v4.1.0+incompatible Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: May 1, 2019 License: Apache-2.0 Imports: 23 Imported by: 105




View Source
const (
	// WarningHeaderMiscCode is the code for "Miscellaneous warning", which may be displayed to human users
	WarningHeaderMiscCode = "199"
	// WarningHeaderOpenShiftSource is the name of the agent adding the warning header
	WarningHeaderOpenShiftSource = "Origin"


This section is empty.


func NewAuthorizeAuthenticator

func NewAuthorizeAuthenticator(request authenticator.Request, handler AuthenticationHandler, errorHandler AuthenticationErrorHandler) osinserver.AuthorizeHandler

NewAuthorizeAuthenticator returns a new Authenticator

func NewDenyAccessAuthenticator

func NewDenyAccessAuthenticator() osinserver.AccessHandler

NewDenyAccessAuthenticator returns an AccessAuthenticator which rejects all non-token access requests

func NewGrantCheck

func NewGrantCheck(check GrantChecker, handler GrantHandler, errorHandler GrantErrorHandler) osinserver.AuthorizeHandler

NewGrantCheck returns a new GrantCheck


type AuthenticationChallenger

type AuthenticationChallenger interface {
	// AuthenticationChallenge take a request and return whatever challenge headers are appropriate.  If none are appropriate, it should return an empty map, not nil.
	AuthenticationChallenge(req *http.Request) (header http.Header, err error)

AuthenticationChallenger reacts to unauthenticated requests with challenges

type AuthenticationErrorHandler

type AuthenticationErrorHandler interface {
	// AuthenticationError reacts to authentication errors, returns true if the response was written,
	// and returns any unhandled error (which should be the original error in most cases)
	AuthenticationError(error, http.ResponseWriter, *http.Request) (handled bool, err error)

AuthenticationErrorHandler reacts to authentication errors

type AuthenticationErrorHandlers

type AuthenticationErrorHandlers []AuthenticationErrorHandler

AuthenticationErrorHandlers combines multiple AuthenticationErrorHandler objects into a chain. Each handler is called in turn. If any handler writes the response, the chain is aborted. Otherwise, the next handler is called with the error returned from the previous handler.

func (AuthenticationErrorHandlers) AuthenticationError

func (all AuthenticationErrorHandlers) AuthenticationError(err error, w http.ResponseWriter, req *http.Request) (bool, error)

type AuthenticationHandler

type AuthenticationHandler interface {
	// AuthenticationNeeded reacts to unauthenticated requests, and returns true if the response was written,
	AuthenticationNeeded(client api.Client, w http.ResponseWriter, req *http.Request) (handled bool, err error)

AuthenticationHandler reacts to unauthenticated requests

func NewUnionAuthenticationHandler

func NewUnionAuthenticationHandler(passedChallengers map[string]AuthenticationChallenger, passedRedirectors *AuthenticationRedirectors, errorHandler AuthenticationErrorHandler, selectionHandler AuthenticationSelectionHandler) AuthenticationHandler

NewUnionAuthenticationHandler returns an oauth.AuthenticationHandler that muxes multiple challenge handlers and redirect handlers

type AuthenticationRedirector

type AuthenticationRedirector interface {
	// AuthenticationRedirect is expected to write a redirect to the ResponseWriter or to return an error.
	AuthenticationRedirect(w http.ResponseWriter, req *http.Request) (err error)

AuthenticationRedirector reacts to unauthenticated requests with redirects

type AuthenticationRedirectors

type AuthenticationRedirectors struct {
	// contains filtered or unexported fields

AuthenticationRedirectors is a collection that provides a list of acceptable authentication mechanisms

func (*AuthenticationRedirectors) Add

func (ar *AuthenticationRedirectors) Add(name string, redirector AuthenticationRedirector)

Add a name and a matching redirection routine to the list The entries added here will be retained in FIFO ordering.

func (*AuthenticationRedirectors) Count

func (ar *AuthenticationRedirectors) Count() int

Get a count of the AuthenticationRedirectors

func (*AuthenticationRedirectors) Get

Get the AuthenticationRedirector associated with a name. Also returns a boolean indicating whether the name matched

func (*AuthenticationRedirectors) GetNames

func (ar *AuthenticationRedirectors) GetNames() []string

Get the ordered list of names

type AuthenticationSelectionHandler

type AuthenticationSelectionHandler interface {
	// SelectAuthentication will choose which identity provider to use for login or handle the request
	// If the request is being handled, such as rendering a login provider selection page, then handled will
	// be true and selected will be nil.  If the request is not handled then a provider may be selected,
	// if a provider could not be selected then selected will be nil.
	SelectAuthentication([]api.ProviderInfo, http.ResponseWriter, *http.Request) (selected *api.ProviderInfo, handled bool, err error)

AuthenticationSelectionHandler is responsible for selecting which identity provider to use for login

type AuthenticationSuccessHandler

type AuthenticationSuccessHandler interface {
	// AuthenticationSucceeded reacts to a user authenticating, returns true if the response was written,
	// and returns false if the response was not written.
	AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)

AuthenticationSuccessHandler reacts to a user authenticating

type AuthenticationSuccessHandlers

type AuthenticationSuccessHandlers []AuthenticationSuccessHandler

AuthenticationSuccessHandlers combines multiple AuthenticationSuccessHandler objects into a chain. On success, each handler is called. If any handler writes the response or returns an error, the chain is aborted.

func (AuthenticationSuccessHandlers) AuthenticationSucceeded

func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)

type GrantCheck

type GrantCheck struct {
	// contains filtered or unexported fields

GrantCheck implements osinserver.AuthorizeHandler to ensure requested scopes have been authorized

func (*GrantCheck) HandleAuthorize

func (h *GrantCheck) HandleAuthorize(ar *osin.AuthorizeRequest, resp *osin.Response, w http.ResponseWriter) (bool, error)

HandleAuthorize implements osinserver.AuthorizeHandler to ensure the requested scopes have been authorized. The AuthorizeRequest.Authorized field must already be set to true for the grant check to occur. If the requested scopes are authorized, the AuthorizeRequest is unchanged. If the requested scopes are not authorized, or an error occurs, AuthorizeRequest.Authorized is set to false. If the response is written, true is returned. If the response is not written, false is returned.

type GrantChecker

type GrantChecker interface {
	// HasAuthorizedClient returns true if the user has authorized the client for the requested grant
	HasAuthorizedClient(user user.Info, grant *api.Grant) (bool, error)

GrantChecker is responsible for determining if a user has authorized a client for a requested grant

type GrantErrorHandler

type GrantErrorHandler interface {
	// GrantError reacts to grant errors, returns true if the response was written,
	// and returns any unhandled error (which could be the original error)
	GrantError(error, http.ResponseWriter, *http.Request) (handled bool, err error)

GrantErrorHandler reacts to grant errors

type GrantHandler

type GrantHandler interface {
	// GrantNeeded reacts when a client requests an unauthorized grant, and returns true if the response was written
	// granted is true if authorization was granted
	// handled is true if the response was already written
	GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (granted, handled bool, err error)

GrantHandler handles errors during the grant process, or the client requests an unauthorized grant

func NewAutoGrant

func NewAutoGrant() GrantHandler

NewAutoGrant returns a grant handler that automatically approves client authorizations

func NewEmptyGrant

func NewEmptyGrant() GrantHandler

NewEmptyGrant returns a no-op grant handler

func NewPerClientGrant

func NewPerClientGrant(prompt GrantHandler, defaultMethod oauthapi.GrantHandlerType) GrantHandler

NewPerClientGrant returns a grant handler that determines what to do based on the grant method in the client

func NewRedirectGrant

func NewRedirectGrant(subpath string) GrantHandler

NewRedirectGrant returns a grant handler that redirects to the given subpath when a grant is needed. The following query parameters are added to the URL:

then - original request URL
client_id - requesting client's ID
scopes - grant scope requested
redirect_uri - original authorize request redirect_uri

type TokenMaxAgeSeconds

type TokenMaxAgeSeconds interface {
	// GetTokenMaxAgeSeconds returns the max age of the token in seconds.
	// 0 means no expiration.
	// nil means to use the default expiration.
	GetTokenMaxAgeSeconds() *int32

type TokenTimeoutSeconds

type TokenTimeoutSeconds interface {
	// GetAccessTokenInactivityTimeoutSeconds returns the inactivity timeout
	// for the token in seconds. 0 means no timeout.
	// nil means to use the default expiration.
	GetAccessTokenInactivityTimeoutSeconds() *int32

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL