auth

package
v3.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 2, 2024 License: MIT Imports: 14 Imported by: 60

README

Auth

Design

In general, all identifying brokers are able to be specified more than once, and at any point, there can be zero to many identities available.

Identity

The auth.Identity is the minimum available information about an identified request/context situation. It consists of Broker and Subject, where the broker identifies the authenticating party and the subject identifies the primary subject the identity identifies.

WebIdentifier

The WebIdentifier primarily identifies incoming web.Requests. This could be done by means of inspecting the session, request data (auth header), etc.

WebAuthenticator

WebIdentifier who implements the authenticator interface is able to trigger authentication. This can be a redirect to an external page, setting HTTP headers, or presenting a login form.

WebLogouter

Once a logout has triggered all identifiers who implement either one of the logout methods are called. The WebLogouter will destroy session data etc., while the WebLogouterWithRedirect can return a redirect (e.g. to an OpenID Connect server).

Multiple redirects are handled automagically.

Debug

In debug mode (core.auth.web.debugController, default to flamingo.debug.mode) there is http://localhost:3322/core/auth/debug for debugging.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Identity

type Identity interface {
	Subject() string
	Broker() string
}

Identity donates an authentication object which at least identifies the authenticated subject

type IdentityTypeChecker added in v3.2.1

type IdentityTypeChecker func(identity Identity) bool

IdentityTypeChecker for type asserting an Identity

type RequestIdentifier

type RequestIdentifier interface {
	Broker() string
	Identify(ctx context.Context, request *web.Request) (Identity, error)
}

RequestIdentifier identifies an request and returns a matching identity

type RequestIdentifierFactory

type RequestIdentifierFactory func(config config.Map) (RequestIdentifier, error)

RequestIdentifierFactory creates RequestIdentifier

type WebAuthenticater

type WebAuthenticater interface {
	Authenticate(ctx context.Context, request *web.Request) web.Result
}

WebAuthenticater allows to request an authentication

type WebCallbacker

type WebCallbacker interface {
	Callback(ctx context.Context, request *web.Request, returnTo func(*web.Request) *url.URL) web.Result
}

WebCallbacker is called for callbacks to that identity broker

type WebIdentityRefresher added in v3.4.0

type WebIdentityRefresher interface {
	RefreshIdentity(ctx context.Context, request *web.Request) error
}

WebIdentityRefresher refreshs an existing identity, e.g. by invalidating cached session data

type WebIdentityService

type WebIdentityService struct {
	// contains filtered or unexported fields
}

WebIdentityService calls one or more identifier to get all possible identities of a user

func (*WebIdentityService) Authenticate

func (s *WebIdentityService) Authenticate(ctx context.Context, request *web.Request) (string, web.Result)

Authenticate finds the first available (enforced) authentication result

func (*WebIdentityService) AuthenticateFor

func (s *WebIdentityService) AuthenticateFor(ctx context.Context, broker string, request *web.Request) web.Result

AuthenticateFor starts the authentication for a given broker

func (*WebIdentityService) Identify

func (s *WebIdentityService) Identify(ctx context.Context, request *web.Request) Identity

Identify the user, if any identity is found

func (*WebIdentityService) IdentifyAll

func (s *WebIdentityService) IdentifyAll(ctx context.Context, request *web.Request) []Identity

IdentifyAll collects all possible user identites, in case multiple are available

func (*WebIdentityService) IdentifyAs added in v3.2.1

func (s *WebIdentityService) IdentifyAs(ctx context.Context, request *web.Request, checkType IdentityTypeChecker) (Identity, error)

IdentifyAs returns an identity for a given interface identity, err := s.IdentifyAs(ctx, request, OpenIDTypeChecker) identity.(oauth.OpenIDIdentity)

func (*WebIdentityService) IdentifyFor

func (s *WebIdentityService) IdentifyFor(ctx context.Context, broker string, request *web.Request) (Identity, error)

IdentifyFor the user with a given broker

func (*WebIdentityService) Inject

func (s *WebIdentityService) Inject(
	identityProviders []RequestIdentifier,
	reverseRouter web.ReverseRouter,
	eventRouter flamingo.EventRouter,
	responder *web.Responder,
) *WebIdentityService

Inject dependencies

func (*WebIdentityService) Logout

func (s *WebIdentityService) Logout(ctx context.Context, request *web.Request, postLogoutRedirect *url.URL) web.Result

Logout logs all user out

func (*WebIdentityService) LogoutFor

func (s *WebIdentityService) LogoutFor(ctx context.Context, broker string, request *web.Request, postLogoutRedirect *url.URL) web.Result

LogoutFor logs a specific broker out

func (*WebIdentityService) RequestIdentifier

func (s *WebIdentityService) RequestIdentifier(broker string) RequestIdentifier

RequestIdentifier returns the given request identifier

type WebLoginEvent

type WebLoginEvent struct {
	Request  *web.Request
	Broker   string
	Identity Identity
}

WebLoginEvent for the current request

type WebLogoutEvent

type WebLogoutEvent struct {
	Request *web.Request
	Broker  string
}

WebLogoutEvent for the current request

type WebLogoutWithRedirect

type WebLogoutWithRedirect interface {
	Logout(ctx context.Context, request *web.Request) *url.URL
}

WebLogoutWithRedirect logs user out and redirects to an sso logout endpoint

type WebLogouter

type WebLogouter interface {
	Logout(ctx context.Context, request *web.Request)
}

WebLogouter logs user out

type WebModule

type WebModule struct{}

WebModule registers identification for web requests

func (*WebModule) Configure

func (m *WebModule) Configure(injector *dingo.Injector)

Configure dependency injection

func (*WebModule) CueConfig

func (*WebModule) CueConfig() string

CueConfig schema

func (*WebModule) Depends

func (*WebModule) Depends() []dingo.Module

Depends marks the WebModule to depend on the flamingo session module

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL