Documentation ¶
Index ¶
Constants ¶
const DefaultCreateChallengePath = "/webauth-sshcert/v1/getChallenge"
DefaultCreateChallengePath is a well known path that is suggested to be used by consumers of this library This will be used by default by clients using the client library.
const DefaultLoginWithChallengePath = "/webauth-sshcert/v1/loginWithChallenge"
DefaultLoginWithChallengePath is a well known path that is suggested to be used by consumers of this library
const ExpirationChallengeMaxAge = time.Second * 30
ExpirationChallengeMaxAge is the maximum time for a challenge to be considered valid.
Variables ¶
This section is empty.
Functions ¶
func FingerprintSHA256 ¶
FingerprintSHA256 returns the base64 encoding of the sha256 hash with the trailing equal sign removed
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator contains all the structures to authenticate using we ssh-certs for web.
func NewAuthenticator ¶
func NewAuthenticator(hostnames []string, caKeys []string) *Authenticator
NewAuthenticator returns a new Authenticator ready to authenticate usres given the hostnames and caKeys.
func (*Authenticator) CreateChallengeHandler ¶
func (a *Authenticator) CreateChallengeHandler(w http.ResponseWriter, r *http.Request) error
CreateChallengeHandler is the function that should be handleded to do the server mux in order to create the challenge.
func (*Authenticator) LoginWithChallenge ¶
LoginWithChallenge should be attached to the loginwith challenge path, it the job of how to keep the session do /do the redirect is dependent on the caller This function returns the authenticated username, expiration time of the authentication
type ChallengeResponseData ¶
type ChallengeResponseData struct { Challenge string `json:"challenge"` AllowedIssuerFingerprints []string `json:"allowed_issuer_fingerprints,omitempty"` }
ChallengeResponseData is the json struct of the response when requesting a challenge from the Server