Documentation

Overview

    Package deprecated contains code that should not be used in new applications.

    Index

    Constants

    View Source
    const SettingsKey = "openid_auth"

      SettingsKey is key for OpenID settings (described by Settings struct) in settings store. See go.chromium.org/luci/server/settings.

      Variables

      View Source
      var (
      	// ErrNotConfigured is returned by various functions if OpenID settings are
      	// not properly configured.
      	ErrNotConfigured = errors.New("openid: not configured")
      )

      Functions

      This section is empty.

      Types

      type CookieAuthMethod

      type CookieAuthMethod struct {
      	// SessionStore keeps user sessions in some permanent storage. Must be set,
      	// otherwise all methods return ErrNotConfigured.
      	SessionStore SessionStore
      
      	// Insecure is true to allow http:// URLs and non-https cookies. Useful for
      	// local development.
      	Insecure bool
      
      	// IncompatibleCookies is a list of cookies to remove when setting or clearing
      	// session cookie. It is useful to get rid of GAE cookies when OpenID cookies
      	// are being used. Having both is very confusing.
      	IncompatibleCookies []string
      }

        CookieAuthMethod implements auth.Method and auth.UsersAPI and can be used as one of authentication method in auth.Authenticator. It is using OpenID for login flow, stores session ID in cookies, and session itself in supplied SessionStore.

        It requires some routes to be added to the router. Use exact same instance of CookieAuthMethod in auth.Authenticator and when adding routes via InstallHandlers.

        DEPRECATED. Do not use.

        func (*CookieAuthMethod) Authenticate

        func (m *CookieAuthMethod) Authenticate(c context.Context, r *http.Request) (*auth.User, error)

          Authenticate extracts peer's identity from the incoming request. It is part of auth.Method interface.

          func (*CookieAuthMethod) InstallHandlers

          func (m *CookieAuthMethod) InstallHandlers(r *router.Router, base router.MiddlewareChain)

            InstallHandlers installs HTTP handlers used in OpenID protocol. Must be installed in server HTTP router for OpenID authentication flow to work.

            Implements auth.HasHandlers.

            func (*CookieAuthMethod) LoginURL

            func (m *CookieAuthMethod) LoginURL(c context.Context, dest string) (string, error)

              LoginURL returns a URL that, when visited, prompts the user to sign in, then redirects the user to the URL specified by dest. It is part of auth.UsersAPI interface.

              func (*CookieAuthMethod) LogoutURL

              func (m *CookieAuthMethod) LogoutURL(c context.Context, dest string) (string, error)

                LogoutURL returns a URL that, when visited, signs the user out, then redirects the user to the URL specified by dest. It is part of auth.UsersAPI interface.

                func (*CookieAuthMethod) Warmup

                func (m *CookieAuthMethod) Warmup(c context.Context) (err error)

                  Warmup prepares local caches. It's optional.

                  Implements auth.Warmable.

                  type MemorySessionStore

                  type MemorySessionStore struct {
                  	// contains filtered or unexported fields
                  }

                    MemorySessionStore implement SessionStore.

                    func (*MemorySessionStore) CloseSession

                    func (s *MemorySessionStore) CloseSession(ctx context.Context, sessionID string) error

                      CloseSession closes a session given its ID. Does nothing if session is already closed or doesn't exist. Returns only transient errors.

                      func (*MemorySessionStore) GetSession

                      func (s *MemorySessionStore) GetSession(ctx context.Context, sessionID string) (*Session, error)

                        GetSession returns existing non-expired session given its ID. Returns nil if session doesn't exist, closed or expired. Returns only transient errors.

                        func (*MemorySessionStore) OpenSession

                        func (s *MemorySessionStore) OpenSession(ctx context.Context, userID string, u *auth.User, exp time.Time) (string, error)

                          OpenSession create a new session for a user with given expiration time. It returns unique session ID.

                          type Session

                          type Session struct {
                          	SessionID string    // same as `sessionID` passed to GetSession()
                          	UserID    string    // authentication provider specific user id
                          	User      auth.User // user profile, including identity string
                          	Exp       time.Time // when the session expires
                          }

                            Session is returned by SessionStore.GetSession(...).

                            type SessionStore

                            type SessionStore interface {
                            	// OpenSession create a new session for a user with given expiration time.
                            	// It returns unique session ID.
                            	OpenSession(c context.Context, userID string, u *auth.User, exp time.Time) (string, error)
                            
                            	// CloseSession closes a session given its ID. Does nothing if session is
                            	// already closed or doesn't exist. Returns only transient errors.
                            	CloseSession(c context.Context, sessionID string) error
                            
                            	// GetSession returns existing non-expired session given its ID. Returns nil
                            	// if session doesn't exist, closed or expired. Returns only transient errors.
                            	GetSession(c context.Context, sessionID string) (*Session, error)
                            }

                              SessionStore keeps user sessions in some permanent storage. SessionStore is used by some authentication methods (e.g. openid.AuthMethod).

                              type Settings

                              type Settings struct {
                              	// DiscoveryURL is where to grab discovery document with provider's config.
                              	// Use `https://accounts.google.com/.well-known/openid-configuration` for
                              	// Google OpenID Connect provider.
                              	DiscoveryURL string `json:"discovery_url"`
                              
                              	// ClientID identifies OAuth2 Web client representing the application. Create
                              	// one in Cloud Console if using Google OpenID Connect provider.
                              	ClientID string `json:"client_id"`
                              
                              	// ClientSecret is a secret associated with ClientID.
                              	ClientSecret string `json:"client_secret"`
                              
                              	// RedirectURI must be `https://<apphost>/auth/openid/callback`. It is stored
                              	// in config explicitly to remind admin that OAuth2 client in Cloud Console
                              	// must be configured accordingly.
                              	RedirectURI string `json:"redirect_uri"`
                              }

                                Settings contain parameters of OpenID protocol. They are stored in app settings store under SettingsKey key.

                                func FetchOpenIDSettings

                                func FetchOpenIDSettings(c context.Context) (*Settings, error)

                                  FetchOpenIDSettings fetches OpenID configuration from the settings store.