Documentation ¶
Index ¶
Constants ¶
View Source
const ( OIDCAccessTokenName = "oidc-access-token" OIDCTokenName = "oidc-token" OIDCIDName = "oidc-id_token" )
Variables ¶
View Source
var HeaderKeyRegex = regexp.MustCompile(`[^\w!#$%&'*+\-.^\x60|~]`)
Functions ¶
func SafeHeader ¶ added in v0.4.0
Types ¶
type Chain ¶
type Chain struct {
// contains filtered or unexported fields
}
func NewChain ¶
func NewChain(opts *Opts, key *passport.KeyProvider, filters ...ChainFilter) *Chain
type ChainFilter ¶
type OIDCCreateOpts ¶
type OIDCFilter ¶
type OIDCFilter struct {
// contains filtered or unexported fields
}
func NewOIDCFilter ¶
func NewOIDCFilter(ctx context.Context, baseURL string, issuerURL string, opt *OIDCCreateOpts) (*OIDCFilter, error)
func (*OIDCFilter) DoFilter ¶
func (f *OIDCFilter) DoFilter(w http.ResponseWriter, r *http.Request) (*ingress.UserInfo, error)
type Opts ¶
type Opts struct { SubjectHeader string // http header to put the user subject SourceHeader string // http header to indicate what the subject means (e.g. to distinguish oauth2 vs pki) VerifyHeader string // http header to put authenticity signature VerifyHashHeader string // http header to put authenticity hash // ClaimPrefixHeader is the prefix for http headers // containing user claims ClaimPrefixHeader string Append bool }
type PKIFilter ¶
type PKIFilter struct {
// contains filtered or unexported fields
}
func NewPKIFilter ¶
func NewPKIFilter(mode ingress.FilterMode, escapedHeader string, enforcing bool) *PKIFilter
Click to show internal directories.
Click to hide internal directories.