Documentation ¶
Overview ¶
A package for authenticating as an end user with Okta, with support for MFA.
Construct a client with your Okta domain, and a struct that implements the Prompts interface.
After calling `Authenticate`, if a second factor is required the appropriate methods from the Prompts interface will be called to guide the user through the authentication flow.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientConfig ¶
type ClientConfig struct { // Your organizations Okta domain (<your-org>.okta.com). OktaDomain string // Callbacks for handling user and factor interaction. Prompts Prompts // An optional RoundTripper that can be used to modify the request/response. // Ex: Add a custom user-agent to all requests. RoundTripper http.RoundTripper // Optional logger that when provided enables debug logs. DebugLogger DebugLogger }
type NonFatalAuthError ¶
type NonFatalAuthError struct {
ErrorSummary string
}
Custom error for handling auth timeout and rejection
func (NonFatalAuthError) Error ¶
func (nonFatalAuthError NonFatalAuthError) Error() string
type OktaClient ¶
type OktaClient struct {
// contains filtered or unexported fields
}
func New ¶
func New(conf ClientConfig) (*OktaClient, error)
Constructs a new OktaClient with the given config.
The only required arguments are the OktaDomain, and Prompts. An error is returned if either of those arguments are omitted.
func (*OktaClient) Authenticate ¶
func (c *OktaClient) Authenticate(username, password string) (string, error)
Given a username and password, returns a session token or an error. You can then use the session token to obtain a session id. https://developer.okta.com/docs/api/resources/sessions#session-token
If a second factor is required, the configured callbacks on the client will be invoked.
type Prompts ¶
type Prompts interface { // Given a VerifyU2FRequest, should return true if the U2F device is present. // This is used to automatically choose the U2F device for MFA if it is detected. // // The Challenge field will not be set on this call. // This should set the "check only" field on the u2f authentication request. CheckU2FPresence(request VerifyU2FRequest) bool // Given a list of factors, should present the user with the choices and // return the chosen factor. If an error is returned the authentication flow // is aborted. ChooseFactor(factors []factors.Factor) (factors.Factor, error) // Called when there is a (retriable) error in the flow that should be presented to the user. // For example, if the wrong code has been entered in an SMS MFA flow, the user will be notified // and then prompted to choose a factor again. PresentUserError(string) // Attempt to authenticate with the chosen U2F device. // The context has a deadline set on it, which after it occurs the factor verification will be canceled. VerifyU2F(ctx context.Context, request VerifyU2FRequest) (VerifyU2FResponse, error) // Prompt the user for a code for the given factor (SMS, TOTP, Call). VerifyCode(factor factors.Factor) (string, error) // Prompt user to check their phone for Okta Verify push notification VerifyPush() }
type TerminalError ¶
type TerminalError string
Used to indicate that the current authentication flow cannot proceed. When a terminal error is returned, the program should print the error and exit with a non zero status code.
func (TerminalError) Error ¶
func (e TerminalError) Error() string
func (TerminalError) String ¶
func (e TerminalError) String() string
type VerifyU2FRequest ¶
type VerifyU2FRequest struct { Facet string AppId string KeyHandle string Challenge string WebAuthn bool }
Parameters used for authenticating with a U2F device. For more information see https://fidoalliance.org/specifications/
type VerifyU2FResponse ¶
Data returned after successfully authenticating with a U2F device. For more information see https://fidoalliance.org/specifications/
Directories ¶
Path | Synopsis |
---|---|
Defines the API objects used in the authentication flows.
|
Defines the API objects used in the authentication flows. |
Factors represent multi-factor options as part of the authentication flow.
|
Factors represent multi-factor options as part of the authentication flow. |