View Source
const (
	SessionStateNew            = SessionState("NEW")
	SessionStateRemoteAttached = SessionState("REMOTE_ATTACHED")
	SessionStateIdentified     = SessionState("IDENTIFIED")
	SessionStateDead           = SessionState("EXCHANGED")
View Source
const (

	// The default token expiration time.
	// This is exported, so it can be used to set the expiration
	// time in refresh token flow.
	DefaultSessionValidityWindow = 12 * time.Hour


This section is empty.


This section is empty.


type Session

type Session struct {
	ConnectorID string
	ID          string
	State       SessionState
	CreatedAt   time.Time
	ExpiresAt   time.Time
	ClientID    string
	ClientState string
	RedirectURL url.URL
	Identity    oidc.Identity
	UserID      string

	// Regsiter indicates that this session is a registration flow.
	Register bool

	// Nonce is optionally provided in the initial authorization request, and
	// propogated in such cases to the generated claims.
	Nonce string

	// Scope is the 'scope' field in the authentication request. Example scopes
	// are 'openid', 'email', 'offline', etc.
	Scope scope.Scopes

	// Groups the user belongs to.
	Groups []string

func (*Session) Claims

func (s *Session) Claims(issuerURL string) jose.Claims

    Claims returns a new set of Claims for the current session. The "sub" of the returned Claims is that of the dex User, not whatever remote Identity was used to authenticate.

    type SessionKey

    type SessionKey struct {
    	Key       string
    	SessionID string

    type SessionKeyRepo

    type SessionKeyRepo interface {
    	Push(SessionKey, time.Duration) error
    	Pop(string) (string, error)

    type SessionRepo

    type SessionRepo interface {
    	Get(string) (*Session, error)
    	Create(Session) error
    	Update(Session) error

    type SessionState

    type SessionState string

    Source Files


    Path Synopsis