oktaauth

package

v0.0.0-...-87f5de6 Latest Latest Go to latest Published: Jul 7, 2020 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/theparanoids/ashirt

Documentation ¶

Index ¶

type Exchange
type OktaAuth
- func New(clientID, clientSecret, issuer, backendPath, successRedirectPath, ... string, ...) OktaAuth
- func NewFromConfig(cfg config.AuthInstanceConfig, canAccessService func(map[string]string) bool) OktaAuth

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Exchange ¶

type Exchange struct {
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
	AccessToken      string `json:"access_token,omitempty"`
	TokenType        string `json:"token_type,omitempty"`
	ExpiresIn        int    `json:"expires_in,omitempty"`
	Scope            string `json:"scope,omitempty"`
	IDToken          string `json:"id_token,omitempty"`
	WrappedError     error
}

Exchange has been copied from https://github.com/okta/samples-golang/tree/develop/okta-hosted-login

type OktaAuth ¶

type OktaAuth struct {
	// contains filtered or unexported fields
}

OktaAuth provides okta-based authentication via the OAuth2.0 Authorization flow.

func New ¶

func New(clientID, clientSecret, issuer, backendPath, successRedirectPath, failureRedirectPathPrefix, profileToShortnameField string, canAccessService func(map[string]string) bool) OktaAuth

New generates a new OktaAuth instance. OktaAuth requires a fair bit of configuration. These are the fields and their meanings:

clientID: The Okta-generated client id for an application

clientSecret:The Okta-generated client secret for an application

issuer: The okta protocol, domain, and root path for okta verification.

backendAbsolutePath: The protocol, domain, and root path for the backend (e.g. "http://localhost:3000/web")

successRedirectPath: The absolute path on where to redirect the user when auth is successful

failureRedirectPath: The absolute path on where to redirect the user when auth fails

canAccessService: A function that evaluates an okta profile (map[string]string) to determine if a user has access to this application. If the user should have access to this service, then return true. Otherwise, return false.

func NewFromConfig ¶

func NewFromConfig(cfg config.AuthInstanceConfig, canAccessService func(map[string]string) bool) OktaAuth

func (OktaAuth) BindRoutes ¶

func (okta OktaAuth) BindRoutes(r *mux.Router, bridge authschemes.AShirtAuthBridge)

BindRoutes implements two routes to complete the okta login/ashirt registration process. /login kicks off the process, redirecting the user to okta to login. Once successful, okta will contact /callback to complete the process. In addition to normal auth verification, /callback also checks that a user is allowed to access this service (via the canAccessService function provided via oktaauth.New) and will generate a new ashirt user if that user doesn't already exist.

func (OktaAuth) FriendlyName ¶

func (OktaAuth) FriendlyName() string

FriendlyName returns "Okta OIDC"

func (OktaAuth) Name ¶

func (OktaAuth) Name() string

Name returns back "okta"

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL