Documentation
¶
Index ¶
- type AuthnRequest
- type Claims
- type Issuer
- type OIDCConfig
- type OIDCDiscovery
- type OIDCProvider
- func (p *OIDCProvider) ExchangeCode(ctx context.Context, code string) (*Tokens, error)
- func (p *OIDCProvider) GetAuthURL(state string) string
- func (p *OIDCProvider) GetUserInfo(ctx context.Context, accessToken string) (*UserInfo, error)
- func (p *OIDCProvider) ValidateToken(ctx context.Context, idToken string) (*Claims, error)
- type Provider
- type ProviderRegistry
- type SAMLAssertion
- type SAMLAttribute
- type SAMLAttributeStatement
- type SAMLConditions
- type SAMLConfig
- type SAMLNameID
- type SAMLProvider
- func (p *SAMLProvider) ExchangeCode(ctx context.Context, code string) (*Tokens, error)
- func (p *SAMLProvider) GetAuthURL(state string) string
- func (p *SAMLProvider) GetUserInfo(ctx context.Context, accessToken string) (*UserInfo, error)
- func (p *SAMLProvider) ParseResponse(ctx context.Context, samlResponse string) (*UserInfo, error)
- func (p *SAMLProvider) SAMLHandler(onSuccess func(http.ResponseWriter, *http.Request, *UserInfo)) http.HandlerFunc
- func (p *SAMLProvider) ValidateToken(ctx context.Context, idToken string) (*Claims, error)
- type SAMLResponse
- type SAMLStatus
- type SAMLStatusCode
- type SAMLSubject
- type SCIMEmail
- type SCIMError
- type SCIMHandler
- type SCIMListResponse
- type SCIMMeta
- type SCIMName
- type SCIMUser
- type Tokens
- type UserInfo
- type UserStore
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthnRequest ¶
type AuthnRequest struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol AuthnRequest"`
ID string `xml:",attr"`
Version string `xml:",attr"`
IssueInstant string `xml:",attr"`
Destination string `xml:",attr"`
AssertionConsumerServiceURL string `xml:",attr"`
ProtocolBinding string `xml:",attr"`
Issuer Issuer
}
AuthnRequest represents a SAML authentication request.
type Claims ¶
type Claims struct {
Subject string `json:"sub"`
Email string `json:"email"`
Name string `json:"name"`
Groups []string `json:"groups,omitempty"`
IssuedAt int64 `json:"iat"`
ExpiresAt int64 `json:"exp"`
Issuer string `json:"iss"`
Audience string `json:"aud"`
}
Claims represents validated token claims.
type Issuer ¶
type Issuer struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Issuer"`
Value string `xml:",chardata"`
}
Issuer is the SAML issuer element.
type OIDCConfig ¶
type OIDCConfig struct {
// ProviderURL is the OIDC provider URL (e.g., https://accounts.google.com).
ProviderURL string
// ClientID is the OAuth client ID.
ClientID string
// ClientSecret is the OAuth client secret.
ClientSecret string
// RedirectURL is the callback URL.
RedirectURL string
// Scopes are the requested OAuth scopes.
Scopes []string
}
OIDCConfig configures an OIDC provider.
type OIDCDiscovery ¶
type OIDCDiscovery struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
JwksURI string `json:"jwks_uri"`
ScopesSupported []string `json:"scopes_supported"`
}
OIDCDiscovery contains discovered OIDC endpoints.
type OIDCProvider ¶
type OIDCProvider struct {
// contains filtered or unexported fields
}
OIDCProvider implements OIDC authentication.
func NewOIDCProvider ¶
func NewOIDCProvider(ctx context.Context, cfg OIDCConfig) (*OIDCProvider, error)
NewOIDCProvider creates a new OIDC provider.
func (*OIDCProvider) ExchangeCode ¶
ExchangeCode exchanges an authorization code for tokens.
func (*OIDCProvider) GetAuthURL ¶
func (p *OIDCProvider) GetAuthURL(state string) string
GetAuthURL returns the authorization URL for OIDC login.
func (*OIDCProvider) GetUserInfo ¶
GetUserInfo retrieves user information from the OIDC provider.
func (*OIDCProvider) ValidateToken ¶
ValidateToken validates an ID token (simplified - production would verify JWT signature).
type Provider ¶
type Provider interface {
// GetAuthURL returns the URL to redirect users to for authentication.
GetAuthURL(state string) string
// ExchangeCode exchanges an authorization code for tokens.
ExchangeCode(ctx context.Context, code string) (*Tokens, error)
// GetUserInfo retrieves user information using the access token.
GetUserInfo(ctx context.Context, accessToken string) (*UserInfo, error)
// ValidateToken validates an ID token and returns claims.
ValidateToken(ctx context.Context, idToken string) (*Claims, error)
}
Provider represents an SSO identity provider.
type ProviderRegistry ¶
type ProviderRegistry struct {
// contains filtered or unexported fields
}
ProviderRegistry manages multiple SSO providers per tenant.
func NewProviderRegistry ¶
func NewProviderRegistry() *ProviderRegistry
NewProviderRegistry creates a new provider registry.
func (*ProviderRegistry) Get ¶
func (r *ProviderRegistry) Get(tenantID string) (Provider, bool)
Get retrieves the provider for a tenant.
func (*ProviderRegistry) Register ¶
func (r *ProviderRegistry) Register(tenantID string, provider Provider)
Register registers a provider for a tenant.
type SAMLAssertion ¶
type SAMLAssertion struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Assertion"`
Subject SAMLSubject
Conditions SAMLConditions
AttributeStatement SAMLAttributeStatement
}
SAMLAssertion contains the assertion data.
type SAMLAttribute ¶
SAMLAttribute is a single attribute.
type SAMLAttributeStatement ¶
type SAMLAttributeStatement struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion AttributeStatement"`
Attributes []SAMLAttribute `xml:"Attribute"`
}
SAMLAttributeStatement contains user attributes.
type SAMLConditions ¶
type SAMLConditions struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Conditions"`
NotBefore string `xml:"NotBefore,attr"`
NotOnOrAfter string `xml:"NotOnOrAfter,attr"`
}
SAMLConditions contains validity conditions.
type SAMLConfig ¶
type SAMLConfig struct {
// EntityID is the service provider entity ID.
EntityID string
// MetadataURL is the IDP metadata URL.
MetadataURL string
// SSOURL is the SSO endpoint (from IDP metadata).
SSOURL string
// SLOUrl is the single logout endpoint (optional).
SLOURL string
// Certificate is the IDP's X.509 certificate for signature verification.
Certificate *x509.Certificate
// PrivateKey is the SP's private key for signing requests (optional).
PrivateKey *rsa.PrivateKey
// AssertionConsumerServiceURL is where SAML responses are posted.
AssertionConsumerServiceURL string
}
SAMLConfig configures a SAML 2.0 identity provider.
type SAMLNameID ¶
type SAMLNameID struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion NameID"`
Format string `xml:",attr"`
Value string `xml:",chardata"`
}
SAMLNameID is the name identifier.
type SAMLProvider ¶
type SAMLProvider struct {
// contains filtered or unexported fields
}
SAMLProvider implements SAML 2.0 authentication.
func NewSAMLProvider ¶
func NewSAMLProvider(cfg SAMLConfig) *SAMLProvider
NewSAMLProvider creates a new SAML provider.
func (*SAMLProvider) ExchangeCode ¶
ExchangeCode is not used for SAML (implements Provider interface).
func (*SAMLProvider) GetAuthURL ¶
func (p *SAMLProvider) GetAuthURL(state string) string
GetAuthURL returns the SAML SSO URL with the AuthnRequest.
func (*SAMLProvider) GetUserInfo ¶
GetUserInfo is not directly applicable for SAML.
func (*SAMLProvider) ParseResponse ¶
ParseResponse parses and validates a SAML response.
func (*SAMLProvider) SAMLHandler ¶
func (p *SAMLProvider) SAMLHandler(onSuccess func(http.ResponseWriter, *http.Request, *UserInfo)) http.HandlerFunc
SAMLHandler returns an HTTP handler for the SAML ACS endpoint.
func (*SAMLProvider) ValidateToken ¶
ValidateToken is not applicable for SAML.
type SAMLResponse ¶
type SAMLResponse struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Response"`
ID string `xml:",attr"`
Status SAMLStatus
Assertion SAMLAssertion
}
SAMLResponse represents a SAML response (simplified).
type SAMLStatus ¶
type SAMLStatus struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol Status"`
StatusCode SAMLStatusCode
}
SAMLStatus is the SAML status element.
type SAMLStatusCode ¶
type SAMLStatusCode struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:protocol StatusCode"`
Value string `xml:",attr"`
}
SAMLStatusCode is the status code.
type SAMLSubject ¶
type SAMLSubject struct {
XMLName xml.Name `xml:"urn:oasis:names:tc:SAML:2.0:assertion Subject"`
NameID SAMLNameID
}
SAMLSubject contains subject information.
type SCIMEmail ¶
type SCIMEmail struct {
Value string `json:"value"`
Type string `json:"type,omitempty"`
Primary bool `json:"primary,omitempty"`
}
SCIMEmail represents a user's email.
type SCIMError ¶
type SCIMError struct {
Schemas []string `json:"schemas"`
Status string `json:"status"`
Detail string `json:"detail,omitempty"`
ScimType string `json:"scimType,omitempty"`
}
SCIMError represents a SCIM error response.
type SCIMHandler ¶
type SCIMHandler struct {
// contains filtered or unexported fields
}
SCIMHandler handles SCIM 2.0 requests.
func NewSCIMHandler ¶
func NewSCIMHandler(store UserStore) *SCIMHandler
NewSCIMHandler creates a new SCIM handler.
func (*SCIMHandler) ServeHTTP ¶
func (h *SCIMHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler.
type SCIMListResponse ¶
type SCIMListResponse struct {
Schemas []string `json:"schemas"`
TotalResults int `json:"totalResults"`
StartIndex int `json:"startIndex"`
ItemsPerPage int `json:"itemsPerPage"`
Resources []interface{} `json:"Resources"`
}
SCIMListResponse represents a list of SCIM resources.
type SCIMMeta ¶
type SCIMMeta struct {
ResourceType string `json:"resourceType"`
Created string `json:"created,omitempty"`
LastModified string `json:"lastModified,omitempty"`
Location string `json:"location,omitempty"`
Version string `json:"version,omitempty"`
}
SCIMMeta contains resource metadata.
type SCIMName ¶
type SCIMName struct {
Formatted string `json:"formatted,omitempty"`
FamilyName string `json:"familyName,omitempty"`
GivenName string `json:"givenName,omitempty"`
}
SCIMName represents a user's name.
type SCIMUser ¶
type SCIMUser struct {
Schemas []string `json:"schemas"`
ID string `json:"id,omitempty"`
ExternalID string `json:"externalId,omitempty"`
UserName string `json:"userName"`
Active bool `json:"active"`
Name SCIMName `json:"name,omitempty"`
Emails []SCIMEmail `json:"emails,omitempty"`
Meta SCIMMeta `json:"meta,omitempty"`
}
SCIMUser represents a SCIM 2.0 user resource.
type Tokens ¶
type Tokens struct {
AccessToken string `json:"access_token"`
IDToken string `json:"id_token,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
ExpiresAt time.Time `json:"-"`
}
Tokens represents OAuth/OIDC tokens.
type UserInfo ¶
type UserInfo struct {
ID string `json:"id"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Name string `json:"name"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
Picture string `json:"picture"`
Locale string `json:"locale"`
Groups []string `json:"groups,omitempty"`
}
UserInfo represents user information from the identity provider.
type UserStore ¶
type UserStore interface {
CreateUser(ctx context.Context, user *SCIMUser) (*SCIMUser, error)
GetUser(ctx context.Context, id string) (*SCIMUser, error)
UpdateUser(ctx context.Context, id string, user *SCIMUser) (*SCIMUser, error)
DeleteUser(ctx context.Context, id string) error
ListUsers(ctx context.Context, startIndex, count int) ([]*SCIMUser, int, error)
}
UserStore is the interface for managing users via SCIM.
Source Files
Click to show internal directories.
Click to hide internal directories.