Documentation ¶
Index ¶
- Constants
- Variables
- func ConfigureAuthorizationServer(di initDI)
- func ProvideAuthServerDI(di configDI) authServerOut
- func Use()
- type AuthServerProperties
- type AuthorizationServerConfigurer
- type AuthorizeEndpointConfigurer
- type ClientAuthEndpointsConfigurer
- type ConditionalEndpoint
- type Configuration
- type Endpoints
- type EndpointsProperties
- type IdpLogoutSecurityConfigurer
- type IdpSecurityConfigurer
- type IssuerProperties
- type LogoutEndpointConfigurer
- type TokenAuthEndpointsConfigurer
Constants ¶
const ( OrderAuthorizeSecurityConfigurer = 0 OrderLogoutSecurityConfigurer = 50 OrderClientAuthSecurityConfigurer = 100 OrderTokenAuthSecurityConfigurer = 200 )
const (
PropertiesPrefix = "security.auth"
)
Variables ¶
var Module = &bootstrap.Module{ Name: "oauth2 authserver", Precedence: security.MinSecurityPrecedence + 20, Options: []fx.Option{ appconfig.FxEmbeddedDefaults(defaultConfigFS), fx.Provide(BindAuthServerProperties), fx.Provide(ProvideAuthServerDI), fx.Provide(provide), fx.Invoke(ConfigureAuthorizationServer), }, }
Functions ¶
func ConfigureAuthorizationServer ¶
func ConfigureAuthorizationServer(di initDI)
ConfigureAuthorizationServer is the Configuration entry point
func ProvideAuthServerDI ¶
func ProvideAuthServerDI(di configDI) authServerOut
Types ¶
type AuthServerProperties ¶
type AuthServerProperties struct { Issuer IssuerProperties `json:"issuer"` RedirectWhitelist []string `json:"redirect-whitelist"` Endpoints EndpointsProperties `json:"endpoints"` }
func BindAuthServerProperties ¶
func BindAuthServerProperties(ctx *bootstrap.ApplicationContext) AuthServerProperties
BindAuthServerProperties create and bind AuthServerProperties, with a optional prefix
func NewAuthServerProperties ¶
func NewAuthServerProperties() *AuthServerProperties
NewAuthServerProperties create a SessionProperties with default values
type AuthorizationServerConfigurer ¶
type AuthorizationServerConfigurer func(*Configuration)
type AuthorizeEndpointConfigurer ¶
type AuthorizeEndpointConfigurer struct {
// contains filtered or unexported fields
}
AuthorizeEndpointConfigurer implements security.Configurer and order.Ordered responsible to configure "authorize" endpoint
func (*AuthorizeEndpointConfigurer) Configure ¶
func (c *AuthorizeEndpointConfigurer) Configure(ws security.WebSecurity)
func (*AuthorizeEndpointConfigurer) Order ¶
func (c *AuthorizeEndpointConfigurer) Order() int
type ClientAuthEndpointsConfigurer ¶
type ClientAuthEndpointsConfigurer struct {
// contains filtered or unexported fields
}
ClientAuthEndpointsConfigurer implements security.Configurer and order.Ordered responsible to configure misc using client auth
func (*ClientAuthEndpointsConfigurer) Configure ¶
func (c *ClientAuthEndpointsConfigurer) Configure(ws security.WebSecurity)
func (*ClientAuthEndpointsConfigurer) Order ¶
func (c *ClientAuthEndpointsConfigurer) Order() int
type ConditionalEndpoint ¶
type ConditionalEndpoint struct { Location *url.URL Condition web.RequestMatcher }
type Configuration ¶
type Configuration struct { // configurable items SessionSettingService session.SettingService ClientStore oauth2.OAuth2ClientStore ClientSecretEncoder passwd.PasswordEncoder Endpoints Endpoints UserAccountStore security.AccountStore TenantStore security.TenantStore ProviderStore security.ProviderStore UserPasswordEncoder passwd.PasswordEncoder TokenStore auth.TokenStore JwkStore jwt.JwkStore IdpManager idp.IdentityProviderManager Issuer security.Issuer OpenIDSSOEnabled bool SamlIdpSigningMethod string // contains filtered or unexported fields }
func (*Configuration) AddIdp ¶
func (c *Configuration) AddIdp(configurer IdpSecurityConfigurer)
type EndpointsProperties ¶
type EndpointsProperties struct { // TODO check_session is necessary and should be implemented. Java: SessionInfoEndpoint Authorize string `json:"authorize"` Token string `json:"token"` Approval string `json:"approval"` CheckToken string `json:"check-token"` TenantHierarchy string `json:"tenant-hierarchy"` Error string `json:"error"` Logout string `json:"logout"` LoggedOut string `json:"logged-out"` UserInfo string `json:"user-info"` JwkSet string `json:"jwk-set"` SamlMetadata string `json:"saml-metadata"` }
type IdpLogoutSecurityConfigurer ¶
type IdpLogoutSecurityConfigurer interface {
ConfigureLogout(ws security.WebSecurity, config *Configuration)
}
IdpLogoutSecurityConfigurer additional interface that IdpSecurityConfigurer could choose to implement for customizing "logout" process Note: IdpLogoutSecurityConfigurer is only invoked once per instance, the given security.WebSecurity are shared
between IDPs. Therefore, implementing class should not change Route or Condition on the given "ws"
type IdpSecurityConfigurer ¶
type IdpSecurityConfigurer interface {
Configure(ws security.WebSecurity, config *Configuration)
}
IdpSecurityConfigurer interface for IDPs to implement for customizing "authorize" process
type IssuerProperties ¶
type IssuerProperties struct { // the protocol which is either http or https Protocol string `json:"protocol"` // This server's host name // Used to build the entity base url. The entity url identifies this auth server in a SAML exchange and OIDC exchange. Domain string `json:"domain"` Port int `json:"port"` // Context base path for this server // Used to build the entity base url. The entity url identifies this auth server in a SAML exchange. ContextPath string `json:"context-path"` IncludePort bool `json:"include-port"` }
type LogoutEndpointConfigurer ¶
type LogoutEndpointConfigurer struct {
// contains filtered or unexported fields
}
LogoutEndpointConfigurer implements security.Configurer and order.Ordered responsible to configure "logout" endpoint
func (*LogoutEndpointConfigurer) Configure ¶
func (c *LogoutEndpointConfigurer) Configure(ws security.WebSecurity)
func (*LogoutEndpointConfigurer) Order ¶
func (c *LogoutEndpointConfigurer) Order() int
type TokenAuthEndpointsConfigurer ¶
type TokenAuthEndpointsConfigurer struct {
// contains filtered or unexported fields
}
TokenAuthEndpointsConfigurer implements security.Configurer and order.Ordered responsible to configure misc using token auth
func (*TokenAuthEndpointsConfigurer) Configure ¶
func (c *TokenAuthEndpointsConfigurer) Configure(ws security.WebSecurity)
func (*TokenAuthEndpointsConfigurer) Order ¶
func (c *TokenAuthEndpointsConfigurer) Order() int