Documentation
¶
Index ¶
- Variables
- type State
- func (*State) Descriptor() ([]byte, []int)deprecated
- func (x *State) GetCreateTime() *timestamp.Timestamp
- func (x *State) GetExpirationTime() *timestamp.Timestamp
- func (x *State) GetFinalRedirectUrl() string
- func (x *State) GetNonce() string
- func (x *State) GetProviderConfigHash() uint64
- func (x *State) GetTokenRequestId() string
- func (*State) ProtoMessage()
- func (x *State) ProtoReflect() protoreflect.Message
- func (x *State) Reset()
- func (x *State) String() string
- func (s *State) Validate(ctx context.Context) error
- type Token
- func (*Token) Descriptor() ([]byte, []int)deprecated
- func (x *Token) GetExpirationTime() *timestamp.Timestamp
- func (x *Token) GetRequestId() string
- func (*Token) ProtoMessage()
- func (x *Token) ProtoReflect() protoreflect.Message
- func (x *Token) Reset()
- func (x *Token) String() string
- func (t *Token) Validate(ctx context.Context) error
- type Wrapper
- func (*Wrapper) Descriptor() ([]byte, []int)deprecated
- func (x *Wrapper) GetAuthMethodId() string
- func (x *Wrapper) GetCt() []byte
- func (x *Wrapper) GetScopeId() string
- func (x *Wrapper) GetWrapperKeyId() string
- func (*Wrapper) ProtoMessage()
- func (x *Wrapper) ProtoReflect() protoreflect.Message
- func (x *Wrapper) Reset()
- func (x *Wrapper) String() string
- func (w *Wrapper) Validate(ctx context.Context) error
Constants ¶
This section is empty.
Variables ¶
View Source
var File_controller_storage_auth_oidc_request_v1_request_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type State ¶
type State struct {
// token_request_id is the id. This id is used by the client to poll for a Boundary
// token, once the final leg of the authen flow is compeleted. The Callback uses this
// id to create a "pending" token for that polling process.
TokenRequestId string `protobuf:"bytes,10,opt,name=token_request_id,json=tokenRequestId,proto3" json:"token_request_id,omitempty"`
// create_time of the request that started the authentication flow.
CreateTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
// expiration_time of the authenticaion flow.
ExpirationTime *timestamp.Timestamp `protobuf:"bytes,30,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty"`
// final_redirect_url that will be sent back to the client after the callback
FinalRedirectUrl string `protobuf:"bytes,40,opt,name=final_redirect_url,json=finalRedirectUrl,proto3" json:"final_redirect_url,omitempty"`
// nonce of the request which is used to verify the ID Token in the third leg
// as a way to prevent replay attacks.
//
// See https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
// and https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes.
Nonce string `protobuf:"bytes,50,opt,name=nonce,proto3" json:"nonce,omitempty"`
// provider_config_hash can be used to see if the provider's config has changed
// since the request started.
ProviderConfigHash uint64 `protobuf:"varint,60,opt,name=provider_config_hash,json=providerConfigHash,proto3" json:"provider_config_hash,omitempty"`
// contains filtered or unexported fields
}
First, State is used in constructing the authorization URL, in the first leg of the authen flow. State represents the unique data used to construct an oidc.Request (see: https://github.com/hashicorp/cap/blob/main/oidc/request.go). State needs enough information, that when combined with a Boundary oidc auth method, a proper oidc.Request can be recreated during the second leg of the authen flow. State also needs the provider.ConfigHash() used to from the first leg, so it can verify the Boundary's oidc auth method configuration hasn't changed since the authen flow began.
func (*State) Descriptor
deprecated
func (*State) GetCreateTime ¶
func (*State) GetExpirationTime ¶
func (*State) GetFinalRedirectUrl ¶
func (*State) GetProviderConfigHash ¶
func (*State) GetTokenRequestId ¶
func (*State) ProtoMessage ¶
func (*State) ProtoMessage()
func (*State) ProtoReflect ¶
func (x *State) ProtoReflect() protoreflect.Message
type Token ¶
type Token struct {
// request_id for the token.
RequestId string `protobuf:"bytes,10,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
// expiration_time of the authenticaion flow.
ExpirationTime *timestamp.Timestamp `protobuf:"bytes,20,opt,name=expiration_time,json=expirationTime,proto3" json:"expiration_time,omitempty"`
// contains filtered or unexported fields
}
Token is the request token that's returned as part of the auth_token_url from oidc.StartAuth(...)
func (*Token) Descriptor
deprecated
func (*Token) GetExpirationTime ¶
func (*Token) GetRequestId ¶
func (*Token) ProtoMessage ¶
func (*Token) ProtoMessage()
func (*Token) ProtoReflect ¶
func (x *Token) ProtoReflect() protoreflect.Message
type Wrapper ¶
type Wrapper struct {
// auth_method_id is the auth method of the oidc request
AuthMethodId string `protobuf:"bytes,10,opt,name=auth_method_id,json=authMethodId,proto3" json:"auth_method_id,omitempty"`
// scope_id is the auth method's scope
ScopeId string `protobuf:"bytes,20,opt,name=scope_id,json=scopeId,proto3" json:"scope_id,omitempty"`
// wrapper_key_id is the DEK wrapper key id which was used to derive the
// cipher's key
WrapperKeyId string `protobuf:"bytes,30,opt,name=wrapper_key_id,json=wrapperKeyId,proto3" json:"wrapper_key_id,omitempty"`
// ct is the encrypted cipher text
Ct []byte `protobuf:"bytes,40,opt,name=ct,proto3" json:"ct,omitempty"`
// contains filtered or unexported fields
}
Wrapper wraps an encrypted cipher text with non-sensitive info which allows Boundary to determine how to decrypt the wrappered cipher text (ct) field.
func (*Wrapper) Descriptor
deprecated
func (*Wrapper) GetAuthMethodId ¶
func (*Wrapper) GetScopeId ¶
func (*Wrapper) GetWrapperKeyId ¶
func (*Wrapper) ProtoMessage ¶
func (*Wrapper) ProtoMessage()
func (*Wrapper) ProtoReflect ¶
func (x *Wrapper) ProtoReflect() protoreflect.Message
Source Files
Click to show internal directories.
Click to hide internal directories.