Version: v6.0.6+incompatible Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2018 License: Apache-2.0 Imports: 23 Imported by: 0




View Source
const (
	CSRFCookieName = "csrf-token"
	CSRFHeader     = "X-CSRFToken"


This section is empty.


func NewDexClient

func NewDexClient(hostAndPort string, caCrt, clientCrt, clientKey string) (api.DexClient, error)


type AuthSource

type AuthSource int

AuthSource allows callers to switch between Tectonic and OpenShift login support.

const (
	AuthSourceTectonic  AuthSource = 0
	AuthSourceOpenShift AuthSource = 1

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields

func NewAuthenticator

func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error)

NewAuthenticator initializes an Authenticator struct. It blocks until the authenticator is able to contact the provider.

func (*Authenticator) Authenticate

func (a *Authenticator) Authenticate(r *http.Request) (*User, error)

func (*Authenticator) CallbackFunc

func (a *Authenticator) CallbackFunc(fn func(loginInfo LoginJSON, successURL string, w http.ResponseWriter)) func(w http.ResponseWriter, r *http.Request)

CallbackFunc handles OAuth2 callbacks and code/token exchange. Requests with unexpected params are redirected to the root route.

func (*Authenticator) ExchangeAuthCode

func (a *Authenticator) ExchangeAuthCode(code string) (idToken, refreshToken string, err error)

ExchangeAuthCode allows callers to return a raw token response given a OAuth2 code. This is useful for clients which need to request refresh tokens.

func (*Authenticator) LoginFunc

func (a *Authenticator) LoginFunc(w http.ResponseWriter, r *http.Request)

LoginFunc redirects to the OIDC provider for user login.

func (*Authenticator) LogoutFunc

func (a *Authenticator) LogoutFunc(w http.ResponseWriter, r *http.Request)

LogoutFunc cleans up session cookies.

func (*Authenticator) SetCSRFCookie

func (a *Authenticator) SetCSRFCookie(path string, w *http.ResponseWriter)

func (*Authenticator) VerifyCSRFToken

func (a *Authenticator) VerifyCSRFToken(r *http.Request) (err error)

func (*Authenticator) VerifyReferer

func (a *Authenticator) VerifyReferer(r *http.Request) (err error)

type Config

type Config struct {
	AuthSource AuthSource

	IssuerURL    string
	IssuerCA     string
	RedirectURL  string
	ClientID     string
	ClientSecret string
	Scope        []string

	SuccessURL  string
	ErrorURL    string
	RefererPath string
	// cookiePath is an abstraction leak. (unfortunately, a necessary one.)
	CookiePath    string
	SecureCookies bool

type LoginJSON

type LoginJSON struct {
	UserID string `json:"userID"`
	Name   string `json:"name"`
	Email  string `json:"email"`
	Exp    int64  `json:"exp"`

type SessionStore

type SessionStore struct {
	// contains filtered or unexported fields

func NewSessionStore

func NewSessionStore(maxSessions int) *SessionStore

type User

type User struct {
	ID       string
	Username string
	Token    string

User holds fields representing a user.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL