sso

package module

v0.0.0-...-0e26b5e Latest Latest Go to latest Published: Oct 17, 2024 License: GPL-3.0 Imports: 6 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

git.autistici.org/id/go-sso

Links

Open Source Insights

README ¶

sso

Native Golang implementation of the ai/sso single sign-on mechanism.

This repository also used to include the login service, which has now been split off into its own repository at id/sso-server.

Documentation ¶

Index ¶

Variables
func InspectTicket(encoded string) (string, string, error)
type Signer
- func NewSigner(privateKey []byte) (Signer, error)
type Ticket
- func NewTicket(user, service, domain, nonce string, groups []string, validity time.Duration) *Ticket
type Validator
- func NewValidator(publicKey []byte, domain string) (Validator, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrMissingRequiredField is returned when a ticket does not
	// contain a required field.
	ErrMissingRequiredField = errors.New("missing required field")

	// ErrDeserialization means that the input is not valid base64.
	ErrDeserialization = errors.New("deserialization error")

	// ErrUnsupportedTicketVersion is returned for unsupported
	// ticket versions (either too old or too recent).
	ErrUnsupportedTicketVersion = errors.New("unsupported ticket version")

	// ErrMessageTooShort means that the input is shorter than the
	// fixed signature length + minimum ticket size.
	ErrMessageTooShort = errors.New("encoded message too short")

	// ErrBadSignature is returned when the signature does not
	// match the given public key.
	ErrBadSignature = errors.New("bad signature")

	// ErrBadService is returned when validation fails due to a
	// SSO service mismatch.
	ErrBadService = errors.New("service mismatch")

	// ErrBadDomain is returned when validation fails due to a SSO
	// domain mismatch.
	ErrBadDomain = errors.New("auth domain mismatch")

	// ErrBadNonce is returned when validation fails due to a
	// nonce mismatch.
	ErrBadNonce = errors.New("nonce mismatch")

	// ErrExpired means the ticket has expired.
	ErrExpired = errors.New("ticket expired")

	// ErrUnauthorized is returned when the user lacks the
	// necessary group membership.
	ErrUnauthorized = errors.New("unauthorized")
)

Functions ¶

func InspectTicket ¶

func InspectTicket(encoded string) (string, string, error)

InspectTicket reads a ticket without validating it (beyond syntax), returning user and service. The results are untrusted.

Types ¶

type Signer ¶

type Signer interface {
	Sign(*Ticket) (string, error)
}

A Signer can sign tickets.

func NewSigner ¶

func NewSigner(privateKey []byte) (Signer, error)

NewSigner creates a new ED25519 signer with the given private key.

type Ticket ¶

type Ticket struct {
	User    string
	Service string
	Domain  string
	Nonce   string
	Groups  []string
	Expires time.Time
}

A Ticket attests a user's identity within the scope of a specific service, when properly signed.

func NewTicket ¶

func NewTicket(user, service, domain, nonce string, groups []string, validity time.Duration) *Ticket

NewTicket creates a new Ticket, filling in all required values.

type Validator ¶

type Validator interface {
	Validate(string, string, string, []string) (*Ticket, error)
}

A Validator can verify that a ticket is valid.

func NewValidator ¶

func NewValidator(publicKey []byte, domain string) (Validator, error)

NewValidator creates a new ED25519 validator for a specific domain, with the provided public key.

Source Files ¶

View all Source files

sso.go

Directories ¶

Path	Synopsis
httpsso

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL