tclogin

package
Version: v19.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 7, 2019 License: MPL-2.0 Imports: 2 Imported by: 0

Documentation

Overview

The Login service serves as the interface between external authentication systems and Taskcluster credentials.

See:

How to use this package

First create a Login object:

login := tclogin.New(nil)

and then call one or more of login's methods, e.g.:

err := login.Ping(.....)

handling any errors...

if err != nil {
	// handle error...
}

Taskcluster Schema

The source code of this go package was auto-generated from the API definition at <rootUrl>/references/login/v1/api.json together with the input and output schemas it references,

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CredentialsResponse

type CredentialsResponse struct {

	// Taskcluster credentials. Note that the credentials may not contain a certificate!
	Credentials TaskclusterCredentials `json:"credentials"`

	// Time after which the credentials are no longer valid.  Callers should
	// call `oidcCredentials` again to get fresh credentials before this time.
	Expires tcclient.Time `json:"expires"`
}

A response containing credentials corresponding to a supplied OIDC `access_token`.

type Login

type Login tcclient.Client

func New

func New(credentials *tcclient.Credentials, rootURL string) *Login

New returns a Login client, configured to run against production. Pass in nil credentials to create a client without authentication. The returned client is mutable, so returned settings can be altered.

login := tclogin.New(
    nil,                                      // client without authentication
    "http://localhost:1234/my/taskcluster",   // taskcluster hosted at this root URL on local machine
)
err := login.Ping(.....)                      // for example, call the Ping(.....) API endpoint (described further down)...
if err != nil {
	// handle errors...
}

func NewFromEnv

func NewFromEnv() *Login

NewFromEnv returns a *Login configured from environment variables.

The root URL is taken from TASKCLUSTER_PROXY_URL if set to a non-empty string, otherwise from TASKCLUSTER_ROOT_URL if set, otherwise the empty string.

The credentials are taken from environment variables:

TASKCLUSTER_CLIENT_ID
TASKCLUSTER_ACCESS_TOKEN
TASKCLUSTER_CERTIFICATE

If TASKCLUSTER_CLIENT_ID is empty/unset, authentication will be disabled.

func (*Login) OidcCredentials

func (login *Login) OidcCredentials(provider string) (*CredentialsResponse, error)

Stability: *** EXPERIMENTAL ***

Given an OIDC `access_token` from a trusted OpenID provider, return a set of Taskcluster credentials for use on behalf of the identified user.

This method is typically not called with a Taskcluster client library and does not accept Hawk credentials. The `access_token` should be given in an `Authorization` header: “` Authorization: Bearer abc.xyz “`

The `access_token` is first verified against the named :provider, then passed to the provider's APIBuilder to retrieve a user profile. That profile is then used to generate Taskcluster credentials appropriate to the user. Note that the resulting credentials may or may not include a `certificate` property. Callers should be prepared for either alternative.

The given credentials will expire in a relatively short time. Callers should monitor this expiration and refresh the credentials if necessary, by calling this endpoint again, if they have expired.

See #oidcCredentials

func (*Login) Ping

func (login *Login) Ping() error

Respond without doing anything. This endpoint is used to check that the service is up.

See #ping

type TaskclusterCredentials

type TaskclusterCredentials struct {

	// Syntax:     ^[a-zA-Z0-9_-]{22,66}$
	AccessToken string `json:"accessToken"`

	Certificate string `json:"certificate,omitempty"`

	// Syntax:     ^[A-Za-z0-9!@/:.+|_-]+$
	ClientID string `json:"clientId"`
}

Taskcluster credentials. Note that the credentials may not contain a certificate!

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL