auth

package
Version: v6.0.6+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2018 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CSRFCookieName = "csrf-token"
	CSRFHeader     = "X-CSRFToken"
)

Variables

This section is empty.

Functions

func NewDexClient

func NewDexClient(hostAndPort string, caCrt, clientCrt, clientKey string) (api.DexClient, error)

Types

type AuthSource

type AuthSource int

AuthSource allows callers to switch between Tectonic and OpenShift login support.

const (
	AuthSourceTectonic  AuthSource = 0
	AuthSourceOpenShift AuthSource = 1
)

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

func NewAuthenticator

func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error)

NewAuthenticator initializes an Authenticator struct. It blocks until the authenticator is able to contact the provider.

func (*Authenticator) Authenticate

func (a *Authenticator) Authenticate(r *http.Request) (*User, error)

func (*Authenticator) CallbackFunc

func (a *Authenticator) CallbackFunc(fn func(loginInfo LoginJSON, successURL string, w http.ResponseWriter)) func(w http.ResponseWriter, r *http.Request)

CallbackFunc handles OAuth2 callbacks and code/token exchange. Requests with unexpected params are redirected to the root route.

func (*Authenticator) ExchangeAuthCode

func (a *Authenticator) ExchangeAuthCode(code string) (idToken, refreshToken string, err error)

ExchangeAuthCode allows callers to return a raw token response given a OAuth2 code. This is useful for clients which need to request refresh tokens.

func (*Authenticator) LoginFunc

func (a *Authenticator) LoginFunc(w http.ResponseWriter, r *http.Request)

LoginFunc redirects to the OIDC provider for user login.

func (*Authenticator) LogoutFunc

func (a *Authenticator) LogoutFunc(w http.ResponseWriter, r *http.Request)

LogoutFunc cleans up session cookies.

func (*Authenticator) SetCSRFCookie

func (a *Authenticator) SetCSRFCookie(path string, w *http.ResponseWriter)

func (*Authenticator) VerifyCSRFToken

func (a *Authenticator) VerifyCSRFToken(r *http.Request) (err error)

func (*Authenticator) VerifyReferer

func (a *Authenticator) VerifyReferer(r *http.Request) (err error)

type Config

type Config struct {
	AuthSource AuthSource

	IssuerURL    string
	IssuerCA     string
	RedirectURL  string
	ClientID     string
	ClientSecret string
	Scope        []string

	SuccessURL  string
	ErrorURL    string
	RefererPath string
	// cookiePath is an abstraction leak. (unfortunately, a necessary one.)
	CookiePath    string
	SecureCookies bool
}

type LoginJSON

type LoginJSON struct {
	UserID string `json:"userID"`
	Name   string `json:"name"`
	Email  string `json:"email"`
	Exp    int64  `json:"exp"`
}

type SessionStore

type SessionStore struct {
	// contains filtered or unexported fields
}

func NewSessionStore

func NewSessionStore(maxSessions int) *SessionStore

type User

type User struct {
	ID       string
	Username string
	Token    string
}

User holds fields representing a user.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL