oidc

package

v1.8.6 Latest Latest Go to latest Published: Nov 15, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sdbrett/harbor

Links

Open Source Insights

Documentation ¶

Index ¶

func AuthCodeURL(state string) (string, error)
func SetHardcodeVerifierForTest(s string)
func VerifyAndPersistToken(ctx context.Context, user *models.OIDCUser) error
func VerifySecret(ctx context.Context, userID int, secret string) error
func VerifyToken(ctx context.Context, rawIDToken string) (*gooidc.IDToken, error)
type SecretManager
type SecretVerifyError
- func (se *SecretVerifyError) Error() string
type Token
- func ExchangeToken(ctx context.Context, code string) (*Token, error)
- func RefreshToken(ctx context.Context, token *Token) (*Token, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AuthCodeURL ¶

func AuthCodeURL(state string) (string, error)

AuthCodeURL returns the URL for OIDC provider's consent page. The state should be verified when user is redirected back to Harbor.

func SetHardcodeVerifierForTest ¶

func SetHardcodeVerifierForTest(s string)

SetHardcodeVerifierForTest overwrite the default secret manager for testing. Be reminded this is for testing only.

func VerifyAndPersistToken ¶

func VerifyAndPersistToken(ctx context.Context, user *models.OIDCUser) error

VerifyAndPersistToken calls the manager to verify token and persist it if it's refreshed.

func VerifySecret ¶

func VerifySecret(ctx context.Context, userID int, secret string) error

VerifySecret calls the manager to verify the secret.

func VerifyToken ¶

func VerifyToken(ctx context.Context, rawIDToken string) (*gooidc.IDToken, error)

VerifyToken verifies the ID token based on the OIDC settings

Types ¶

type SecretManager ¶

type SecretManager interface {
	// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
	// refreshed during the verification
	VerifySecret(ctx context.Context, userID int, secret string) error
	// VerifyToken verifies the token in the model from parm,
	// and refreshes the token in the DB if it's refreshed during the verification.
	VerifyToken(ctx context.Context, user *models.OIDCUser) error
}

SecretManager is the interface for store and verify the secret

type SecretVerifyError ¶

type SecretVerifyError struct {
	// contains filtered or unexported fields
}

SecretVerifyError wraps the different errors happened when verifying a secret for OIDC user. When seeing this error, the caller should consider this an authentication error.

func (*SecretVerifyError) Error ¶

func (se *SecretVerifyError) Error() string

type Token ¶

type Token struct {
	oauth2.Token
	IDToken string `json:"id_token"`
}

Token wraps the attributes of a oauth2 token plus the attribute of ID token

func ExchangeToken ¶

func ExchangeToken(ctx context.Context, code string) (*Token, error)

ExchangeToken get the token from token provider via the code

func RefreshToken ¶

func RefreshToken(ctx context.Context, token *Token) (*Token, error)

RefreshToken refreshes the token passed in parameter, and return the new token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL