Documentation ¶
Index ¶
- Constants
- Variables
- func ClearProviders()
- func GetOAuth2ProvidersMap(onlyActive bool) ([]string, map[string]Provider, error)
- func Init() error
- func InitSigningKey() error
- func IsErrOpenIDConnectInitialize(err error) bool
- func RegisterGothProvider(provider GothProvider)
- func RegisterProviderWithGothic(providerName string, source *Source) error
- func RemoveProviderFromGothic(providerName string)
- func ResetOAuth2() error
- type Attribute
- type AuthSourceProvider
- type BaseProvider
- type CustomProvider
- type CustomProviderNewFn
- type CustomURLMapping
- type CustomURLSettings
- type ErrInvalidAlgorithmType
- type ErrOpenIDConnectInitialize
- type GothProvider
- type GothProviderCreator
- type JWTSigningKey
- type OIDCToken
- type OpenIDProvider
- func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
- func (o *OpenIDProvider) CustomURLSettings() *CustomURLSettings
- func (o *OpenIDProvider) DisplayName() string
- func (o *OpenIDProvider) IconHTML(size int) template.HTML
- func (o *OpenIDProvider) Name() string
- type Provider
- type SessionsStore
- type SimpleProvider
- type SimpleProviderNewFn
- type Source
- func (source *Source) Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error)
- func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error)
- func (source *Source) Callout(request *http.Request, response http.ResponseWriter) error
- func (source *Source) DisplayName() string
- func (source *Source) FromDB(bs []byte) error
- func (source *Source) Name() string
- func (source *Source) RegisterSource() error
- func (source *Source) SetAuthSource(authSource *auth.Source)
- func (source *Source) ToDB() ([]byte, error)
- func (source *Source) UnregisterSource() error
- type Token
- type TokenType
Constants ¶
const ProviderHeaderKey = "gitea-oauth2-provider"
ProviderHeaderKey is the HTTP header key
const UsersStoreKey = "gitea-oauth2-sessions"
UsersStoreKey is the key for the store
Variables ¶
var ErrAuthSourceNotActivated = errors.New("auth source is not activated")
Functions ¶
func ClearProviders ¶
func ClearProviders()
ClearProviders clears all OAuth2 providers from the goth lib
func GetOAuth2ProvidersMap ¶ added in v1.21.6
GetOAuth2ProvidersMap returns the map of configured active OAuth2 providers key is used as technical name (like in the callbackURL) values to display
func InitSigningKey ¶
func InitSigningKey() error
InitSigningKey creates the default signing key from settings or creates a random key.
func IsErrOpenIDConnectInitialize ¶
IsErrOpenIDConnectInitialize checks if an error is a ExternalLoginUserAlreadyExist.
func RegisterGothProvider ¶
func RegisterGothProvider(provider GothProvider)
RegisterGothProvider registers a GothProvider
func RegisterProviderWithGothic ¶
RegisterProviderWithGothic register a OAuth2 provider in goth lib
func RemoveProviderFromGothic ¶
func RemoveProviderFromGothic(providerName string)
RemoveProviderFromGothic removes the given OAuth2 provider from the goth lib
func ResetOAuth2 ¶
func ResetOAuth2() error
ResetOAuth2 clears existing OAuth2 providers and loads them from DB
Types ¶
type Attribute ¶
Attribute describes the availability, and required status for a custom url configuration
type AuthSourceProvider ¶ added in v1.20.0
type AuthSourceProvider struct { GothProvider // contains filtered or unexported fields }
AuthSourceProvider provides a provider for an AuthSource. Multiple auth sources could use the same registered GothProvider So each auth source should have its own DisplayName and IconHTML for display. The Name is the GothProvider's name, to help to find the GothProvider to sign in. The DisplayName is the auth source config's name, site admin set it on the admin page, the IconURL can also be set there.
func (*AuthSourceProvider) DisplayName ¶ added in v1.20.0
func (p *AuthSourceProvider) DisplayName() string
func (*AuthSourceProvider) IconHTML ¶ added in v1.20.0
func (p *AuthSourceProvider) IconHTML(size int) template.HTML
func (*AuthSourceProvider) Name ¶ added in v1.20.0
func (p *AuthSourceProvider) Name() string
type BaseProvider ¶
type BaseProvider struct {
// contains filtered or unexported fields
}
BaseProvider represents a common base for Provider
func (*BaseProvider) CustomURLSettings ¶
func (b *BaseProvider) CustomURLSettings() *CustomURLSettings
CustomURLSettings returns the custom url settings for this provider
func (*BaseProvider) DisplayName ¶
func (b *BaseProvider) DisplayName() string
DisplayName returns the friendly name for this provider
func (*BaseProvider) IconHTML ¶ added in v1.20.0
func (b *BaseProvider) IconHTML(size int) template.HTML
IconHTML returns icon HTML for this provider
func (*BaseProvider) Name ¶
func (b *BaseProvider) Name() string
Name provides the technical name for this provider
type CustomProvider ¶
type CustomProvider struct { BaseProvider // contains filtered or unexported fields }
CustomProvider is a GothProvider that has CustomURL features
func NewCustomProvider ¶
func NewCustomProvider(name, displayName string, customURLSetting *CustomURLSettings, newFn CustomProviderNewFn) *CustomProvider
NewCustomProvider is a constructor function for custom providers
func (*CustomProvider) CreateGothProvider ¶
func (c *CustomProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
CreateGothProvider creates a GothProvider from this Provider
func (*CustomProvider) CustomURLSettings ¶
func (c *CustomProvider) CustomURLSettings() *CustomURLSettings
CustomURLSettings returns the CustomURLSettings for this provider
type CustomProviderNewFn ¶
type CustomProviderNewFn func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error)
CustomProviderNewFn creates a goth.Provider using a custom url mapping
type CustomURLMapping ¶
type CustomURLMapping struct { AuthURL string `json:",omitempty"` TokenURL string `json:",omitempty"` ProfileURL string `json:",omitempty"` EmailURL string `json:",omitempty"` Tenant string `json:",omitempty"` }
CustomURLMapping describes the urls values to use when customizing OAuth2 provider URLs
type CustomURLSettings ¶
type CustomURLSettings struct { AuthURL Attribute `json:",omitempty"` TokenURL Attribute `json:",omitempty"` ProfileURL Attribute `json:",omitempty"` EmailURL Attribute `json:",omitempty"` Tenant Attribute `json:",omitempty"` }
CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs
func (*CustomURLSettings) OverrideWith ¶
func (c *CustomURLSettings) OverrideWith(override *CustomURLMapping) *CustomURLMapping
OverrideWith copies the current customURLMapping and overrides it with values from the provided mapping
func (*CustomURLSettings) Required ¶
func (c *CustomURLSettings) Required() bool
Required is true if any attribute is required
type ErrInvalidAlgorithmType ¶
type ErrInvalidAlgorithmType struct {
Algorithm string
}
ErrInvalidAlgorithmType represents an invalid algorithm error.
func (ErrInvalidAlgorithmType) Error ¶
func (err ErrInvalidAlgorithmType) Error() string
type ErrOpenIDConnectInitialize ¶
type ErrOpenIDConnectInitialize struct { OpenIDConnectAutoDiscoveryURL string ProviderName string Cause error }
ErrOpenIDConnectInitialize represents a "OpenIDConnectInitialize" kind of error.
func (ErrOpenIDConnectInitialize) Error ¶
func (err ErrOpenIDConnectInitialize) Error() string
func (ErrOpenIDConnectInitialize) Unwrap ¶ added in v1.19.0
func (err ErrOpenIDConnectInitialize) Unwrap() error
type GothProvider ¶
type GothProvider interface { Provider GothProviderCreator }
GothProvider is an interface for describing a single OAuth2 provider
type GothProviderCreator ¶
type GothProviderCreator interface {
CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
}
GothProviderCreator provides a function to create a goth.Provider
type JWTSigningKey ¶
type JWTSigningKey interface { IsSymmetric() bool SigningMethod() jwt.SigningMethod SignKey() any VerifyKey() any ToJWK() (map[string]string, error) PreProcessToken(*jwt.Token) }
JWTSigningKey represents a algorithm/key pair to sign JWTs
var DefaultSigningKey JWTSigningKey
DefaultSigningKey is the default signing key for JWTs.
func CreateJWTSigningKey ¶
func CreateJWTSigningKey(algorithm string, key any) (JWTSigningKey, error)
CreateJWTSigningKey creates a signing key from an algorithm / key pair.
type OIDCToken ¶
type OIDCToken struct { jwt.RegisteredClaims Nonce string `json:"nonce,omitempty"` // Scope profile Name string `json:"name,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` Profile string `json:"profile,omitempty"` Picture string `json:"picture,omitempty"` Website string `json:"website,omitempty"` Locale string `json:"locale,omitempty"` UpdatedAt timeutil.TimeStamp `json:"updated_at,omitempty"` // Scope email Email string `json:"email,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` // Groups are generated by organization and team names Groups []string `json:"groups,omitempty"` }
OIDCToken represents an OpenID Connect id_token
type OpenIDProvider ¶
type OpenIDProvider struct{}
OpenIDProvider is a GothProvider for OpenID
func (*OpenIDProvider) CreateGothProvider ¶
func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
CreateGothProvider creates a GothProvider from this Provider
func (*OpenIDProvider) CustomURLSettings ¶
func (o *OpenIDProvider) CustomURLSettings() *CustomURLSettings
CustomURLSettings returns the custom url settings for this provider
func (*OpenIDProvider) DisplayName ¶
func (o *OpenIDProvider) DisplayName() string
DisplayName returns the friendly name for this provider
func (*OpenIDProvider) IconHTML ¶ added in v1.20.0
func (o *OpenIDProvider) IconHTML(size int) template.HTML
IconHTML returns icon HTML for this provider
func (*OpenIDProvider) Name ¶
func (o *OpenIDProvider) Name() string
Name provides the technical name for this provider
type Provider ¶
type Provider interface { Name() string DisplayName() string IconHTML(size int) template.HTML CustomURLSettings() *CustomURLSettings }
Provider is an interface for describing a single OAuth2 provider
func GetOAuth2Providers ¶
func GetOAuth2Providers() []Provider
GetOAuth2Providers returns the map of unconfigured OAuth2 providers key is used as technical name (like in the callbackURL) values to display
type SessionsStore ¶
type SessionsStore struct {
// contains filtered or unexported fields
}
SessionsStore creates a gothic store from our session
func (*SessionsStore) New ¶
New should create and return a new session.
Note that New should never return a nil session, even in the case of an error if using the Registry infrastructure to cache the session.
func (*SessionsStore) Save ¶
func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error
Save should persist session to the underlying store implementation.
type SimpleProvider ¶
type SimpleProvider struct { BaseProvider // contains filtered or unexported fields }
SimpleProvider is a GothProvider which does not have custom url features
func NewSimpleProvider ¶
func NewSimpleProvider(name, displayName string, scopes []string, newFn SimpleProviderNewFn) *SimpleProvider
NewSimpleProvider is a constructor function for simple providers
func (*SimpleProvider) CreateGothProvider ¶
func (c *SimpleProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
CreateGothProvider creates a GothProvider from this Provider
type SimpleProviderNewFn ¶
type SimpleProviderNewFn func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider
SimpleProviderNewFn create goth.Providers without custom url features
type Source ¶
type Source struct { Provider string ClientID string ClientSecret string OpenIDConnectAutoDiscoveryURL string CustomURLMapping *CustomURLMapping IconURL string Scopes []string RequiredClaimName string RequiredClaimValue string GroupClaimName string AdminGroup string GroupTeamMap string GroupTeamMapRemoval bool RestrictedGroup string SkipLocalTwoFA bool `json:",omitempty"` // contains filtered or unexported fields }
Source holds configuration for the OAuth2 login source.
func (*Source) Authenticate ¶
func (source *Source) Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error)
Authenticate falls back to the db authenticator
func (*Source) Callback ¶
func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error)
Callback handles OAuth callback, resolve to a goth user and send back to original url this will trigger a new authentication request, but because we save it in the session we can use that
func (*Source) Callout ¶
Callout redirects request/response pair to authenticate against the provider
func (*Source) DisplayName ¶
DisplayName returns the display name of this source
func (*Source) RegisterSource ¶
RegisterSource causes an OAuth2 configuration to be registered
func (*Source) SetAuthSource ¶
SetAuthSource sets the related AuthSource
func (*Source) UnregisterSource ¶
UnregisterSource causes an OAuth2 configuration to be unregistered
type Token ¶
type Token struct { GrantID int64 `json:"gnt"` Type TokenType `json:"tt"` Counter int64 `json:"cnt,omitempty"` jwt.RegisteredClaims }
Token represents a JWT token used to authenticate a client
func ParseToken ¶
func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error)
ParseToken parses a signed jwt string