Documentation

Overview

Package basicauthpassword implements authenticator.Password by making a BasicAuth call to a remote endpoint and extracting user information from a JSON response.

Index

Constants

This section is empty.

Variables

View Source
var RedirectAttemptedError = errors.New("Redirect attempted")

Functions

func New

func New(providerName string, url string, transport http.RoundTripper, mapper authapi.UserIdentityMapper) authenticator.Password

New returns an authenticator which will make a basic auth call to the given url. A custom transport can be provided (typically to customize TLS options like trusted roots or present a client certificate). If no transport is provided, http.DefaultTransport is used

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator uses basic auth to make a request to a JSON-returning URL. A 401 status indicate failed auth. A non-200 status or the presence of an "error" key with a non-empty

value indicates an error:
{"error":"Error message"}

A 200 status with an "id" key indicates success:

{"id":"userid"}

A successful response may also include name and/or email:

{"id":"userid", "name": "User Name", "email":"user@example.com"}

func (*Authenticator) AuthenticatePassword

func (a *Authenticator) AuthenticatePassword(ctx context.Context, username, password string) (*authenticator.Response, bool, error)

type RemoteError

type RemoteError struct {
	Error string
}

RemoteError holds error data returned from a remote authentication request

type RemoteUserData

type RemoteUserData struct {
	// Subject - Identifier for the End-User at the Issuer. Required.
	Subject string `json:"sub"`
	// Name is the end-User's full name in displayable form including all name parts, possibly including titles and suffixes,
	// ordered according to the End-User's locale and preferences.  Optional.
	Name string `json:"name"`
	// PreferredUsername is a shorthand name by which the End-User wishes to be referred. Optional.
	// Useful when the immutable subject is different than the login used by the user to authenticate
	PreferredUsername string `json:"preferred_username"`
	// Email is the end-User's preferred e-mail address. Optional.
	Email string `json:"email"`
}

RemoteUserData holds user data returned from a remote basic-auth protected endpoint. These field names can not be changed unless external integrators are also updated. Names are based on standard OpenID Connect claims: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims