Documentation
¶
Index ¶
- type AccessTokens
- type Client
- func (t *Client) AADInstanceDiscovery(ctx context.Context, authorityInfo authority.Info) (authority.InstanceDiscoveryResponse, error)
- func (t *Client) AuthCode(ctx context.Context, req accesstokens.AuthCodeRequest) (accesstokens.TokenResponse, error)
- func (t *Client) Credential(ctx context.Context, authParams authority.AuthParams, ...) (accesstokens.TokenResponse, error)
- func (t *Client) DeviceCode(ctx context.Context, authParams authority.AuthParams) (DeviceCode, error)
- func (t *Client) OnBehalfOf(ctx context.Context, authParams authority.AuthParams, ...) (accesstokens.TokenResponse, error)
- func (t *Client) Refresh(ctx context.Context, reqType accesstokens.AppType, ...) (accesstokens.TokenResponse, error)
- func (t *Client) ResolveEndpoints(ctx context.Context, authorityInfo authority.Info, userPrincipalName string) (authority.Endpoints, error)
- func (t *Client) UsernamePassword(ctx context.Context, authParams authority.AuthParams) (accesstokens.TokenResponse, error)
- type DeviceCode
- type FetchAuthority
- type FetchWSTrust
- type ResolveEndpointer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessTokens ¶
type AccessTokens interface {
DeviceCodeResult(ctx context.Context, authParameters authority.AuthParams) (accesstokens.DeviceCodeResult, error)
FromUsernamePassword(ctx context.Context, authParameters authority.AuthParams) (accesstokens.TokenResponse, error)
FromAuthCode(ctx context.Context, req accesstokens.AuthCodeRequest) (accesstokens.TokenResponse, error)
FromRefreshToken(ctx context.Context, appType accesstokens.AppType, authParams authority.AuthParams, cc *accesstokens.Credential, refreshToken string) (accesstokens.TokenResponse, error)
FromClientSecret(ctx context.Context, authParameters authority.AuthParams, clientSecret string) (accesstokens.TokenResponse, error)
FromAssertion(ctx context.Context, authParameters authority.AuthParams, assertion string) (accesstokens.TokenResponse, error)
FromUserAssertionClientSecret(ctx context.Context, authParameters authority.AuthParams, userAssertion string, clientSecret string) (accesstokens.TokenResponse, error)
FromUserAssertionClientCertificate(ctx context.Context, authParameters authority.AuthParams, userAssertion string, assertion string) (accesstokens.TokenResponse, error)
FromDeviceCodeResult(ctx context.Context, authParameters authority.AuthParams, deviceCodeResult accesstokens.DeviceCodeResult) (accesstokens.TokenResponse, error)
FromSamlGrant(ctx context.Context, authParameters authority.AuthParams, samlGrant wstrust.SamlTokenInfo) (accesstokens.TokenResponse, error)
}
AccessTokens contains the methods for fetching tokens from different sources.
type Client ¶
type Client struct {
Resolver ResolveEndpointer
AccessTokens AccessTokens
Authority FetchAuthority
WSTrust FetchWSTrust
}
Client provides tokens for various types of token requests.
func (*Client) AADInstanceDiscovery ¶
func (t *Client) AADInstanceDiscovery(ctx context.Context, authorityInfo authority.Info) (authority.InstanceDiscoveryResponse, error)
AADInstanceDiscovery attempts to discover a tenant endpoint (used in OIDC auth with an authorization endpoint). This is done by AAD which allows for aliasing of tenants (windows.sts.net is the same as login.windows.com).
func (*Client) AuthCode ¶
func (t *Client) AuthCode(ctx context.Context, req accesstokens.AuthCodeRequest) (accesstokens.TokenResponse, error)
AuthCode returns a token based on an authorization code.
func (*Client) Credential ¶
func (t *Client) Credential(ctx context.Context, authParams authority.AuthParams, cred *accesstokens.Credential) (accesstokens.TokenResponse, error)
Credential acquires a token from the authority using a client credentials grant.
func (*Client) DeviceCode ¶
func (t *Client) DeviceCode(ctx context.Context, authParams authority.AuthParams) (DeviceCode, error)
DeviceCode returns a DeviceCode object that can be used to get the code that must be entered on the second device and optionally the token once the code has been entered on the second device.
func (*Client) OnBehalfOf ¶ added in v0.4.0
func (t *Client) OnBehalfOf(ctx context.Context, authParams authority.AuthParams, cred *accesstokens.Credential) (accesstokens.TokenResponse, error)
Credential acquires a token from the authority using a client credentials grant.
func (*Client) Refresh ¶
func (t *Client) Refresh(ctx context.Context, reqType accesstokens.AppType, authParams authority.AuthParams, cc *accesstokens.Credential, refreshToken accesstokens.RefreshToken) (accesstokens.TokenResponse, error)
func (*Client) ResolveEndpoints ¶
func (t *Client) ResolveEndpoints(ctx context.Context, authorityInfo authority.Info, userPrincipalName string) (authority.Endpoints, error)
ResolveEndpoints gets the authorization and token endpoints and creates an AuthorityEndpoints instance.
func (*Client) UsernamePassword ¶
func (t *Client) UsernamePassword(ctx context.Context, authParams authority.AuthParams) (accesstokens.TokenResponse, error)
UsernamePassword retrieves a token where a username and password is used. However, if this is a user realm of "Federated", this uses SAML tokens. If "Managed", uses normal username/password.
type DeviceCode ¶
type DeviceCode struct {
// Result is the device code result from the first call in the device code flow. This allows
// the caller to retrieve the displayed code that is used to authorize on the second device.
Result accesstokens.DeviceCodeResult
// contains filtered or unexported fields
}
DeviceCode is the result of a call to Token.DeviceCode().
func (DeviceCode) Token ¶
func (d DeviceCode) Token(ctx context.Context) (accesstokens.TokenResponse, error)
Token returns a token AFTER the user uses the user code on the second device. This will block until either: (1) the code is input by the user and the service releases a token, (2) the token expires, (3) the Context passed to .DeviceCode() is cancelled or expires, (4) some other service error occurs.
type FetchAuthority ¶
type FetchAuthority interface {
UserRealm(context.Context, authority.AuthParams) (authority.UserRealm, error)
AADInstanceDiscovery(context.Context, authority.Info) (authority.InstanceDiscoveryResponse, error)
}
FetchAuthority will be implemented by authority.Authority.
type FetchWSTrust ¶
type FetchWSTrust interface {
Mex(ctx context.Context, federationMetadataURL string) (defs.MexDocument, error)
SAMLTokenInfo(ctx context.Context, authParameters authority.AuthParams, cloudAudienceURN string, endpoint defs.Endpoint) (wstrust.SamlTokenInfo, error)
}
FetchWSTrust contains the methods for interacting with WSTrust endpoints.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package ops provides operations to various backend services using REST clients.
|
Package ops provides operations to various backend services using REST clients. |
|
accesstokens
Package accesstokens exposes a REST client for querying backend systems to get various types of access tokens (oauth) for use in authentication.
|
Package accesstokens exposes a REST client for querying backend systems to get various types of access tokens (oauth) for use in authentication. |
|
internal/comm
Package comm provides helpers for communicating with HTTP backends.
|
Package comm provides helpers for communicating with HTTP backends. |
|
internal/grant
Package grant holds types of grants issued by authorization services.
|
Package grant holds types of grants issued by authorization services. |
|
wstrust
Package wstrust provides a client for communicating with a WSTrust (https://en.wikipedia.org/wiki/WS-Trust#:~:text=WS%2DTrust%20is%20a%20WS,in%20a%20secure%20message%20exchange.) for the purposes of extracting metadata from the service.
|
Package wstrust provides a client for communicating with a WSTrust (https://en.wikipedia.org/wiki/WS-Trust#:~:text=WS%2DTrust%20is%20a%20WS,in%20a%20secure%20message%20exchange.) for the purposes of extracting metadata from the service. |