Documentation ¶
Index ¶
- func NewOAuth2(providerName string, opts NewOAuth2Options) (p oAuth2, err error)
- type GitHub
- func (a GitHub) GetProviderName() string
- func (a GitHub) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)
- func (a GitHub) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)
- func (a GitHub) OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (*user.Profile, error)
- func (a GitHub) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))
- func (a GitHub) UserAllowed(profile *user.Profile) error
- func (a GitHub) UserIDFromProfile(profile *user.Profile) string
- func (a GitHub) ValidateRequestClaims(r *http.Request, profile *user.Profile) error
- type Google
- func (a Google) GetProviderName() string
- func (a Google) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)
- func (a Google) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)
- func (a Google) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))
- func (a Google) UserAllowed(profile *user.Profile) error
- func (a Google) UserIDFromProfile(profile *user.Profile) string
- func (a Google) ValidateRequestClaims(r *http.Request, profile *user.Profile) error
- type MicrosoftEntraID
- func (a MicrosoftEntraID) GetProviderName() string
- func (a MicrosoftEntraID) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)
- func (a MicrosoftEntraID) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)
- func (a MicrosoftEntraID) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))
- func (a MicrosoftEntraID) UserIDFromProfile(profile *user.Profile) string
- func (a MicrosoftEntraID) ValidateRequestClaims(r *http.Request, profile *user.Profile) error
- type NewGitHubOptions
- type NewGoogleOptions
- type NewMicrosoftEntraIDOptions
- type NewOAuth2Options
- type NewOpenIDConnectOptions
- type NewTailscaleWhoisOptions
- type OAuth2AccessToken
- type OAuth2Config
- type OAuth2Endpoints
- type OAuth2Provider
- type OpenIDConnect
- func (a OpenIDConnect) GetProviderName() string
- func (a OpenIDConnect) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)
- func (a OpenIDConnect) OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error)
- func (a OpenIDConnect) OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (profile *user.Profile, err error)
- func (a OpenIDConnect) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))
- func (a OpenIDConnect) UserAllowed(profile *user.Profile) error
- func (a OpenIDConnect) UserIDFromProfile(profile *user.Profile) string
- func (a OpenIDConnect) ValidateRequestClaims(r *http.Request, profile *user.Profile) error
- type Provider
- type SeamlessProvider
- type TailscaleWhois
- func (a TailscaleWhois) GetProviderName() string
- func (a TailscaleWhois) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))
- func (a TailscaleWhois) SeamlessAuth(r *http.Request) (*user.Profile, error)
- func (a TailscaleWhois) UserAllowed(profile *user.Profile) error
- func (a TailscaleWhois) UserIDFromProfile(profile *user.Profile) string
- func (a TailscaleWhois) ValidateRequestClaims(r *http.Request, profile *user.Profile) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewOAuth2 ¶
func NewOAuth2(providerName string, opts NewOAuth2Options) (p oAuth2, err error)
NewOAuth2 returns a new OAuth2 provider
Types ¶
type GitHub ¶
type GitHub struct {
// contains filtered or unexported fields
}
GitHub manages authentication with GitHub. It is based on the OAuth 2 provider.
func NewGitHub ¶
func NewGitHub(opts NewGitHubOptions) (p GitHub, err error)
NewGitHub returns a new GitHub provider
func (GitHub) GetProviderName ¶
func (a GitHub) GetProviderName() string
func (GitHub) OAuth2AuthorizeURL ¶
func (GitHub) OAuth2ExchangeCode ¶
func (GitHub) OAuth2RetrieveProfile ¶
func (GitHub) PopulateAdditionalClaims ¶
func (GitHub) UserIDFromProfile ¶
type Google ¶
type Google struct { OpenIDConnect // contains filtered or unexported fields }
Google manages authentication with Google Identity. It is based on the OpenIDConnect provider.
func NewGoogle ¶
func NewGoogle(opts NewGoogleOptions) (p Google, err error)
NewGoogle returns a new Google provider
func (Google) GetProviderName ¶
func (a Google) GetProviderName() string
func (Google) OAuth2AuthorizeURL ¶
func (Google) OAuth2ExchangeCode ¶
func (Google) PopulateAdditionalClaims ¶
func (Google) UserIDFromProfile ¶
type MicrosoftEntraID ¶
type MicrosoftEntraID struct {
OpenIDConnect
}
MicrosoftEntraID manages authentication with Microsoft Entra ID. It is based on the OpenIDConnect provider.
func NewMicrosoftEntraID ¶
func NewMicrosoftEntraID(opts NewMicrosoftEntraIDOptions) (p MicrosoftEntraID, err error)
NewMicrosoftEntraID returns a new MicrosoftEntraID provider
func (MicrosoftEntraID) GetProviderName ¶
func (a MicrosoftEntraID) GetProviderName() string
func (MicrosoftEntraID) OAuth2AuthorizeURL ¶
func (MicrosoftEntraID) OAuth2ExchangeCode ¶
func (MicrosoftEntraID) PopulateAdditionalClaims ¶
func (MicrosoftEntraID) UserIDFromProfile ¶
func (a MicrosoftEntraID) UserIDFromProfile(profile *user.Profile) string
type NewGitHubOptions ¶
type NewGitHubOptions struct { // Client ID ClientID string // Client secret ClientSecret string // If non-empty, allows these user accounts only AllowedUsers []string // Request timeout; defaults to 10s RequestTimeout time.Duration }
NewGitHubOptions is the options for NewGitHub
type NewGoogleOptions ¶
type NewGoogleOptions struct { // Client ID ClientID string // Client secret ClientSecret string // If non-empty, allows these user accounts only (matching the internal user ID) AllowedUsers []string // If non-empty, allows users with these email addresses only AllowedEmails []string // If non-empty, allows these domains only AllowedDomains []string // Request timeout; defaults to 10s RequestTimeout time.Duration }
NewGoogleOptions is the options for NewGoogle
func (NewGoogleOptions) ToNewOpenIDConnectOptions ¶
func (o NewGoogleOptions) ToNewOpenIDConnectOptions() NewOpenIDConnectOptions
type NewMicrosoftEntraIDOptions ¶
type NewMicrosoftEntraIDOptions struct { // Tenant ID TenantID string // Client ID ClientID string // Client secret ClientSecret string // If non-empty, allows these user accounts only (matching the internal user ID) AllowedUsers []string // If non-empty, allows users with these email addresses only AllowedEmails []string // Request timeout; defaults to 10s RequestTimeout time.Duration }
NewMicrosoftEntraIDOptions is the options for NewMicrosoftEntraID
func (NewMicrosoftEntraIDOptions) ToNewOpenIDConnectOptions ¶
func (o NewMicrosoftEntraIDOptions) ToNewOpenIDConnectOptions() NewOpenIDConnectOptions
type NewOAuth2Options ¶
type NewOAuth2Options struct { Config OAuth2Config Endpoints OAuth2Endpoints // Optional value for the issuer claim TokenIssuer string // Scopes for requesting the token // This is optional and defaults to "openid profile email" Scopes string // Request timeout; defaults to 10s RequestTimeout time.Duration }
NewOAuth2Options is the options for NewOAuth2
type NewOpenIDConnectOptions ¶
type NewOpenIDConnectOptions struct { // Client ID ClientID string // Client secret ClientSecret string // Token issuer TokenIssuer string // If non-empty, allows these user accounts only, matching the "sub" claim AllowedUsers []string // If non-empty, allows users with these email addresses only, matching the "email" claim AllowedEmails []string // Request timeout; defaults to 10s RequestTimeout time.Duration }
NewOpenIDConnectOptions is the options for NewOpenIDConnect
type NewTailscaleWhoisOptions ¶
type NewTailscaleWhoisOptions struct { // If non-empty, requires the Tailnet of the user to match this value AllowedTailnet string // If non-empty, allows these user accounts only AllowedUsers []string // Request timeout; defaults to 10s RequestTimeout time.Duration }
NewTailscaleWhoisOptions is the options for NewTailscaleWhois
type OAuth2AccessToken ¶
type OAuth2AccessToken struct { Provider string AccessToken string Expires time.Time IDToken string RefreshToken string Scopes []string }
OAuth2AccessToken is a struct that represents an access token.
type OAuth2Config ¶
type OAuth2Endpoints ¶
type OAuth2Endpoints struct { // Authorization URL Authorization string `json:"authorization_endpoint"` // Token URL Token string `json:"token_endpoint"` // User Info URL UserInfo string `json:"userinfo_endpoint"` }
func (OAuth2Endpoints) Valid ¶
func (e OAuth2Endpoints) Valid() bool
Valid returns true if all fields are set
type OAuth2Provider ¶
type OAuth2Provider interface { Provider // OAuth2AuthorizeURL returns the URL where to redirect users to for authorization. OAuth2AuthorizeURL(state string, redirectURL string) (string, error) // OAuth2ExchangeCode an authorization code for an access token OAuth2ExchangeCode(ctx context.Context, code string, redirectURL string) (OAuth2AccessToken, error) // OAuth2RetrieveProfile retrieves the user's profile, using the id_token (if present) or requesting it from the user info endpoint. OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (*user.Profile, error) }
OAuth2Provider is the interface that represents an auth provider that is based on OAuth2.
type OpenIDConnect ¶
type OpenIDConnect struct {
// contains filtered or unexported fields
}
OpenIDConnect manages authentication with a generic OpenID Connect provider. It is based on the OAuth 2 provider.
func NewOpenIDConnect ¶
func NewOpenIDConnect(opts NewOpenIDConnectOptions) (p OpenIDConnect, err error)
NewOpenIDConnect returns a new OpenIDConnect provider The endpoints are resolved by retrieving the openid-configuration document from the URL of the token issuer.
func (OpenIDConnect) GetProviderName ¶
func (a OpenIDConnect) GetProviderName() string
func (OpenIDConnect) OAuth2AuthorizeURL ¶
func (OpenIDConnect) OAuth2ExchangeCode ¶
func (OpenIDConnect) OAuth2RetrieveProfile ¶
func (a OpenIDConnect) OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (profile *user.Profile, err error)
func (OpenIDConnect) PopulateAdditionalClaims ¶
func (OpenIDConnect) UserAllowed ¶
func (a OpenIDConnect) UserAllowed(profile *user.Profile) error
func (OpenIDConnect) UserIDFromProfile ¶
type Provider ¶
type Provider interface { // GetProviderName returns the name of the provider GetProviderName() string // UserIDFromProfile returns the user ID to include in the "X-Forwarded-User" header, picking the appropriate value from the profile UserIDFromProfile(profile *user.Profile) string // ValidateRequestClaims validates that claims are valid for the incoming request from the client. ValidateRequestClaims(r *http.Request, profile *user.Profile) error // PopulateAdditionalClaims allows a provider to populate the AdditionalClaims property of a Profile object. PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string)) // UserAllowed checks if the user can authenticate based on allowlists and other rules. UserAllowed(profile *user.Profile) error }
Provider is the interface that represents an auth provider.
type SeamlessProvider ¶
type SeamlessProvider interface { Provider // SeamlessAuth performs seamless authentication for the HTTP request. SeamlessAuth(r *http.Request) (*user.Profile, error) }
SeamlessProvider is the interface that represents an auth provider that performs authentication based on flows that do not require user action, such as network.
type TailscaleWhois ¶
type TailscaleWhois struct {
// contains filtered or unexported fields
}
TailscaleWhois is a Provider for authenticating with Tailscale Whois, for requests that are coming over a Tailscale network.
func NewTailscaleWhois ¶
func NewTailscaleWhois(opts NewTailscaleWhoisOptions) (p TailscaleWhois, err error)
NewTailscaleWhois returns a new TailscaleWhois provider
func (TailscaleWhois) GetProviderName ¶
func (a TailscaleWhois) GetProviderName() string
func (TailscaleWhois) PopulateAdditionalClaims ¶
func (a TailscaleWhois) PopulateAdditionalClaims(claims map[string]any, setClaimFn func(key, val string))
func (TailscaleWhois) SeamlessAuth ¶
func (TailscaleWhois) UserAllowed ¶
func (a TailscaleWhois) UserAllowed(profile *user.Profile) error
func (TailscaleWhois) UserIDFromProfile ¶
func (a TailscaleWhois) UserIDFromProfile(profile *user.Profile) string