowBody, cookies []*http.Cookie,
) (*BrowserLocationChangeRequired, []*http.Cookie, error)

func (*Service) UpdateSettingsFlow added in v0.15.0 

func (s *Service) UpdateSettingsFlow(
	ctx context.Context, flow string, body kClient.UpdateSettingsFlowBody, cookies []*http.Cookie,
) (*kClient.SettingsFlow, *BrowserLocationChangeRequired, []*http.Cookie, error)

type ServiceInterface added in v0.6.0 

type ServiceInterface interface {
	CheckSession(context.Context, []*http.Cookie) (*kClient.Session, []*http.Cookie, error)
	AcceptLoginRequest(context.Context, *kClient.Session, string) (*BrowserLocationChangeRequired, []*http.Cookie, error)
	MustReAuthenticate(context.Context, string, *kClient.Session, FlowStateCookie) (bool, error)
	CreateBrowserLoginFlow(context.Context, string, string, string, bool, []*http.Cookie) (*kClient.LoginFlow, []*http.Cookie, error)
	CreateBrowserRecoveryFlow(context.Context, string, []*http.Cookie) (*kClient.RecoveryFlow, []*http.Cookie, error)
	CreateBrowserSettingsFlow(context.Context, string, []*http.Cookie) (*kClient.SettingsFlow, *BrowserLocationChangeRequired, error)
	GetLoginFlow(context.Context, string, []*http.Cookie) (*kClient.LoginFlow, []*http.Cookie, error)
	GetRecoveryFlow(context.Context, string, []*http.Cookie) (*kClient.RecoveryFlow, []*http.Cookie, error)
	GetSettingsFlow(context.Context, string, []*http.Cookie) (*kClient.SettingsFlow, *BrowserLocationChangeRequired, error)
	UpdateLoginFlow(context.Context, string, kClient.UpdateLoginFlowBody, []*http.Cookie) (*BrowserLocationChangeRequired, *kClient.SuccessfulNativeLogin, []*http.Cookie, error)
	UpdateIdentifierFirstLoginFlow(context.Context, string, kClient.UpdateLoginFlowWithIdentifierFirstMethod, []*http.Cookie) (*BrowserLocationChangeRequired, []*http.Cookie, error)
	UpdateRecoveryFlow(context.Context, string, kClient.UpdateRecoveryFlowBody, []*http.Cookie) (*BrowserLocationChangeRequired, []*http.Cookie, error)
	UpdateSettingsFlow(context.Context, string, kClient.UpdateSettingsFlowBody, []*http.Cookie) (*kClient.SettingsFlow, *BrowserLocationChangeRequired, []*http.Cookie, error)
	GetFlowError(context.Context, string) (*kClient.FlowError, []*http.Cookie, error)
	CheckAllowedProvider(context.Context, *kClient.LoginFlow, *kClient.UpdateLoginFlowBody) (bool, error)
	FilterFlowProviderList(context.Context, *kClient.LoginFlow) (*kClient.LoginFlow, error)
	ParseLoginFlowMethodBody(*http.Request) (*kClient.UpdateLoginFlowBody, []*http.Cookie, error)
	ParseIdentifierFirstLoginFlowMethodBody(*http.Request) (*kClient.UpdateLoginFlowWithIdentifierFirstMethod, []*http.Cookie, error)
	ParseRecoveryFlowMethodBody(*http.Request) (*kClient.UpdateRecoveryFlowBody, error)
	ParseSettingsFlowMethodBody(*http.Request) (*kClient.UpdateSettingsFlowBody, error)
	HasTOTPAvailable(context.Context, string) (bool, error)
	HasWebAuthnAvailable(context.Context, string) (bool, error)
	HasNotEnoughLookupSecretsLeft(context.Context, string) (bool, error)
}

type UiErrorMessages added in v0.15.0 

type UiErrorMessages struct {
	Ui kClient.UiContainer `json:"ui"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.