Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationContext ¶
type AuthenticationContext interface {
OAuth2Provider() OAuth2Provider
OAuth2ResourceServer() OAuth2ResourceServer
OAuth2ClientConfig(requestURL *url.URL) *oauth2.Config
OidcProvider() *oidc.Provider
CookieManager() CookieHandler
Options() *config.Config
GetOAuth2MetadataURL() *url.URL
GetOIdCMetadataURL() *url.URL
GetHTTPClient() *http.Client
AuthMetadataService() service.AuthMetadataServiceServer
IdentityService() service.IdentityServiceServer
}
AuthenticationContext is a convenience wrapper object that holds all the utilities necessary to run Flyte Admin behind authentication It is constructed at the root server layer, and passed around to the various auth handlers and utility functions/objects.
type CookieHandler ¶
type CookieHandler interface {
SetTokenCookies(ctx context.Context, writer http.ResponseWriter, token *oauth2.Token) error
RetrieveTokenValues(ctx context.Context, request *http.Request) (idToken, accessToken, refreshToken string, err error)
SetUserInfoCookie(ctx context.Context, writer http.ResponseWriter, userInfo *service.UserInfoResponse) error
RetrieveUserInfo(ctx context.Context, request *http.Request) (*service.UserInfoResponse, error)
// SetAuthCodeCookie stores, in a cookie, the /authorize request url initiated by an app before executing OIdC protocol.
// This enables the service to recover it after the user completes the login process in an external OIdC provider.
SetAuthCodeCookie(ctx context.Context, writer http.ResponseWriter, authRequestURL string) error
// RetrieveAuthCodeRequest retrieves the /authorize request url from stored cookie to complete the OAuth2 app auth
// flow.
RetrieveAuthCodeRequest(ctx context.Context, request *http.Request) (authRequestURL string, err error)
DeleteCookies(ctx context.Context, writer http.ResponseWriter)
}
type HandlerRegisterer ¶
type HandlerRegisterer interface {
HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
}
type IdentityContext ¶
type IdentityContext interface {
UserID() string
Audience() string
AppID() string
UserInfo() *service.UserInfoResponse
AuthenticatedAt() time.Time
Scopes() sets.String
// Returns the full set of claims in the JWT token provided by the IDP.
Claims() map[string]interface{}
IsEmpty() bool
WithContext(ctx context.Context) context.Context
}
IdentityContext represents the authenticated identity and can be used to abstract the way the user/app authenticated to the platform.
type OAuth2Provider ¶
type OAuth2Provider interface {
fosite.OAuth2Provider
OAuth2ResourceServer
NewJWTSessionToken(subject, appID, issuer, audience string, userInfoClaims *service.UserInfoResponse) *fositeOAuth2.JWTSession
KeySet() jwk.Set
}
OAuth2Provider represents an OAuth2 Provider that can be used to issue OAuth2 tokens.
type OAuth2ResourceServer ¶
type OAuth2ResourceServer interface {
ValidateAccessToken(ctx context.Context, expectedAudience, tokenStr string) (IdentityContext, error)
}
OAuth2ResourceServer represents a resource server that can be accessed through an access token.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.