Documentation ¶
Overview ¶
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.
Index ¶
- func AutoApproveScopes(authorizeRequester fosite.AuthorizeRequester)
- func DownstreamLDAPSubject(uid string, ldapURL url.URL) string
- func DownstreamSubjectFromUpstreamLDAP(ldapUpstream provider.UpstreamLDAPIdentityProviderI, ...) string
- func ExtractStringClaimValue(claimName string, upstreamIDPName string, idTokenClaims map[string]interface{}) (string, error)
- func GetDownstreamIdentityFromUpstreamIDToken(upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, ...) (string, string, []string, error)
- func GetGroupsFromUpstreamIDToken(upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, ...) ([]string, error)
- func MakeDownstreamLDAPOrADCustomSessionData(ldapUpstream provider.UpstreamLDAPIdentityProviderI, ...) *psession.CustomSessionData
- func MakeDownstreamOIDCCustomSessionData(oidcUpstream provider.UpstreamOIDCIdentityProviderI, token *oidctypes.Token, ...) (*psession.CustomSessionData, error)
- func MakeDownstreamSession(subject string, username string, groups []string, grantedScopes []string, ...) *psession.PinnipedSession
- func MapAdditionalClaimsFromUpstreamIDToken(upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, ...) map[string]interface{}
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AutoApproveScopes ¶ added in v0.20.0
func AutoApproveScopes(authorizeRequester fosite.AuthorizeRequester)
AutoApproveScopes auto-grants the scopes which we support and for which we do not require end-user approval, if they were requested. This should only be called after it has been validated that the client is allowed to request the scopes that it requested (which is a check performed by fosite).
func DownstreamLDAPSubject ¶ added in v0.13.0
func DownstreamSubjectFromUpstreamLDAP ¶ added in v0.18.0
func DownstreamSubjectFromUpstreamLDAP(ldapUpstream provider.UpstreamLDAPIdentityProviderI, authenticateResponse *authenticators.Response) string
func ExtractStringClaimValue ¶ added in v0.13.0
func GetDownstreamIdentityFromUpstreamIDToken ¶ added in v0.11.0
func GetDownstreamIdentityFromUpstreamIDToken( upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, idTokenClaims map[string]interface{}, ) (string, string, []string, error)
GetDownstreamIdentityFromUpstreamIDToken returns the mapped subject, username, and group names, in that order.
func GetGroupsFromUpstreamIDToken ¶ added in v0.13.0
func GetGroupsFromUpstreamIDToken( upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, idTokenClaims map[string]interface{}, ) ([]string, error)
GetGroupsFromUpstreamIDToken returns mapped group names coerced into a slice of strings. It returns nil when there is no configured groups claim name, or then when the configured claim name is not found in the provided map of claims. It returns an error when the claim exists but its value cannot be parsed.
func MakeDownstreamLDAPOrADCustomSessionData ¶ added in v0.18.0
func MakeDownstreamLDAPOrADCustomSessionData( ldapUpstream provider.UpstreamLDAPIdentityProviderI, idpType psession.ProviderType, authenticateResponse *authenticators.Response, username string, ) *psession.CustomSessionData
func MakeDownstreamOIDCCustomSessionData ¶ added in v0.13.0
func MakeDownstreamOIDCCustomSessionData( oidcUpstream provider.UpstreamOIDCIdentityProviderI, token *oidctypes.Token, username string, ) (*psession.CustomSessionData, error)
func MakeDownstreamSession ¶
func MakeDownstreamSession( subject string, username string, groups []string, grantedScopes []string, clientID string, custom *psession.CustomSessionData, additionalClaims map[string]interface{}, ) *psession.PinnipedSession
MakeDownstreamSession creates a downstream OIDC session.
func MapAdditionalClaimsFromUpstreamIDToken ¶ added in v0.22.0
func MapAdditionalClaimsFromUpstreamIDToken( upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, idTokenClaims map[string]interface{}, ) map[string]interface{}
MapAdditionalClaimsFromUpstreamIDToken returns the additionalClaims mapped from the upstream token, if any.
Types ¶
This section is empty.