session

Documentation

Index

• Constants
• type Session
  • func (s *Session) Claims(issuerURL string) jose.Claims
• type SessionKey
• type SessionKeyRepo
• type SessionRepo
• type SessionState

Constants

const (
	SessionStateNew            = SessionState("NEW")
	SessionStateRemoteAttached = SessionState("REMOTE_ATTACHED")
	SessionStateIdentified     = SessionState("IDENTIFIED")
	SessionStateDead           = SessionState("EXCHANGED")
)

const (

	// The default token expiration time.
	// This is exported, so it can be used to set the expiration
	// time in refresh token flow.
	DefaultSessionValidityWindow = 12 * time.Hour
)

Types

type Session

type Session struct {
	ConnectorID string
	ID          string
	State       SessionState
	CreatedAt   time.Time
	ExpiresAt   time.Time
	ClientID    string
	ClientState string
	RedirectURL url.URL
	Identity    oidc.Identity
	UserID      string

	// Regsiter indicates that this session is a registration flow.
	Register bool

	// Nonce is optionally provided in the initial authorization request, and
	// propogated in such cases to the generated claims.
	Nonce string

	// Scope is the 'scope' field in the authentication request. Example scopes
	// are 'openid', 'email', 'offline', etc.
	Scope scope.Scopes

	// Groups the user belongs to.
	Groups []string
}

func (*Session) Claims

func (s *Session) Claims(issuerURL string) jose.Claims

Claims returns a new set of Claims for the current session. The "sub" of the returned Claims is that of the dex User, not whatever remote Identity was used to authenticate.

type SessionKey

type SessionKey struct {
	Key       string
	SessionID string
}

type SessionKeyRepo

type SessionKeyRepo interface {
	Push(SessionKey, time.Duration) error
	Pop(string) (string, error)
}

type SessionRepo

type SessionRepo interface {
	Get(string) (*Session, error)
	Create(Session) error
	Update(Session) error
}

type SessionState

type SessionState string