Documentation ¶
Overview ¶
Package basicauthpassword implements authenticator.Password by making a BasicAuth call to a remote endpoint and extracting user information from a JSON response.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var RedirectAttemptedError = errors.New("Redirect attempted")
Functions ¶
func New ¶
func New(providerName string, url string, transport http.RoundTripper, mapper authapi.UserIdentityMapper) authenticator.Password
New returns an authenticator which will make a basic auth call to the given url. A custom transport can be provided (typically to customize TLS options like trusted roots or present a client certificate). If no transport is provided, http.DefaultTransport is used
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator uses basic auth to make a request to a JSON-returning URL. A 401 status indicate failed auth. A non-200 status or the presence of an "error" key with a non-empty
value indicates an error: {"error":"Error message"}
A 200 status with an "id" key indicates success:
{"id":"userid"}
A successful response may also include name and/or email:
{"id":"userid", "name": "User Name", "email":"user@example.com"}
func (*Authenticator) AuthenticatePassword ¶
func (a *Authenticator) AuthenticatePassword(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
type RemoteError ¶
type RemoteError struct {
Error string
}
RemoteError holds error data returned from a remote authentication request
type RemoteUserData ¶
type RemoteUserData struct { // Subject - Identifier for the End-User at the Issuer. Required. Subject string `json:"sub"` // Name is the end-User's full name in displayable form including all name parts, possibly including titles and suffixes, // ordered according to the End-User's locale and preferences. Optional. Name string `json:"name"` // PreferredUsername is a shorthand name by which the End-User wishes to be referred. Optional. // Useful when the immutable subject is different than the login used by the user to authenticate PreferredUsername string `json:"preferred_username"` // Email is the end-User's preferred e-mail address. Optional. Email string `json:"email"` }
RemoteUserData holds user data returned from a remote basic-auth protected endpoint. These field names can not be changed unless external integrators are also updated. Names are based on standard OpenID Connect claims: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims