auth

package
v0.0.0-...-ec15290 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2024 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewOAuth2 

func NewOAuth2(providerName string, opts NewOAuth2Options) (p oAuth2, err error)

NewOAuth2 returns a new OAuth2 provider

Types

type GitHub 

type GitHub struct {
	// contains filtered or unexported fields
}

GitHub manages authentication with GitHub. It is based on the OAuth 2 provider.

func NewGitHub 

func NewGitHub(opts NewGitHubOptions) (p GitHub, err error)

NewGitHub returns a new GitHub provider

func (GitHub) GetProviderName 

func (a GitHub) GetProviderName() string

func (GitHub) OAuth2AuthorizeURL 

func (a GitHub) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (GitHub) OAuth2ExchangeCode 

func (a GitHub) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)

func (GitHub) OAuth2RetrieveProfile 

func (a GitHub) OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (*user.Profile, error)

func (GitHub) PopulateAdditionalClaims 

func (a GitHub) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))

func (GitHub) UserAllowed 

func (a GitHub) UserAllowed(profile *user.Profile) error

func (GitHub) UserIDFromProfile 

func (a GitHub) UserIDFromProfile(profile *user.Profile) string

func (GitHub) ValidateRequestClaims 

func (a GitHub) ValidateRequestClaims(r *http.Request, profile *user.Profile) error

type Google 

type Google struct {
	OpenIDConnect
	// contains filtered or unexported fields
}

Google manages authentication with Google Identity. It is based on the OpenIDConnect provider.

func NewGoogle 

func NewGoogle(opts NewGoogleOptions) (p Google, err error)

NewGoogle returns a new Google provider

func (Google) GetProviderName 

func (a Google) GetProviderName() string

func (Google) OAuth2AuthorizeURL 

func (a Google) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (Google) OAuth2ExchangeCode 

func (a Google) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)

func (Google) PopulateAdditionalClaims 

func (a Google) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))

func (Google) UserAllowed 

func (a Google) UserAllowed(profile *user.Profile) error

func (Google) UserIDFromProfile 

func (a Google) UserIDFromProfile(profile *user.Profile) string

func (Google) ValidateRequestClaims 

func (a Google) ValidateRequestClaims(r *http.Request, profile *user.Profile) error

type MicrosoftEntraID 

type MicrosoftEntraID struct {
	OpenIDConnect
}

MicrosoftEntraID manages authentication with Microsoft Entra ID. It is based on the OpenIDConnect provider.

func NewMicrosoftEntraID 

func NewMicrosoftEntraID(opts NewMicrosoftEntraIDOptions) (p MicrosoftEntraID, err error)

NewMicrosoftEntraID returns a new MicrosoftEntraID provider

func (MicrosoftEntraID) GetProviderName 

func (a MicrosoftEntraID) GetProviderName() string

func (MicrosoftEntraID) OAuth2AuthorizeURL 

func (a MicrosoftEntraID) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (MicrosoftEntraID) OAuth2ExchangeCode 

func (a MicrosoftEntraID) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)

func (MicrosoftEntraID) PopulateAdditionalClaims 

func (a MicrosoftEntraID) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))

func (MicrosoftEntraID) UserIDFromProfile 

func (a MicrosoftEntraID) UserIDFromProfile(profile *user.Profile) string

func (MicrosoftEntraID) ValidateRequestClaims 

func (a MicrosoftEntraID) ValidateRequestClaims(r *http.Request, profile *user.Profile) error

type NewGitHubOptions 

type NewGitHubOptions struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// If non-empty, allows these user accounts only
	AllowedUsers []string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewGitHubOptions is the options for NewGitHub

type NewGoogleOptions 

type NewGoogleOptions struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// If non-empty, allows these user accounts only (matching the internal user ID)
	AllowedUsers []string
	// If non-empty, allows users with these email addresses only
	AllowedEmails []string
	// If non-empty, allows these domains only
	AllowedDomains []string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewGoogleOptions is the options for NewGoogle

func (NewGoogleOptions) ToNewOpenIDConnectOptions 

func (o NewGoogleOptions) ToNewOpenIDConnectOptions() NewOpenIDConnectOptions

type NewMicrosoftEntraIDOptions 

type NewMicrosoftEntraIDOptions struct {
	// Tenant ID
	TenantID string
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// If non-empty, allows these user accounts only (matching the internal user ID)
	AllowedUsers []string
	// If non-empty, allows users with these email addresses only
	AllowedEmails []string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewMicrosoftEntraIDOptions is the options for NewMicrosoftEntraID

func (NewMicrosoftEntraIDOptions) ToNewOpenIDConnectOptions 

func (o NewMicrosoftEntraIDOptions) ToNewOpenIDConnectOptions() NewOpenIDConnectOptions

type NewOAuth2Options 

type NewOAuth2Options struct {
	Config    OAuth2Config
	Endpoints OAuth2Endpoints
	// Optional value for the issuer claim
	TokenIssuer string
	// Scopes for requesting the token
	// This is optional and defaults to "openid profile email"
	Scopes string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewOAuth2Options is the options for NewOAuth2

type NewOpenIDConnectOptions 

type NewOpenIDConnectOptions struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// Token issuer
	TokenIssuer string
	// If non-empty, allows these user accounts only, matching the "sub" claim
	AllowedUsers []string
	// If non-empty, allows users with these email addresses only, matching the "email" claim
	AllowedEmails []string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewOpenIDConnectOptions is the options for NewOpenIDConnect

type NewTailscaleWhoisOptions 

type NewTailscaleWhoisOptions struct {
	// If non-empty, requires the Tailnet of the user to match this value
	AllowedTailnet string
	// If non-empty, allows these user accounts only
	AllowedUsers []string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewTailscaleWhoisOptions is the options for NewTailscaleWhois

type OAuth2AccessToken 

type OAuth2AccessToken struct {
	Provider     string
	AccessToken  string
	Expires      time.Time
	IDToken      string
	RefreshToken string
	Scopes       []string
}

OAuth2AccessToken is a struct that represents an access token.

type OAuth2Config 

type OAuth2Config struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
}

type OAuth2Endpoints 

type OAuth2Endpoints struct {
	// Authorization URL
	Authorization string `json:"authorization_endpoint"`
	// Token URL
	Token string `json:"token_endpoint"`
	// User Info URL
	UserInfo string `json:"userinfo_endpoint"`
}

func (OAuth2Endpoints) Valid 

func (e OAuth2Endpoints) Valid() bool

Valid returns true if all fields are set

type OAuth2Provider 

type OAuth2Provider interface {
	Provider

	// OAuth2AuthorizeURL returns the URL where to redirect users to for authorization.
	OAuth2AuthorizeURL(state string, redirectURL string) (string, error)
	// OAuth2ExchangeCode an authorization code for an access token
	OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)
	// OAuth2RetrieveProfile retrieves the user's profile, using the id_token (if present) or requesting it from the user info endpoint.
	OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (*user.Profile, error)
}

OAuth2Provider is the interface that represents an auth provider that is based on OAuth2.

type OpenIDConnect 

type OpenIDConnect struct {
	// contains filtered or unexported fields
}

OpenIDConnect manages authentication with a generic OpenID Connect provider. It is based on the OAuth 2 provider.

func NewOpenIDConnect 

func NewOpenIDConnect(opts NewOpenIDConnectOptions) (p OpenIDConnect, err error)

NewOpenIDConnect returns a new OpenIDConnect provider The endpoints are resolved by retrieving the openid-configuration document from the URL of the token issuer.

func (OpenIDConnect) GetProviderName 

func (a OpenIDConnect) GetProviderName() string

func (OpenIDConnect) OAuth2AuthorizeURL 

func (a OpenIDConnect) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (OpenIDConnect) OAuth2ExchangeCode 

func (a OpenIDConnect) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)

func (OpenIDConnect) OAuth2RetrieveProfile 

func (a OpenIDConnect) OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (profile *user.Profile, err error)

func (OpenIDConnect) PopulateAdditionalClaims 

func (a OpenIDConnect) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))

func (OpenIDConnect) UserAllowed 

func (a OpenIDConnect) UserAllowed(profile *user.Profile) error

func (OpenIDConnect) UserIDFromProfile 

func (a OpenIDConnect) UserIDFromProfile(profile *user.Profile) string

func (OpenIDConnect) ValidateRequestClaims 

func (a OpenIDConnect) ValidateRequestClaims(r *http.Request, profile *user.Profile) error

type Provider 

type Provider interface {
	// GetProviderName returns the name of the provider
	GetProviderName() string
	// UserIDFromProfile returns the user ID to include in the "X-Forwarded-User" header, picking the appropriate value from the profile
	UserIDFromProfile(profile *user.Profile) string
	// ValidateRequestClaims validates that claims are valid for the incoming request from the client.
	ValidateRequestClaims(r *http.Request, profile *user.Profile) error
	// PopulateAdditionalClaims allows a provider to populate the AdditionalClaims property of a Profile object.
	PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))
	// UserAllowed checks if the user can authenticate based on allowlists and other rules.
	UserAllowed(profile *user.Profile) error
}

Provider is the interface that represents an auth provider.

type SeamlessProvider 

type SeamlessProvider interface {
	Provider

	// SeamlessAuth performs seamless authentication for the HTTP request.
	SeamlessAuth(r *http.Request) (*user.Profile, error)
}

SeamlessProvider is the interface that represents an auth provider that performs authentication based on flows that do not require user action, such as network.

type TailscaleWhois 

type TailscaleWhois struct {
	// contains filtered or unexported fields
}

TailscaleWhois is a Provider for authenticating with Tailscale Whois, for requests that are coming over a Tailscale network.

func NewTailscaleWhois 

func NewTailscaleWhois(opts NewTailscaleWhoisOptions) (p TailscaleWhois, err error)

NewTailscaleWhois returns a new TailscaleWhois provider

func (TailscaleWhois) GetProviderName 

func (a TailscaleWhois) GetProviderName() string

func (TailscaleWhois) PopulateAdditionalClaims 

func (a TailscaleWhois) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))

func (TailscaleWhois) SeamlessAuth 

func (a TailscaleWhois) SeamlessAuth(r *http.Request) (*user.Profile, error)

func (TailscaleWhois) UserAllowed 

func (a TailscaleWhois) UserAllowed(profile *user.Profile) error

func (TailscaleWhois) UserIDFromProfile 

func (a TailscaleWhois) UserIDFromProfile(profile *user.Profile) string

func (TailscaleWhois) ValidateRequestClaims 

func (a TailscaleWhois) ValidateRequestClaims(r *http.Request, profile *user.Profile) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.