oauth

package
v1.0.47 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 26, 2024 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	Name              string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
	Realm             string `json:"realm,omitempty" xml:"realm,omitempty" yaml:"realm,omitempty"`
	Driver            string `json:"driver,omitempty" xml:"driver,omitempty" yaml:"driver,omitempty"`
	DomainName        string `json:"domain_name,omitempty" xml:"domain_name,omitempty" yaml:"domain_name,omitempty"`
	ClientID          string `json:"client_id,omitempty" xml:"client_id,omitempty" yaml:"client_id,omitempty"`
	ClientSecret      string `json:"client_secret,omitempty" xml:"client_secret,omitempty" yaml:"client_secret,omitempty"`
	ServerID          string `json:"server_id,omitempty" xml:"server_id,omitempty" yaml:"server_id,omitempty"`
	ServerName        string `json:"server_name,omitempty" xml:"server_name,omitempty" yaml:"server_name,omitempty"`
	AppSecret         string `json:"app_secret,omitempty" xml:"app_secret,omitempty" yaml:"app_secret,omitempty"`
	TenantID          string `json:"tenant_id,omitempty" xml:"tenant_id,omitempty" yaml:"tenant_id,omitempty"`
	IdentityTokenName string `json:"identity_token_name,omitempty" xml:"identity_token_name,omitempty" yaml:"identity_token_name,omitempty"`

	// AWS Cognito User Pool ID
	UserPoolID string `json:"user_pool_id,omitempty" xml:"user_pool_id,omitempty" yaml:"user_pool_id,omitempty"`
	// AWS Region
	Region string `json:"region,omitempty" xml:"region,omitempty" yaml:"region,omitempty"`

	Scopes []string `json:"scopes,omitempty" xml:"scopes,omitempty" yaml:"scopes,omitempty"`

	// The number if seconds to wait before getting key material
	// from an OAuth 2.0 identity provider.
	DelayStart int `json:"delay_start,omitempty" xml:"delay_start,omitempty" yaml:"delay_start,omitempty"`
	// The number of the retry attempts getting key material
	// from an OAuth 2.0 identity provider.
	RetryAttempts int `json:"retry_attempts,omitempty" xml:"retry_attempts,omitempty" yaml:"retry_attempts,omitempty"`
	// The number of seconds to wait until the retrying.
	RetryInterval int `json:"retry_interval,omitempty" xml:"retry_interval,omitempty" yaml:"retry_interval,omitempty"`

	UserRoleMapList []map[string]interface{} `json:"user_roles,omitempty" xml:"user_roles,omitempty" yaml:"user_roles,omitempty"`

	// The URL to OAuth 2.0 Custom Authorization Server.
	BaseAuthURL string `json:"base_auth_url,omitempty" xml:"base_auth_url,omitempty" yaml:"base_auth_url,omitempty"`

	// The URL to OAuth 2.0 metadata related to your Custom Authorization Server.
	MetadataURL string `json:"metadata_url,omitempty" xml:"metadata_url,omitempty" yaml:"metadata_url,omitempty"`

	// The regex filters for user groups extracted via IdP API.
	UserGroupFilters []string `json:"user_group_filters,omitempty" xml:"user_group_filters,omitempty" yaml:"user_group_filters,omitempty"`
	// The regex filters for user orgs extracted via IdP API.
	UserOrgFilters []string `json:"user_org_filters,omitempty" xml:"user_org_filters,omitempty" yaml:"user_org_filters,omitempty"`

	// Disables metadata discovery via public metadata URL.
	MetadataDiscoveryDisabled bool `` /* 133-byte string literal not displayed */

	KeyVerificationDisabled bool `` /* 127-byte string literal not displayed */
	PassGrantTypeDisabled   bool `json:"pass_grant_type_disabled,omitempty" xml:"pass_grant_type_disabled,omitempty" yaml:"pass_grant_type_disabled,omitempty"`
	ResponseTypeDisabled    bool `json:"response_type_disabled,omitempty" xml:"response_type_disabled,omitempty" yaml:"response_type_disabled,omitempty"`
	NonceDisabled           bool `json:"nonce_disabled,omitempty" xml:"nonce_disabled,omitempty" yaml:"nonce_disabled,omitempty"`
	ScopeDisabled           bool `json:"scope_disabled,omitempty" xml:"scope_disabled,omitempty" yaml:"scope_disabled,omitempty"`

	AcceptHeaderEnabled bool `json:"accept_header_enabled,omitempty" xml:"accept_header_enabled,omitempty" yaml:"accept_header_enabled,omitempty"`

	JsCallbackEnabled bool `json:"js_callback_enabled,omitempty" xml:"js_callback_enabled,omitempty" yaml:"js_callback_enabled,omitempty"`

	// If enabled, portal redirects to identity provider logout URL. This would end the session with the provider.
	LogoutEnabled bool `json:"logout_enabled,omitempty" xml:"logout_enabled,omitempty" yaml:"logout_enabled,omitempty"`

	ResponseType []string `json:"response_type,omitempty" xml:"response_type,omitempty" yaml:"response_type,omitempty"`

	AuthorizationURL string `json:"authorization_url,omitempty" xml:"authorization_url,omitempty" yaml:"authorization_url,omitempty"`
	TokenURL         string `json:"token_url,omitempty" xml:"token_url,omitempty" yaml:"token_url,omitempty"`

	RequiredTokenFields []string `json:"required_token_fields,omitempty" xml:"required_token_fields,omitempty" yaml:"required_token_fields,omitempty"`

	TLSInsecureSkipVerify bool `json:"tls_insecure_skip_verify,omitempty" xml:"tls_insecure_skip_verify,omitempty" yaml:"tls_insecure_skip_verify,omitempty"`

	// The predefined public RSA based JWKS keys.
	JwksKeys map[string]string `json:"jwks_keys,omitempty" xml:"jwks_keys,omitempty" yaml:"jwks_keys,omitempty"`

	// Disables the check for the presence of email field in a token.
	EmailClaimCheckDisabled bool `` /* 130-byte string literal not displayed */

	// LoginIcon is the UI login icon attributes.
	LoginIcon *icons.LoginIcon `json:"login_icon,omitempty" xml:"login_icon,omitempty" yaml:"login_icon,omitempty"`

	UserInfoFields         []string `json:"user_info_fields,omitempty" xml:"user_info_fields,omitempty" yaml:"user_info_fields,omitempty"`
	UserInfoRolesFieldName string   `` /* 130-byte string literal not displayed */

	// The name of the cookie storing id_token from OAuth provider.
	IdentityTokenCookieName string `` /* 130-byte string literal not displayed */
	// Enables the storing of id_token from OAuth provider in a HTTP cookie.
	IdentityTokenCookieEnabled bool `` /* 139-byte string literal not displayed */
}

Config holds the configuration for the IdentityProvider.

func (*Config) Validate

func (cfg *Config) Validate() error

Validate validates identity store configuration.

type IdentityProvider

type IdentityProvider struct {
	// contains filtered or unexported fields
}

IdentityProvider represents OAuth-based identity provider.

func NewIdentityProvider

func NewIdentityProvider(cfg *Config, logger *zap.Logger) (*IdentityProvider, error)

NewIdentityProvider returns an instance of IdentityProvider.

func (*IdentityProvider) Authenticate

func (b *IdentityProvider) Authenticate(r *requests.Request) error

Authenticate performs authentication.

func (*IdentityProvider) Configure

func (b *IdentityProvider) Configure() error

Configure configures IdentityProvider.

func (*IdentityProvider) Configured

func (b *IdentityProvider) Configured() bool

Configured returns true if the identity provider was configured.

func (*IdentityProvider) GetConfig

func (b *IdentityProvider) GetConfig() map[string]interface{}

GetConfig returns IdentityProvider configuration.

func (*IdentityProvider) GetDriver

func (b *IdentityProvider) GetDriver() string

GetDriver returns the name of the driver associated with the provider.

func (*IdentityProvider) GetIdentityTokenCookieName

func (b *IdentityProvider) GetIdentityTokenCookieName() string

GetIdentityTokenCookieName returns the name of the identity token cookie associated with the provider.

func (*IdentityProvider) GetKind

func (b *IdentityProvider) GetKind() string

GetKind returns the authentication method associated with this identity provider.

func (*IdentityProvider) GetLoginIcon

func (b *IdentityProvider) GetLoginIcon() *icons.LoginIcon

GetLoginIcon returns the instance of the icon associated with the provider.

func (*IdentityProvider) GetLogoutURL

func (b *IdentityProvider) GetLogoutURL() string

GetLogoutURL returns the logout URL associated with the provider.

func (*IdentityProvider) GetName

func (b *IdentityProvider) GetName() string

GetName return the name associated with this identity provider.

func (*IdentityProvider) GetRealm

func (b *IdentityProvider) GetRealm() string

GetRealm return authentication realm.

func (*IdentityProvider) Request

func (b *IdentityProvider) Request(op operator.Type, r *requests.Request) error

Request performs the requested identity provider operation.

func (*IdentityProvider) ScopeExists

func (b *IdentityProvider) ScopeExists(scopes ...string) bool

ScopeExists returns true if any of the provided scopes exist.

type JwksKey

type JwksKey struct {
	Algorithm    string `json:"alg,omitempty" xml:"alg,omitempty" yaml:"alg,omitempty"`
	Exponent     string `json:"e,omitempty" xml:"e,omitempty" yaml:"e,omitempty"`
	KeyID        string `json:"kid,omitempty" xml:"kid,omitempty" yaml:"kid,omitempty"`
	KeyType      string `json:"kty,omitempty" xml:"kty,omitempty" yaml:"kty,omitempty"`
	Modulus      string `json:"n,omitempty" xml:"n,omitempty" yaml:"n,omitempty"`
	PublicKeyUse string `json:"use,omitempty" xml:"use,omitempty" yaml:"use,omitempty"`
	NotBefore    string `json:"nbf,omitempty" xml:"nbf,omitempty" yaml:"nbf,omitempty"`

	Curve  string `json:"crv,omitempty" xml:"crv,omitempty" yaml:"crv,omitempty"`
	CoordX string `json:"x,omitempty" xml:"x,omitempty" yaml:"x,omitempty"`
	CoordY string `json:"y,omitempty" xml:"y,omitempty" yaml:"y,omitempty"`

	SharedSecret string `json:"k,omitempty" xml:"k,omitempty" yaml:"k,omitempty"`
	// contains filtered or unexported fields
}

JwksKey is a JSON object that represents a cryptographic key. See https://tools.ietf.org/html/rfc7517#section-4, https://tools.ietf.org/html/rfc7518#section-6.3

func NewJwksKeyFromRSAPrivateKey

func NewJwksKeyFromRSAPrivateKey(privKey *rsa.PrivateKey) (*JwksKey, error)

NewJwksKeyFromRSAPrivateKey returns an instance of Jwks from RSA private key.

func NewJwksKeyFromRSAPublicKeyPEM

func NewJwksKeyFromRSAPublicKeyPEM(kid, fp string) (*JwksKey, error)

NewJwksKeyFromRSAPublicKeyPEM returns an instance of Jwks from RSA public key in PEM format.

func (*JwksKey) GetPublic

func (k *JwksKey) GetPublic() interface{}

GetPublic returns pointer to public key.

func (*JwksKey) Validate

func (k *JwksKey) Validate() error

Validate returns error if JwksKey does not contain relevant information.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL