Documentation ¶
Index ¶
- Variables
- func ErrAccess(details string) error
- func ErrKeyNotFound(key string) error
- func ErrUnknown(details string) error
- type AppleCredentialType
- type AuthorizationCodeCompleter
- type AuthorizationCodeResponse
- type CertificateRepository
- func (cr *CertificateRepository) AddSecurityConfiguration(sc *SecurityConfiguration)
- func (cr *CertificateRepository) GetDefaultConfiguration() *SecurityConfiguration
- func (cr *CertificateRepository) GetSecurityConfiguration(host string) *SecurityConfiguration
- func (cr *CertificateRepository) RemoveSecurityConfiguration(host string)
- func (cr *CertificateRepository) SetDefaultConfiguration(sc *SecurityConfiguration)
- type Client
- func (c *Client) Authorize(provider model.Provider) (string, error)
- func (c *Client) Complete(authResp *AuthorizationCodeResponse, err error)
- func (c *Client) Exchange(authResp *AuthorizationCodeResponse) (*http.Client, error)
- func (c *Client) Login(provider int, webView WebViewLauncher, completion LoginCompleter)
- func (c *Client) Request(request *Request) (*Response, error)
- func (c *Client) SignInWithApple(user *SignInWithAppleData) (*UserData, error)
- type ClientConfig
- type Config
- type ErrorCompleter
- type KeyStore
- type Logger
- type LoginCompleter
- type Request
- type Response
- type SecurityConfiguration
- type SignInWithApple
- type SignInWithAppleData
- type UserData
- type WebViewLauncher
Constants ¶
This section is empty.
Variables ¶
var (
ErrInvalidState = errors.New("invalid state")
)
Common errors.
Functions ¶
func ErrKeyNotFound ¶
ErrKeyNotFound creates a key not found error.
Types ¶
type AppleCredentialType ¶
type AppleCredentialType string
AppleCredentialType is the means through which the user authenticating using Sign In With Apple.
const ( AppleCredentialTypeAppleID AppleCredentialType = "apple_id" // Apple ID AppleCredentialTypePassword AppleCredentialType = "password" // Username and password )
Supported Apple credential types.
type AuthorizationCodeCompleter ¶
type AuthorizationCodeCompleter interface {
Complete(authResp *AuthorizationCodeResponse, err error)
}
AuthorizationCodeCompleter handles client-side asynchronous completion of an authorization request.
type AuthorizationCodeResponse ¶
type AuthorizationCodeResponse ftauth.AuthorizationCodeResponse
AuthorizationCodeResponse holds the query parameters returned from a successful Authorize call, as well as an error if any error occurred.
func NewAuthorizationCodeResponse ¶
func NewAuthorizationCodeResponse(code, state string, err error) *AuthorizationCodeResponse
NewAuthorizationCodeResponse creates a new authorization code response with the query parameters of a successful callback.
type CertificateRepository ¶
type CertificateRepository ftauth.CertificateRepository
CertificateRepository holds a map of hosts to certificate pools for use with TLS handshake verification (i.e. certificate pinning).
func GetCertificateRepository ¶
func GetCertificateRepository() *CertificateRepository
GetCertificateRepository returns the main certificate repo for adding/removing security configurations.
func (*CertificateRepository) AddSecurityConfiguration ¶
func (cr *CertificateRepository) AddSecurityConfiguration(sc *SecurityConfiguration)
AddSecurityConfiguration configures the TLS client for request to the specified host.
func (*CertificateRepository) GetDefaultConfiguration ¶
func (cr *CertificateRepository) GetDefaultConfiguration() *SecurityConfiguration
GetDefaultConfiguration returns the default security configuration, i.e. the configuration used when a server's configuration has not been explicitly set.
func (*CertificateRepository) GetSecurityConfiguration ¶
func (cr *CertificateRepository) GetSecurityConfiguration(host string) *SecurityConfiguration
GetSecurityConfiguration returns the stored configuration for the given host, returning nil if not found.
func (*CertificateRepository) RemoveSecurityConfiguration ¶
func (cr *CertificateRepository) RemoveSecurityConfiguration(host string)
RemoveSecurityConfiguration resets the security configuration for the host, using the default security configuration instead.
func (*CertificateRepository) SetDefaultConfiguration ¶
func (cr *CertificateRepository) SetDefaultConfiguration(sc *SecurityConfiguration)
SetDefaultConfiguration sets the default security configuration, i.e. the configuration used when a server's configuration has not been explicitly set.
type Client ¶
Client communicates with HTTP services on behalf of an authenticated user.
func (*Client) Authorize ¶
Authorize returns a URL through which the user must authenticate. The client is responsible for listening to redirect steps and capturing the query parameters for use with Exchange.
func (*Client) Complete ¶
func (c *Client) Complete(authResp *AuthorizationCodeResponse, err error)
Complete handles completion of an authorization code request.
func (*Client) Exchange ¶
func (c *Client) Exchange(authResp *AuthorizationCodeResponse) (*http.Client, error)
Exchange communicates with the FTAuth server, exchanging the authorization code for an access + refresh token.
func (*Client) Login ¶
func (c *Client) Login(provider int, webView WebViewLauncher, completion LoginCompleter)
Login triggers the authentication flow and handles redirects on the mobile side to return an authenticated HTTP client.
func (*Client) SignInWithApple ¶
func (c *Client) SignInWithApple(user *SignInWithAppleData) (*UserData, error)
SignInWithApple is a special login function for working with Apple's login system on iOS 13. iOS 12 and all other providers use the Login function with the provider specified.
type ClientConfig ¶
type ClientConfig ft.ClientConfig
ClientConfig holds client options and settings.
type Config ¶
Config holds options for configuring the client. Use DefaultOptions if unsure.
func NewConfig ¶
func NewConfig( keyStore KeyStore, logger Logger, clientConfig *ClientConfig, ) (*Config, error)
NewConfig creates an options object for configuring an FTAuth client.
func NewConfigWithJSON ¶
func NewConfigWithJSON( keyStore KeyStore, logger Logger, clientConfigJSON []byte, ) (*Config, error)
NewConfigWithJSON creates an options object for configuring an FTAuth client with client config in JSON format.
func (*Config) GetClientConfig ¶
func (config *Config) GetClientConfig() *ClientConfig
GetClientConfig returns the configured client options.
type ErrorCompleter ¶
type ErrorCompleter interface {
Complete(err error)
}
ErrorCompleter completes with an error (or nil).
type KeyStore ¶
KeyStore exchanges private key data with a backend keychain. Implementations will vary by client, but all should be encrypted or reasonably protected against attacks.
type LoginCompleter ¶
LoginCompleter can be used by the mobile side to receive a notification when the login process completed successfully (with a username), or with an error.
type Request ¶
Request holds an HTTP request.
func NewRequest ¶
NewRequest creates a new HTTP request
type SecurityConfiguration ¶
type SecurityConfiguration ftauth.SecurityConfiguration
SecurityConfiguration holds a host-specific configuration for the rules to use when verifying a TLS handshake.
func NewSecurityConfiguration ¶
func NewSecurityConfiguration(host string, trustPublicPKI bool) *SecurityConfiguration
NewSecurityConfiguration creates a new configuration object for the given host. Must call CertficateRepository.AddSecurityConfiguration() for it to take effect.
func (*SecurityConfiguration) AddIntermediateASN1 ¶
func (sc *SecurityConfiguration) AddIntermediateASN1(asn1 []byte) error
AddIntermediateASN1 pins the intermediate certificate (in ASN1 DER format), adding it to the list of verified certificates for the host in this configuration.
func (*SecurityConfiguration) AddIntermediatePEM ¶
func (sc *SecurityConfiguration) AddIntermediatePEM(pem []byte) error
AddIntermediatePEM pins the intermediate certificate(s) (in PEM format), adding them to the list of verified certificates for the host in this configuration.
func (*SecurityConfiguration) ResetPinning ¶
func (sc *SecurityConfiguration) ResetPinning()
ResetPinning removes all intermediate certs and resets TrustSystemRoots to true.
type SignInWithApple ¶
type SignInWithApple interface {
SignInWithApple(user *SignInWithAppleData) (*UserData, error)
}
SignInWithApple is the callback for the iOS13+ Sign In With Apple flow. Basically, it's the reverse of the typical flow, since the OAuth flow is handled by Apple, then we store a copy of the information on our end and convert it into a UserData object via the server.
type SignInWithAppleData ¶
type SignInWithAppleData struct { CredentialType AppleCredentialType // AppleCredentialTypeAppleID UserID string AuthCode []byte Scopes []string IDToken []byte Email string FirstName string LastName string RealUserStatus int // AppleCredentialTypePassword Username string Password string }
SignInWithAppleData holds the data we can expect to receive back from iOS after a successful login call, broken out by credential type.
func NewSignInWithAppleIDData ¶
func NewSignInWithAppleIDData( UserID string, AuthCode []byte, Scopes string, IDToken []byte, Email string, FirstName string, LastName string, RealUserStatus int, ) *SignInWithAppleData
NewSignInWithAppleIDData returns a data object for the Apple ID flow.
func NewSignInWithApplePasswordData ¶
func NewSignInWithApplePasswordData(username, password string) *SignInWithAppleData
NewSignInWithApplePasswordData returns a data object for the password flow.
func (*SignInWithAppleData) Valid ¶
func (data *SignInWithAppleData) Valid() error
Valid returns whether or not the data is valid, for ensuring we receive valid data from the mobile side.
type WebViewLauncher ¶
type WebViewLauncher interface {
LaunchURL(url string, completer AuthorizationCodeCompleter)
}
WebViewLauncher handles opening URLs on mobile/desktop clients.