downstreamsession

package
v0.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AutoApproveScopes added in v0.20.0 

func AutoApproveScopes(authorizeRequester fosite.AuthorizeRequester)

AutoApproveScopes auto-grants the scopes which we support and for which we do not require end-user approval, if they were requested. This should only be called after it has been validated that the client is allowed to request the scopes that it requested (which is a check performed by fosite).

func DownstreamLDAPSubject added in v0.13.0 

func DownstreamLDAPSubject(uid string, ldapURL url.URL) string

func DownstreamSubjectFromUpstreamLDAP added in v0.18.0 

func DownstreamSubjectFromUpstreamLDAP(ldapUpstream provider.UpstreamLDAPIdentityProviderI, authenticateResponse *authenticators.Response) string

func ExtractStringClaimValue added in v0.13.0 

func ExtractStringClaimValue(claimName string, upstreamIDPName string, idTokenClaims map[string]interface{}) (string, error)

func GetDownstreamIdentityFromUpstreamIDToken added in v0.11.0 

func GetDownstreamIdentityFromUpstreamIDToken(
	upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI,
	idTokenClaims map[string]interface{},
) (string, string, []string, error)

GetDownstreamIdentityFromUpstreamIDToken returns the mapped subject, username, and group names, in that order.

func GetGroupsFromUpstreamIDToken added in v0.13.0 

func GetGroupsFromUpstreamIDToken(
	upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI,
	idTokenClaims map[string]interface{},
) ([]string, error)

GetGroupsFromUpstreamIDToken returns mapped group names coerced into a slice of strings. It returns nil when there is no configured groups claim name, or then when the configured claim name is not found in the provided map of claims. It returns an error when the claim exists but its value cannot be parsed.

func MakeDownstreamLDAPOrADCustomSessionData added in v0.18.0 

func MakeDownstreamLDAPOrADCustomSessionData(
	ldapUpstream provider.UpstreamLDAPIdentityProviderI,
	idpType psession.ProviderType,
	authenticateResponse *authenticators.Response,
	username string,
) *psession.CustomSessionData

func MakeDownstreamOIDCCustomSessionData added in v0.13.0 

func MakeDownstreamOIDCCustomSessionData(
	oidcUpstream provider.UpstreamOIDCIdentityProviderI,
	token *oidctypes.Token,
	username string,
) (*psession.CustomSessionData, error)

func MakeDownstreamSession 

func MakeDownstreamSession(
	subject string,
	username string,
	groups []string,
	grantedScopes []string,
	clientID string,
	custom *psession.CustomSessionData,
	additionalClaims map[string]interface{},
) *psession.PinnipedSession

MakeDownstreamSession creates a downstream OIDC session.

func MapAdditionalClaimsFromUpstreamIDToken added in v0.22.0 

func MapAdditionalClaimsFromUpstreamIDToken(
	upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI,
	idTokenClaims map[string]interface{},
) map[string]interface{}

MapAdditionalClaimsFromUpstreamIDToken returns the additionalClaims mapped from the upstream token, if any.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.