authlib

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 9, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewX509TokenManager

func NewX509TokenManager(
	sourceNamespace string,
	sourceName string,
	opts ...Option,
) manipulate.SelfTokenManager

NewX509TokenManager returns a new X.509 backed manipulate.SelfTokenManager.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

A Client to authenticate and retrieve an A3S token using one of the supported authentication sources.

func NewClient

func NewClient(m manipulate.Manipulator) *Client

NewClient returns a new Client.

func (*Client) AuthFromA3S

func (a *Client) AuthFromA3S(ctx context.Context, token string, options ...Option) (string, error)

AuthFromA3S requests a token using the provided local a3s token.

func (*Client) AuthFromAWS

func (a *Client) AuthFromAWS(ctx context.Context, accessKeyID, secretAccessKey, token string, options ...Option) (string, error)

AuthFromAWS requests a token using the provided AWS sts information. If accessKeyID, secretAccessKey and token are empty, the function will assume it is running on an AWS instance and will try to retrieve them using the magic IP.

func (*Client) AuthFromAzure

func (a *Client) AuthFromAzure(ctx context.Context, token string, options ...Option) (string, error)

AuthFromAzure requests a token using the provided Azure token. If token is empty, the function will assume it is running on an Azure instance and will try to retrieve it using the magic IP.

func (*Client) AuthFromCertificate

func (a *Client) AuthFromCertificate(ctx context.Context, sourceNamespace string, sourceName string, options ...Option) (string, error)

AuthFromCertificate requests an identity token from the currently configured Certificate in the manipulator that was provided during initialization. If the manipulator has no configured Certificate, this function will fail.

func (*Client) AuthFromGCP

func (a *Client) AuthFromGCP(ctx context.Context, token string, audience string, options ...Option) (string, error)

AuthFromGCP requests a token using the provided GCP token. If token is empty, the function will assume it is running on an GCP instance and will try to retrieve it using the magic IP.

func (*Client) AuthFromHTTP

func (a *Client) AuthFromHTTP(ctx context.Context, username string, password string, totp string, sourceNamespace string, sourceName string, options ...Option) (string, error)

AuthFromHTTP requests a token using the provided username and password from the source with the given namespace and name.

func (*Client) AuthFromLDAP

func (a *Client) AuthFromLDAP(ctx context.Context, username string, password string, sourceNamespace string, sourceName string, options ...Option) (string, error)

AuthFromLDAP requests a token using the provided credentials with the LDAP auth source with the given namespace and namespace.

func (*Client) AuthFromOIDCStep1

func (a *Client) AuthFromOIDCStep1(ctx context.Context, sourceNamespace string, sourceName string, redirectURL string) (string, error)

AuthFromOIDCStep1 performs the first step of the OIDC ceremony using the configured OIDC auth source identified by its name and namespace. The functiion will return the provider URL to use to autenticate.

func (*Client) AuthFromOIDCStep2

func (a *Client) AuthFromOIDCStep2(ctx context.Context, sourceNamespace string, sourceName string, code string, state string, options ...Option) (string, error)

AuthFromOIDCStep2 finishes the OIDC ceremony using the code and state you obtained after performing the authentication against the OIDC provider.

func (*Client) AuthFromRemoteA3S

func (a *Client) AuthFromRemoteA3S(ctx context.Context, token string, sourceNamespace string, sourceName string, options ...Option) (string, error)

AuthFromRemoteA3S requests a token using the provided remote a3s token with the provided RemoteA3S source with the given namespace and name.

type Option

type Option func(*config)

An Option is the type of various options You can add the issue requests.

func OptAudience

func OptAudience(audience ...string) Option

OptAudience passes the requested audience for the token.

func OptCloak

func OptCloak(cloaking ...string) Option

OptCloak sets the claims cloaking option for the token.

func OptOpaque

func OptOpaque(opaque map[string]string) Option

OptOpaque passes opaque data that will be included in the JWT.

func OptRefresh

func OptRefresh(refresh bool) Option

OptRefresh asks for a refresh token.

func OptRestrictions

func OptRestrictions(restrictions permissions.Restrictions) Option

OptRestrictions sets the request restrictions for the token.

func OptValidity

func OptValidity(validity time.Duration) Option

OptValidity sets the validity to request for the token.

type PeriodicTokenManager

type PeriodicTokenManager struct {
	// contains filtered or unexported fields
}

A PeriodicTokenManager issues an renew tokens periodically.

func NewPeriodicTokenManager

func NewPeriodicTokenManager(validity time.Duration, issuerFunc TokenIssuerFunc) *PeriodicTokenManager

NewPeriodicTokenManager returns a new PeriodicTokenManager backed by midgard.

func (*PeriodicTokenManager) Issue

func (m *PeriodicTokenManager) Issue(ctx context.Context) (token string, err error)

Issue issues a token.

func (*PeriodicTokenManager) Run

func (m *PeriodicTokenManager) Run(ctx context.Context, tokenCh chan string)

Run runs the token renewal job.

type TokenIssuerFunc

type TokenIssuerFunc func(context.Context, time.Duration) (string, error)

TokenIssuerFunc is the type of function that can be used to retrieve a token.

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL