Documentation ¶
Index ¶
- type Process
- type ProcessRedisRepo
- type QuotumInterface
- type Service
- func (as *Service) AssertStep(ctx context.Context, tr *sql.Tx, redConn *redis.Client, challenge string, ...) error
- func (as *Service) ExpireAll(ctx context.Context, exec boil.ContextExecutor, identityID string) error
- func (as *Service) GetProcess(ctx context.Context, challenge string) (Process, error)
- func (as *Service) GetSession(ctx context.Context, sessionID string) (Session, error)
- func (as *Service) InitProcess(ctx context.Context, challenge string, sessionACR, expectedACR oidc.ClassRef) error
- func (as *Service) InitStep(ctx context.Context, exec boil.ContextExecutor, redConn *redis.Client, ...) (*Step, error)
- func (as *Service) UpdateProcess(ctx context.Context, redConn *redis.Client, challenge string, ...) error
- func (as *Service) UpgradeProcess(ctx context.Context, exec boil.ContextExecutor, redConn *redis.Client, ...) (Process, error)
- func (as *Service) UpsertSession(ctx context.Context, new Session) error
- type Session
- type SessionRedisRepo
- type State
- type Step
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Process ¶
type Process struct { LoginChallenge string `json:"lgc"` SessionACR oidc.ClassRef `json:"sacr"` ExpectedACR oidc.ClassRef `json:"eacr"` CompleteAMRs oidc.MethodRefs `json:"camr"` IdentityID string `json:"mid"` AccountID string `json:"aid"` AccessToken string `json:"tok"` ExpiresAt int64 `json:"exp"` IssuedAt int64 `json:"iat"` }
Process allows to have multi Step in a login flow this entity is attached to a login flow and contains information about: - previous performed Step - ACR borne by a potential session - expected ACR for the login flow - access_token allowing some advanded operation that require authorization the Process disappears after the login flow has been accepted or after some time
type ProcessRedisRepo ¶
type ProcessRedisRepo struct {
mredis.SimpleKeyRedis
}
ProcessRedisRepo ...
func NewAuthnProcessRedis ¶
func NewAuthnProcessRedis(skr mredis.SimpleKeyRedis) ProcessRedisRepo
NewAuthnProcessRedis ...
func (ProcessRedisRepo) Create ¶
func (prr ProcessRedisRepo) Create(ctx context.Context, process *Process) error
Create ...
func (ProcessRedisRepo) Get ¶
Get ...
type QuotumInterface ¶
type QuotumInterface interface {
CreateBase(ctx context.Context, identityID string) (interface{}, error)
}
QuotumInterface ...
type Service ¶
type Service struct { WebauthnHandler *webauthn.WebAuthn AppName string // contains filtered or unexported fields }
Service...
func NewService ¶
func NewService( sessions sessionRepo, processes processRepo, templates email.Renderer, emails email.Sender, webauthnHandler *webauthn.WebAuthn, appName string, ) Service
NewService ...
func (*Service) AssertStep ¶
func (as *Service) AssertStep( ctx context.Context, tr *sql.Tx, redConn *redis.Client, challenge string, identity *identity.Identity, assertion Step, ) error
AssertStep considering the method name and the received metadata It takes a pointer on the identity since the identity might be atlered by the authn step Return a nil error in case of success
func (*Service) ExpireAll ¶
func (as *Service) ExpireAll(ctx context.Context, exec boil.ContextExecutor, identityID string) error
ExpireAll ...
func (*Service) GetProcess ¶
GetProcess using the login challenge
func (*Service) GetSession ¶
GetSession ...
func (*Service) InitProcess ¶
func (as *Service) InitProcess( ctx context.Context, challenge string, sessionACR, expectedACR oidc.ClassRef, ) error
InitProcess and store it Set an AMR "BrowserCookie" if sessionACR is not empty. NOTE: the identityID is not set by the init of a process today in a near future it should be done using the authn session today there is no case where the authn session in used in a multi auth step process so there is no need
func (*Service) InitStep ¶
func (as *Service) InitStep( ctx context.Context, exec boil.ContextExecutor, redConn *redis.Client, identity identity.Identity, methodName oidc.MethodRef, ) (*Step, error)
InitStep ...
func (*Service) UpdateProcess ¶
func (as *Service) UpdateProcess( ctx context.Context, redConn *redis.Client, challenge string, expectedACR oidc.ClassRef, ) error
UpdateProcess to change its state manually
func (*Service) UpgradeProcess ¶
func (as *Service) UpgradeProcess( ctx context.Context, exec boil.ContextExecutor, redConn *redis.Client, challenge string, identity identity.Identity, amr oidc.MethodRef, ) (Process, error)
UpgradeProcess by adding an amr on it it inits the process if required, it returns the upgraded Process, telling the login flow require more authn-step to be performed if a NextStep has been set.
type Session ¶
type Session struct { ID string ACR oidc.ClassRef `json:"acr"` IdentityID string `json:"mid"` AccountID string `json:"aid"` RememberFor int }
Session is bound to login session id in hydra it has the same ID and is expired automatically the same moment as hydra's session RememberFor is expressed in seconds
type SessionRedisRepo ¶
type SessionRedisRepo struct {
mredis.SimpleKeyRedis
}
SessionRedisRepo ...
func NewAuthnSessionRedis ¶
func NewAuthnSessionRedis(skr mredis.SimpleKeyRedis) SessionRedisRepo
NewAuthnSessionRedis ...
func (SessionRedisRepo) Get ¶
Get ...
type State ¶
type State struct { IdentityID string `json:"identity_id"` CurrentACR oidc.ClassRef `json:"current_acr"` RequiredACR oidc.ClassRef `json:"required_acr"` CurrentAMRs oidc.MethodRefs `json:"current_amrs"` AvailableAMRs oidc.MethodRefs `json:"available_amrs"` }
type Step ¶
type Step struct { ID int `json:"-"` IdentityID string `json:"identity_id"` MethodName oidc.MethodRef `json:"method_name"` RawJSONMetadata types.JSON `json:"metadata,omitempty"` CreatedAt time.Time `json:"-"` Complete bool `json:"-"` CompleteAt null.Time `json:"-"` }
Step in a multi-factor authentication process.