Documentation

Index

Constants

View Source
const (
	AdminAPIVersion      = "v1"
	AdminAPISecretLength = 128
)
View Source
const (
	LoginPageTemplateName              = "login.html"
	RegisterTemplateName               = "register.html"
	VerifyEmailTemplateName            = "verify-email.html"
	SendResetPasswordEmailTemplateName = "send-reset-password.html"
	ResetPasswordTemplateName          = "reset-password.html"
	OOBTemplateName                    = "oob-template.html"
	APIVersion                         = "v1"
)

Variables

View Source
var (
	AdminGetEndpoint          = addBasePath("/admin/:id")
	AdminCreateEndpoint       = addBasePath("/admin")
	AdminGetStateEndpoint     = addBasePath("/state")
	AdminCreateClientEndpoint = addBasePath("/client")
	AdminConnectorsEndpoint   = addBasePath("/connectors")
)
View Source
var (
	UsersSubTree                  = "/users"
	UsersListEndpoint             = addBasePath(UsersSubTree)
	UsersCreateEndpoint           = addBasePath(UsersSubTree)
	UsersGetEndpoint              = addBasePath(UsersSubTree + "/:id")
	UsersDisableEndpoint          = addBasePath(UsersSubTree + "/:id/disable")
	UsersResendInvitationEndpoint = addBasePath(UsersSubTree + "/:id/resend-invitation")
	AccountSubTree                = "/account"
	AccountListRefreshTokens      = addBasePath(AccountSubTree + "/:userid/refresh")
	AccountRevokeRefreshToken     = addBasePath(AccountSubTree + "/:userid/refresh/:clientid")
)

Functions

This section is empty.

Types

type AdminServer

type AdminServer struct {
	// contains filtered or unexported fields
}

    AdminServer serves the admin API.

    func NewAdminServer

    func NewAdminServer(adminAPI *admin.AdminAPI, rotator *key.PrivateKeyRotator, secret string) *AdminServer

    func (*AdminServer) HTTPHandler

    func (s *AdminServer) HTTPHandler() http.Handler

    type InvitationHandler

    type InvitationHandler struct {
    	// contains filtered or unexported fields
    }

    func (*InvitationHandler) ServeHTTP

    func (h *InvitationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

    type JWTVerifierFactory

    type JWTVerifierFactory func(clientID string) oidc.JWTVerifier
    type Link struct {
    	URL         string
    	ID          string
    	DisplayName string
    }

    type MultiServerConfig

    type MultiServerConfig struct {
    	KeySecrets     [][]byte
    	DatabaseConfig db.Config
    	UseOldFormat   bool
    }

    func (*MultiServerConfig) Configure

    func (cfg *MultiServerConfig) Configure(srv *Server) error

    type OIDCServer

    type OIDCServer interface {
    	Client(string) (client.Client, error)
    	NewSession(connectorID, clientID, clientState string, redirectURL url.URL, nonce string, register bool, scope []string) (string, error)
    	Login(oidc.Identity, string) (string, error)
    
    	// CodeToken exchanges a code for an ID token and a refresh token string on success.
    	CodeToken(creds oidc.ClientCredentials, sessionKey string) (*jose.JWT, string, time.Time, error)
    
    	ClientCredsToken(creds oidc.ClientCredentials) (*jose.JWT, time.Time, error)
    
    	// RefreshToken takes a previously generated refresh token and returns a new ID token and new refresh token
    	// if the token is valid.
    	RefreshToken(creds oidc.ClientCredentials, scopes scope.Scopes, token string) (*jose.JWT, string, time.Time, error)
    
    	KillSession(string) error
    
    	CrossClientAuthAllowed(requestingClientID, authorizingClientID string) (bool, error)
    }

    type ResetPasswordHandler

    type ResetPasswordHandler struct {
    	// contains filtered or unexported fields
    }

    func (*ResetPasswordHandler) ServeHTTP

    func (h *ResetPasswordHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

    type SendResetPasswordEmailHandler

    type SendResetPasswordEmailHandler struct {
    	// contains filtered or unexported fields
    }

    func (*SendResetPasswordEmailHandler) ServeHTTP

    type Server

    type Server struct {
    	IssuerURL url.URL
    
    	Templates                      *template.Template
    	LoginTemplate                  *template.Template
    	RegisterTemplate               *template.Template
    	VerifyEmailTemplate            *template.Template
    	SendResetPasswordEmailTemplate *template.Template
    	ResetPasswordTemplate          *template.Template
    	OOBTemplate                    *template.Template
    
    	HealthChecks []health.Checkable
    	// TODO(ericchiang): Make this a map of ID to connector.
    	Connectors []connector.Connector
    
    	ClientRepo          client.ClientRepo
    	ConnectorConfigRepo connector.ConnectorConfigRepo
    	KeySetRepo          key.PrivateKeySetRepo
    	RefreshTokenRepo    refresh.RefreshTokenRepo
    	UserRepo            user.UserRepo
    	PasswordInfoRepo    user.PasswordInfoRepo
    
    	ClientManager  *clientmanager.ClientManager
    	KeyManager     key.PrivateKeyManager
    	SessionManager *sessionmanager.SessionManager
    	UserManager    *usermanager.UserManager
    
    	UserEmailer *useremail.UserEmailer
    
    	EnableRegistration           bool
    	EnableClientRegistration     bool
    	EnableClientCredentialAccess bool
    	RegisterOnFirstLogin         bool
    	// contains filtered or unexported fields
    }

    func (*Server) AddConnector

    func (s *Server) AddConnector(cfg connector.ConnectorConfig) error

    func (*Server) Client

    func (s *Server) Client(clientID string) (client.Client, error)

    func (*Server) ClientCredsToken

    func (s *Server) ClientCredsToken(creds oidc.ClientCredentials) (*jose.JWT, time.Time, error)

    func (*Server) CodeToken

    func (s *Server) CodeToken(creds oidc.ClientCredentials, sessionKey string) (*jose.JWT, string, time.Time, error)

    func (*Server) CrossClientAuthAllowed

    func (s *Server) CrossClientAuthAllowed(requestingClientID, authorizingClientID string) (bool, error)

    func (*Server) HTTPHandler

    func (s *Server) HTTPHandler() http.Handler

    func (*Server) JWTVerifierFactory

    func (s *Server) JWTVerifierFactory() JWTVerifierFactory

    func (*Server) KillSession

    func (s *Server) KillSession(sessionKey string) error

    func (*Server) Login

    func (s *Server) Login(ident oidc.Identity, key string) (string, error)

    func (*Server) NewClientTokenAuthHandler

    func (s *Server) NewClientTokenAuthHandler(handler http.Handler) http.Handler

      NewClientTokenAuthHandler returns the given handler wrapped in middleware which requires a Client Bearer token.

      func (*Server) NewSession

      func (s *Server) NewSession(ipdcID, clientID, clientState string, redirectURL url.URL, nonce string, register bool, scope []string) (string, error)

      func (*Server) ProviderConfig

      func (s *Server) ProviderConfig() oidc.ProviderConfig

      func (*Server) RefreshToken

      func (s *Server) RefreshToken(creds oidc.ClientCredentials, scopes scope.Scopes, token string) (*jose.JWT, string, time.Time, error)

      func (*Server) Run

      func (s *Server) Run() chan struct{}

      type ServerConfig

      type ServerConfig struct {
      	IssuerURL                    string
      	IssuerName                   string
      	IssuerLogoURL                string
      	TemplateDir                  string
      	EmailTemplateDirs            []string
      	EmailFromAddress             string
      	EmailerConfigFile            string
      	StateConfig                  StateConfigurer
      	EnableRegistration           bool
      	EnableClientRegistration     bool
      	EnableClientCredentialAccess bool
      	RegisterOnFirstLogin         bool
      }

      func (*ServerConfig) Server

      func (cfg *ServerConfig) Server() (*Server, error)

      type SingleServerConfig

      type SingleServerConfig struct {
      	ClientsFile    string
      	ConnectorsFile string
      	UsersFile      string
      }

      func (*SingleServerConfig) Configure

      func (cfg *SingleServerConfig) Configure(srv *Server) error

      type StateConfigurer

      type StateConfigurer interface {
      	Configure(*Server) error
      }

      type Template

      type Template interface {
      	Execute(io.Writer, interface{}) error
      }

      type UserMgmtServer

      type UserMgmtServer struct {
      	// contains filtered or unexported fields
      }

      func NewUserMgmtServer

      func NewUserMgmtServer(userMgmtAPI *api.UsersAPI, jwtvFactory JWTVerifierFactory, um *usermanager.UserManager, cm *clientmanager.ClientManager, allowClientCredsAuth bool) *UserMgmtServer

      func (*UserMgmtServer) HTTPHandler

      func (s *UserMgmtServer) HTTPHandler() http.Handler