Documentation ¶
Index ¶
- Constants
- Variables
- func ClearProviders()
- func GetActiveOAuth2Providers() ([]string, map[string]Provider, error)
- func Init() error
- func InitSigningKey() error
- func IsErrOpenIDConnectInitialize(err error) bool
- func RegisterGothProvider(provider GothProvider)
- func RegisterProviderWithGothic(providerName string, source *Source) error
- func RemoveProviderFromGothic(providerName string)
- func ResetOAuth2() error
- type Attribute
- type BaseProvider
- type CustomProvider
- type CustomProviderNewFn
- type CustomURLMapping
- type CustomURLSettings
- type ErrInvalidAlgorithmType
- type ErrOpenIDConnectInitialize
- type GothProvider
- type GothProviderCreator
- type ImagedProvider
- type JWTSigningKey
- type OIDCToken
- type OpenIDProvider
- func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
- func (o *OpenIDProvider) CustomURLSettings() *CustomURLSettings
- func (o *OpenIDProvider) DisplayName() string
- func (o *OpenIDProvider) Image() string
- func (o *OpenIDProvider) Name() string
- type Provider
- type SessionsStore
- type SimpleProvider
- type SimpleProviderNewFn
- type Source
- func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
- func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error)
- func (source *Source) Callout(request *http.Request, response http.ResponseWriter) error
- func (source *Source) DisplayName() string
- func (source *Source) FromDB(bs []byte) error
- func (source *Source) Name() string
- func (source *Source) RegisterSource() error
- func (source *Source) SetAuthSource(authSource *auth.Source)
- func (source *Source) ToDB() ([]byte, error)
- func (source *Source) UnregisterSource() error
- type Token
- type TokenType
Constants ¶
const ProviderHeaderKey = "gitea-oauth2-provider"
ProviderHeaderKey is the HTTP header key
const UsersStoreKey = "gitea-oauth2-sessions"
UsersStoreKey is the key for the store
Variables ¶
var ErrAuthSourceNotActived = errors.New("auth source is not actived")
ErrAuthSourceNotActived login source is not actived error
Functions ¶
func ClearProviders ¶
func ClearProviders()
ClearProviders clears all OAuth2 providers from the goth lib
func GetActiveOAuth2Providers ¶
GetActiveOAuth2Providers returns the map of configured active OAuth2 providers key is used as technical name (like in the callbackURL) values to display
func InitSigningKey ¶
func InitSigningKey() error
InitSigningKey creates the default signing key from settings or creates a random key.
func IsErrOpenIDConnectInitialize ¶
IsErrOpenIDConnectInitialize checks if an error is a ExternalLoginUserAlreadyExist.
func RegisterGothProvider ¶
func RegisterGothProvider(provider GothProvider)
RegisterGothProvider registers a GothProvider
func RegisterProviderWithGothic ¶
RegisterProviderWithGothic register a OAuth2 provider in goth lib
func RemoveProviderFromGothic ¶
func RemoveProviderFromGothic(providerName string)
RemoveProviderFromGothic removes the given OAuth2 provider from the goth lib
func ResetOAuth2 ¶
func ResetOAuth2() error
ResetOAuth2 clears existing OAuth2 providers and loads them from DB
Types ¶
type Attribute ¶
Attribute describes the availability, and required status for a custom url configuration
type BaseProvider ¶
type BaseProvider struct {
// contains filtered or unexported fields
}
BaseProvider represents a common base for Provider
func (*BaseProvider) CustomURLSettings ¶
func (b *BaseProvider) CustomURLSettings() *CustomURLSettings
CustomURLSettings returns the custom url settings for this provider
func (*BaseProvider) DisplayName ¶
func (b *BaseProvider) DisplayName() string
DisplayName returns the friendly name for this provider
func (*BaseProvider) Image ¶
func (b *BaseProvider) Image() string
Image returns an image path for this provider
func (*BaseProvider) Name ¶
func (b *BaseProvider) Name() string
Name provides the technical name for this provider
type CustomProvider ¶
type CustomProvider struct { BaseProvider // contains filtered or unexported fields }
CustomProvider is a GothProvider that has CustomURL features
func NewCustomProvider ¶
func NewCustomProvider(name, displayName string, customURLSetting *CustomURLSettings, newFn CustomProviderNewFn) *CustomProvider
NewCustomProvider is a constructor function for custom providers
func (*CustomProvider) CreateGothProvider ¶
func (c *CustomProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
CreateGothProvider creates a GothProvider from this Provider
func (*CustomProvider) CustomURLSettings ¶
func (c *CustomProvider) CustomURLSettings() *CustomURLSettings
CustomURLSettings returns the CustomURLSettings for this provider
type CustomProviderNewFn ¶
type CustomProviderNewFn func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error)
CustomProviderNewFn creates a goth.Provider using a custom url mapping
type CustomURLMapping ¶
type CustomURLMapping struct { AuthURL string `json:",omitempty"` TokenURL string `json:",omitempty"` ProfileURL string `json:",omitempty"` EmailURL string `json:",omitempty"` Tenant string `json:",omitempty"` }
CustomURLMapping describes the urls values to use when customizing OAuth2 provider URLs
type CustomURLSettings ¶
type CustomURLSettings struct { AuthURL Attribute `json:",omitempty"` TokenURL Attribute `json:",omitempty"` ProfileURL Attribute `json:",omitempty"` EmailURL Attribute `json:",omitempty"` Tenant Attribute `json:",omitempty"` }
CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs
func (*CustomURLSettings) OverrideWith ¶
func (c *CustomURLSettings) OverrideWith(override *CustomURLMapping) *CustomURLMapping
OverrideWith copies the current customURLMapping and overrides it with values from the provided mapping
func (*CustomURLSettings) Required ¶
func (c *CustomURLSettings) Required() bool
Required is true if any attribute is required
type ErrInvalidAlgorithmType ¶
type ErrInvalidAlgorithmType struct {
Algorithm string
}
ErrInvalidAlgorithmType represents an invalid algorithm error.
func (ErrInvalidAlgorithmType) Error ¶
func (err ErrInvalidAlgorithmType) Error() string
type ErrOpenIDConnectInitialize ¶
type ErrOpenIDConnectInitialize struct { OpenIDConnectAutoDiscoveryURL string ProviderName string Cause error }
ErrOpenIDConnectInitialize represents a "OpenIDConnectInitialize" kind of error.
func (ErrOpenIDConnectInitialize) Error ¶
func (err ErrOpenIDConnectInitialize) Error() string
type GothProvider ¶
type GothProvider interface { Provider GothProviderCreator }
GothProvider is an interface for describing a single OAuth2 provider
type GothProviderCreator ¶
type GothProviderCreator interface {
CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
}
GothProviderCreator provides a function to create a goth.Provider
type ImagedProvider ¶
type ImagedProvider struct { GothProvider // contains filtered or unexported fields }
ImagedProvider provide an overridden image setting for the provider
func NewImagedProvider ¶
func NewImagedProvider(image string, provider GothProvider) *ImagedProvider
NewImagedProvider is a constructor function for the ImagedProvider
func (*ImagedProvider) Image ¶
func (i *ImagedProvider) Image() string
Image returns the image path for this provider
type JWTSigningKey ¶
type JWTSigningKey interface { IsSymmetric() bool SigningMethod() jwt.SigningMethod SignKey() interface{} VerifyKey() interface{} ToJWK() (map[string]string, error) PreProcessToken(*jwt.Token) }
JWTSigningKey represents a algorithm/key pair to sign JWTs
var DefaultSigningKey JWTSigningKey
DefaultSigningKey is the default signing key for JWTs.
func CreateJWTSigningKey ¶
func CreateJWTSigningKey(algorithm string, key interface{}) (JWTSigningKey, error)
CreateJWTSigningKey creates a signing key from an algorithm / key pair.
type OIDCToken ¶
type OIDCToken struct { jwt.RegisteredClaims Nonce string `json:"nonce,omitempty"` // Scope profile Name string `json:"name,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` Profile string `json:"profile,omitempty"` Picture string `json:"picture,omitempty"` Website string `json:"website,omitempty"` Locale string `json:"locale,omitempty"` UpdatedAt timeutil.TimeStamp `json:"updated_at,omitempty"` // Scope email Email string `json:"email,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` // Groups are generated by organization and team names Groups []string `json:"groups,omitempty"` }
OIDCToken represents an OpenID Connect id_token
type OpenIDProvider ¶
type OpenIDProvider struct{}
OpenIDProvider is a GothProvider for OpenID
func (*OpenIDProvider) CreateGothProvider ¶
func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
CreateGothProvider creates a GothProvider from this Provider
func (*OpenIDProvider) CustomURLSettings ¶
func (o *OpenIDProvider) CustomURLSettings() *CustomURLSettings
CustomURLSettings returns the custom url settings for this provider
func (*OpenIDProvider) DisplayName ¶
func (o *OpenIDProvider) DisplayName() string
DisplayName returns the friendly name for this provider
func (*OpenIDProvider) Image ¶
func (o *OpenIDProvider) Image() string
Image returns an image path for this provider
func (*OpenIDProvider) Name ¶
func (o *OpenIDProvider) Name() string
Name provides the technical name for this provider
type Provider ¶
type Provider interface { Name() string DisplayName() string Image() string CustomURLSettings() *CustomURLSettings }
Provider is an interface for describing a single OAuth2 provider
func GetOAuth2Providers ¶
func GetOAuth2Providers() []Provider
GetOAuth2Providers returns the map of unconfigured OAuth2 providers key is used as technical name (like in the callbackURL) values to display
type SessionsStore ¶
type SessionsStore struct {
// contains filtered or unexported fields
}
SessionsStore creates a gothic store from our session
func (*SessionsStore) New ¶
New should create and return a new session.
Note that New should never return a nil session, even in the case of an error if using the Registry infrastructure to cache the session.
func (*SessionsStore) Save ¶
func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error
Save should persist session to the underlying store implementation.
type SimpleProvider ¶
type SimpleProvider struct { BaseProvider // contains filtered or unexported fields }
SimpleProvider is a GothProvider which does not have custom url features
func NewSimpleProvider ¶
func NewSimpleProvider(name, displayName string, scopes []string, newFn SimpleProviderNewFn) *SimpleProvider
NewSimpleProvider is a constructor function for simple providers
func (*SimpleProvider) CreateGothProvider ¶
func (c *SimpleProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
CreateGothProvider creates a GothProvider from this Provider
type SimpleProviderNewFn ¶
type SimpleProviderNewFn func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider
SimpleProviderNewFn create goth.Providers without custom url features
type Source ¶
type Source struct { Provider string ClientID string ClientSecret string OpenIDConnectAutoDiscoveryURL string CustomURLMapping *CustomURLMapping IconURL string Scopes []string RequiredClaimName string RequiredClaimValue string GroupClaimName string AdminGroup string GroupTeamMap string GroupTeamMapRemoval bool RestrictedGroup string SkipLocalTwoFA bool `json:",omitempty"` // contains filtered or unexported fields }
Source holds configuration for the OAuth2 login source.
func (*Source) Authenticate ¶
func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
Authenticate falls back to the db authenticator
func (*Source) Callback ¶
func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error)
Callback handles OAuth callback, resolve to a goth user and send back to original url this will trigger a new authentication request, but because we save it in the session we can use that
func (*Source) Callout ¶
Callout redirects request/response pair to authenticate against the provider
func (*Source) DisplayName ¶
DisplayName returns the display name of this source
func (*Source) RegisterSource ¶
RegisterSource causes an OAuth2 configuration to be registered
func (*Source) SetAuthSource ¶
SetAuthSource sets the related AuthSource
func (*Source) UnregisterSource ¶
UnregisterSource causes an OAuth2 configuration to be unregistered
type Token ¶
type Token struct { GrantID int64 `json:"gnt"` Type TokenType `json:"tt"` Counter int64 `json:"cnt,omitempty"` jwt.RegisteredClaims }
Token represents a JWT token used to authenticate a client
func ParseToken ¶
func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error)
ParseToken parses a signed jwt string