oidc

package

v1.3.0 Latest Latest Go to latest Published: Mar 24, 2023 License: AGPL-3.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/traefik/hub-agent-kubernetes

Documentation ¶

Index ¶

type AuthSession
type AuthStateCookie
type Config
- func (cfg *Config) ApplyDefaultValues()
- func (cfg *Config) Validate() error
type CookieSessionStore
- func NewCookieSessionStore(name string, block cipher.Block, cfg *AuthSession, rand Randr, maxSize int) *CookieSessionStore
type Handler
- func NewHandler(ctx context.Context, cfg *Config, name string) (*Handler, error)
- func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request)
type IDTokenVerifier
type OAuthProvider
type Randr
type SecretReference
type SessionData
- func (d SessionData) IsExpired() bool
- func (d SessionData) ToToken() *oauth2.Token
type SessionStore
type StateData

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthSession ¶

type AuthSession struct {
	Path     string `json:"path,omitempty"`
	Domain   string `json:"domain,omitempty"`
	SameSite string `json:"sameSite,omitempty"`
	Secure   bool   `json:"secure,omitempty"`
	Refresh  *bool  `json:"refresh,omitempty"`
}

AuthSession carries session and session cookie configuration.

type AuthStateCookie ¶

type AuthStateCookie struct {
	Path     string `json:"path,omitempty"`
	Domain   string `json:"domain,omitempty"`
	SameSite string `json:"sameSite,omitempty"`
	Secure   bool   `json:"secure,omitempty"`
}

AuthStateCookie carries the state cookie configuration.

type Config ¶

type Config struct {
	Issuer       string           `json:"issuer,omitempty"`
	ClientID     string           `json:"clientId,omitempty"`
	ClientSecret string           `json:"-"`
	Secret       *SecretReference `json:"secret,omitempty"`

	RedirectURL string            `json:"redirectUrl,omitempty"`
	LogoutURL   string            `json:"logoutUrl,omitempty"`
	Scopes      []string          `json:"scopes,omitempty"`
	AuthParams  map[string]string `json:"authParams,omitempty"`
	StateCookie *AuthStateCookie  `json:"stateCookie,omitempty"`
	Session     *AuthSession      `json:"session,omitempty"`
	SessionKey  string            `json:"-"`

	// ForwardHeaders defines headers that should be added to the request and populated with values extracted from the ID token.
	ForwardHeaders map[string]string `json:"forwardHeaders,omitempty"`
	// Claims defines an expression to perform validation on the ID token. For example:
	//     Equals(`grp`, `admin`) && Equals(`scope`, `deploy`)
	Claims string `json:"claims,omitempty"`
}

Config holds the configuration for the OIDC middleware.

func (*Config) ApplyDefaultValues ¶

func (cfg *Config) ApplyDefaultValues()

ApplyDefaultValues applies default values on the given dynamic configuration.

func (*Config) Validate ¶

func (cfg *Config) Validate() error

Validate validates configuration.

type CookieSessionStore ¶

type CookieSessionStore struct {
	// contains filtered or unexported fields
}

CookieSessionStore stores and retrieve session information in given request cookies.

func NewCookieSessionStore ¶

func NewCookieSessionStore(name string, block cipher.Block, cfg *AuthSession, rand Randr, maxSize int) *CookieSessionStore

NewCookieSessionStore creates a cookie session store.

func (*CookieSessionStore) Create ¶

func (s *CookieSessionStore) Create(w http.ResponseWriter, data SessionData) error

Create stores the session data into the request cookies.

func (*CookieSessionStore) Delete ¶

func (s *CookieSessionStore) Delete(w http.ResponseWriter, r *http.Request) error

Delete sets the cookie on the HTTP response to be expired, effectively logging out its owner.

func (*CookieSessionStore) Get ¶

func (s *CookieSessionStore) Get(r *http.Request) (*SessionData, error)

Get retrieves the session from the request cookies.

func (*CookieSessionStore) RemoveCookie ¶

func (s *CookieSessionStore) RemoveCookie(rw http.ResponseWriter, r *http.Request)

RemoveCookie removes the session cookie from the request.

func (*CookieSessionStore) Update ¶

func (s *CookieSessionStore) Update(w http.ResponseWriter, _ *http.Request, data SessionData) error

Update is the same as Create and only exists to satisfy the SessionStore interface.

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler performs OIDC authentication and authorisation on incoming requests.

func NewHandler ¶

func NewHandler(ctx context.Context, cfg *Config, name string) (*Handler, error)

NewHandler creates a new instance of a Handler from an auth source.

func (*Handler) ServeHTTP ¶

func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request)

ServeHTTP handles an incoming http request.

type IDTokenVerifier ¶

type IDTokenVerifier interface {
	Verify(context.Context, string) (*oidc.IDToken, error)
}

IDTokenVerifier represents a type that can verify an ID token.

type OAuthProvider ¶

type OAuthProvider interface {
	AuthCodeURL(string, ...oauth2.AuthCodeOption) string
	Exchange(context.Context, string, ...oauth2.AuthCodeOption) (*oauth2.Token, error)
	TokenSource(ctx context.Context, t *oauth2.Token) oauth2.TokenSource
}

OAuthProvider represents a structure that can interface with an OAuth provider.

type Randr ¶

type Randr interface {
	Bytes(int) []byte
}

Randr represents an object that can return random bytes.

type SecretReference ¶

type SecretReference struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace.

type SessionData ¶

type SessionData struct {
	AccessToken  string `json:"accessToken"`
	TokenType    string `json:"tokenType"`
	RefreshToken string `json:"refreshToken"`
	IDToken      string `json:"idToken"`

	// Expiry is the expiration time of the access token.
	Expiry time.Time `json:"expiry"`
}

SessionData is the state of the session.

func (SessionData) IsExpired ¶

func (d SessionData) IsExpired() bool

IsExpired determines if the current access token is expired.

func (SessionData) ToToken ¶

func (d SessionData) ToToken() *oauth2.Token

ToToken returns an OAuth2 Token from the session data.

type SessionStore ¶

type SessionStore interface {
	Create(http.ResponseWriter, SessionData) error
	Update(http.ResponseWriter, *http.Request, SessionData) error
	Delete(http.ResponseWriter, *http.Request) error
	Get(*http.Request) (*SessionData, error)
	RemoveCookie(http.ResponseWriter, *http.Request)
}

SessionStore represents a type that can manage a session for a given request.

type StateData ¶

type StateData struct {
	// RedirectID is used to prevent CSRF and XSRF attacks.
	RedirectID string `json:"redirectId"`
	// Nonce is used to mitigate replay attacks.
	Nonce string `json:"nonce"`
	// OriginURL is the actual resource initially requested by the client.
	OriginURL string `json:"originUrl"`
	// CodeVerifier is used to generate code challenges when using PKCE.
	// It is only set when using PKCE.
	CodeVerifier string `json:"codeVerifier"`
}

StateData is the initial data captured at redirect time. See https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL