auth

package
v0.0.0-...-b4f5332 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 20, 2025 License: Apache-2.0 Imports: 9 Imported by: 47

Documentation

Overview

CredHub authentication strategies

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Builder

type Builder func(config Config) (Strategy, error)

Builder constructs the auth type given a configuration

A builder is required by the credhub.Auth() option for credhub.New()

var Noop Builder = func(config Config) (Strategy, error) {
	return &NoopStrategy{config.Client()}, nil
}

Noop builds a NoopStrategy

func Uaa

func Uaa(clientId, clientSecret, username, password, accessToken, refreshToken string, usingClientCrendentials bool) Builder

Uaa builds an OauthStrategy for a UAA using existing tokens

func UaaClientCredentials

func UaaClientCredentials(clientId, clientSecret string) Builder

UaaClientCredential builds an OauthStrategy for UAA using client_credential_grant token requests

func UaaPassword

func UaaPassword(clientId, clientSecret, username, password string) Builder

UaaPassword builds an OauthStrategy for UAA using password_grant token requests

type Config

type Config interface {
	AuthURL() (string, error)
	Client() *http.Client
}

Config provides the CredHub configuration necessary to build an auth Strategy

The credhub.CredHub struct conforms to this interface

type NoopStrategy

type NoopStrategy struct {
	*http.Client
}

NoopStrategy will submit requests with no additional authentication

type OAuthClient

type OAuthClient interface {
	ClientCredentialGrant(clientId, clientSecret string) (string, error)
	PasswordGrant(clientId, clientSecret, username, password string) (string, string, error)
	RefreshTokenGrant(clientId, clientSecret, refreshToken string) (string, string, error)
	RevokeToken(token string) error
}

type OAuthStrategy

type OAuthStrategy struct {
	Username                string
	Password                string
	ClientId                string
	ClientSecret            string
	ApiClient               *http.Client
	OAuthClient             OAuthClient
	ClientCredentialRefresh bool
	// contains filtered or unexported fields
}

OAuth authentication strategy

func (*OAuthStrategy) AccessToken

func (a *OAuthStrategy) AccessToken() string

AccessToken is the Bearer token to be used for authenticated requests

func (*OAuthStrategy) Do

func (a *OAuthStrategy) Do(req *http.Request) (*http.Response, error)

Do submits requests with bearer token authorization, using the AccessToken as the bearer token.

Will automatically refresh the AccessToken and retry the request if the token has expired.

func (*OAuthStrategy) Login

func (a *OAuthStrategy) Login() error

Login will make a token grant request to the OAuth server

The grant type will be password grant if Username is not empty, and client credentials grant otherwise.

On success, the AccessToken and RefreshToken (if given) will be populated.

Login will be a no-op if the AccessToken is not empty when invoked.

func (*OAuthStrategy) Logout

func (a *OAuthStrategy) Logout() error

Logout will send a revoke token request

On success, the AccessToken and RefreshToken will be empty

func (*OAuthStrategy) Refresh

func (a *OAuthStrategy) Refresh() error

Refresh will get a new AccessToken

If RefreshToken is available, a refresh token grant will be used, otherwise client credential grant will be used.

func (*OAuthStrategy) RefreshToken

func (a *OAuthStrategy) RefreshToken() string

RefreshToken is used to by Refresh() to get a new AccessToken. Only applies for password grants.

func (*OAuthStrategy) SetTokens

func (a *OAuthStrategy) SetTokens(access, refresh string)

SetToken sets the AccessToken and RefreshTokens

type Strategy

type Strategy interface {
	Do(req *http.Request) (*http.Response, error)
}

Strategy provides http.Client-like interface to send authenticated requests to the server

Modifies the request and client to include authentication based on the authentication strategy

Directories

Path Synopsis
UAA client for token grants and revocation
UAA client for token grants and revocation

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL