Documentation ¶
Index ¶
- type AuthSession
- type AuthStateCookie
- type Config
- type CookieSessionStore
- func (s *CookieSessionStore) Create(w http.ResponseWriter, data SessionData) error
- func (s *CookieSessionStore) Delete(w http.ResponseWriter, r *http.Request) error
- func (s *CookieSessionStore) Get(r *http.Request) (*SessionData, error)
- func (s *CookieSessionStore) RemoveCookie(rw http.ResponseWriter, r *http.Request)
- func (s *CookieSessionStore) Update(w http.ResponseWriter, _ *http.Request, data SessionData) error
- type Handler
- type IDTokenVerifier
- type OAuthProvider
- type Randr
- type SecretReference
- type SessionData
- type SessionStore
- type StateData
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthSession ¶
type AuthSession struct { Path string `json:"path,omitempty"` Domain string `json:"domain,omitempty"` SameSite string `json:"sameSite,omitempty"` Secure bool `json:"secure,omitempty"` Refresh *bool `json:"refresh,omitempty"` }
AuthSession carries session and session cookie configuration.
type AuthStateCookie ¶
type AuthStateCookie struct { Path string `json:"path,omitempty"` Domain string `json:"domain,omitempty"` SameSite string `json:"sameSite,omitempty"` Secure bool `json:"secure,omitempty"` }
AuthStateCookie carries the state cookie configuration.
type Config ¶
type Config struct { Issuer string `json:"issuer,omitempty"` ClientID string `json:"clientId,omitempty"` ClientSecret string `json:"-"` Secret *SecretReference `json:"secret,omitempty"` RedirectURL string `json:"redirectUrl,omitempty"` LogoutURL string `json:"logoutUrl,omitempty"` Scopes []string `json:"scopes,omitempty"` AuthParams map[string]string `json:"authParams,omitempty"` StateCookie *AuthStateCookie `json:"stateCookie,omitempty"` Session *AuthSession `json:"session,omitempty"` SessionKey string `json:"-"` // ForwardHeaders defines headers that should be added to the request and populated with values extracted from the ID token. ForwardHeaders map[string]string `json:"forwardHeaders,omitempty"` // Claims defines an expression to perform validation on the ID token. For example: // Equals(`grp`, `admin`) && Equals(`scope`, `deploy`) Claims string `json:"claims,omitempty"` }
Config holds the configuration for the OIDC middleware.
func (*Config) ApplyDefaultValues ¶
func (cfg *Config) ApplyDefaultValues()
ApplyDefaultValues applies default values on the given dynamic configuration.
type CookieSessionStore ¶
type CookieSessionStore struct {
// contains filtered or unexported fields
}
CookieSessionStore stores and retrieve session information in given request cookies.
func NewCookieSessionStore ¶
func NewCookieSessionStore(name string, block cipher.Block, cfg *AuthSession, rand Randr, maxSize int) *CookieSessionStore
NewCookieSessionStore creates a cookie session store.
func (*CookieSessionStore) Create ¶
func (s *CookieSessionStore) Create(w http.ResponseWriter, data SessionData) error
Create stores the session data into the request cookies.
func (*CookieSessionStore) Delete ¶
func (s *CookieSessionStore) Delete(w http.ResponseWriter, r *http.Request) error
Delete sets the cookie on the HTTP response to be expired, effectively logging out its owner.
func (*CookieSessionStore) Get ¶
func (s *CookieSessionStore) Get(r *http.Request) (*SessionData, error)
Get retrieves the session from the request cookies.
func (*CookieSessionStore) RemoveCookie ¶
func (s *CookieSessionStore) RemoveCookie(rw http.ResponseWriter, r *http.Request)
RemoveCookie removes the session cookie from the request.
func (*CookieSessionStore) Update ¶
func (s *CookieSessionStore) Update(w http.ResponseWriter, _ *http.Request, data SessionData) error
Update is the same as Create and only exists to satisfy the SessionStore interface.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler performs OIDC authentication and authorisation on incoming requests.
func NewHandler ¶
NewHandler creates a new instance of a Handler from an auth source.
type IDTokenVerifier ¶
IDTokenVerifier represents a type that can verify an ID token.
type OAuthProvider ¶
type OAuthProvider interface { AuthCodeURL(string, ...oauth2.AuthCodeOption) string Exchange(context.Context, string, ...oauth2.AuthCodeOption) (*oauth2.Token, error) TokenSource(ctx context.Context, t *oauth2.Token) oauth2.TokenSource }
OAuthProvider represents a structure that can interface with an OAuth provider.
type SecretReference ¶
SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace.
type SessionData ¶
type SessionData struct { AccessToken string `json:"accessToken"` TokenType string `json:"tokenType"` RefreshToken string `json:"refreshToken"` IDToken string `json:"idToken"` // Expiry is the expiration time of the access token. Expiry time.Time `json:"expiry"` }
SessionData is the state of the session.
func (SessionData) IsExpired ¶
func (d SessionData) IsExpired() bool
IsExpired determines if the current access token is expired.
func (SessionData) ToToken ¶
func (d SessionData) ToToken() *oauth2.Token
ToToken returns an OAuth2 Token from the session data.
type SessionStore ¶
type SessionStore interface { Create(http.ResponseWriter, SessionData) error Update(http.ResponseWriter, *http.Request, SessionData) error Delete(http.ResponseWriter, *http.Request) error Get(*http.Request) (*SessionData, error) RemoveCookie(http.ResponseWriter, *http.Request) }
SessionStore represents a type that can manage a session for a given request.
type StateData ¶
type StateData struct { // RedirectID is used to prevent CSRF and XSRF attacks. RedirectID string `json:"redirectId"` // Nonce is used to mitigate replay attacks. Nonce string `json:"nonce"` // OriginURL is the actual resource initially requested by the client. OriginURL string `json:"originUrl"` // CodeVerifier is used to generate code challenges when using PKCE. // It is only set when using PKCE. CodeVerifier string `json:"codeVerifier"` }
StateData is the initial data captured at redirect time. See https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest