identity

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 22, 2019 License: AGPL-3.0-only Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthorizeScopes added in v0.13.0

func AuthorizeScopes(manager Manager, user User, scopes map[string]bool) (map[string]bool, map[string]bool)

AuthorizeScopes uses the provided manager and user to filter the provided scopes and returns a mapping of only the authorized scopes.

func GetSessionRef added in v0.13.0

func GetSessionRef(label string, audience string, userID string) *string

GetSessionRef builds a per user and audience unique identifier.

func GetUserClaimsForScopes added in v0.13.0

func GetUserClaimsForScopes(user User, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap) map[string]jwt.Claims

GetUserClaimsForScopes returns a mapping of user claims of the provided user filtered by the provided scopes.

func NewContext

func NewContext(ctx context.Context, auth AuthRecord) context.Context

NewContext returns a new Context that carries value auth.

Types

type AuthRecord

type AuthRecord interface {
	Manager() Manager
	Subject() string
	AuthorizedScopes() map[string]bool
	AuthorizeScopes(map[string]bool)
	AuthorizedClaims() *payload.ClaimsRequest
	AuthorizeClaims(*payload.ClaimsRequest)
	Claims(...string) []jwt.Claims

	User() PublicUser
	SetUser(PublicUser)

	LoggedOn() (bool, time.Time)
	SetAuthTime(time.Time)
}

AuthRecord is an interface which provides identity auth information with scopes and claims..

func FromContext

func FromContext(ctx context.Context) (AuthRecord, bool)

FromContext returns the AuthRecord value stored in ctx, if any.

func NewAuthRecord added in v0.13.0

func NewAuthRecord(manager Manager, sub string, authorizedScopes map[string]bool, authorizedClaims *payload.ClaimsRequest, claimsByScope map[string]jwt.Claims) AuthRecord

NewAuthRecord returns a implementation of identity.AuthRecord holding the provided data in memory.

type Config

type Config struct {
	SignInFormURI *url.URL
	SignedOutURI  *url.URL

	ScopesSupported []string

	Logger logrus.FieldLogger
}

Config defines a IdentityManager's configuration settings.

type IsHandledError

type IsHandledError struct {
}

IsHandledError is an error which tells that the backend has handled the request and all further handling should stop

func (*IsHandledError) Error

func (err *IsHandledError) Error() string

Error implements the error interface.

type LoginRequiredError

type LoginRequiredError struct {
	// contains filtered or unexported fields
}

LoginRequiredError which backends can return to indicate that sign-in is required.

func NewLoginRequiredError

func NewLoginRequiredError(id string, signInURI *url.URL) *LoginRequiredError

NewLoginRequiredError creates a new corresponding error with the provided id.

func (*LoginRequiredError) Error

func (err *LoginRequiredError) Error() string

Error implements the error interface.

func (*LoginRequiredError) SignInURI

func (err *LoginRequiredError) SignInURI() *url.URL

SignInURI returns the sign-in URL of the accociated error.

type Manager

type Manager interface {
	Authenticate(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, next Manager) (AuthRecord, error)
	Authorize(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, auth AuthRecord) (AuthRecord, error)
	EndSession(ctx context.Context, rw http.ResponseWriter, req *http.Request, esr *payload.EndSessionRequest) error

	ApproveScopes(ctx context.Context, sub string, audience string, approvedScopesList map[string]bool) (string, error)
	ApprovedScopes(ctx context.Context, sub string, audience string, ref string) (map[string]bool, error)

	Fetch(ctx context.Context, userID string, sessionRef *string, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap) (AuthRecord, bool, error)

	Name() string
	ScopesSupported() []string
	ClaimsSupported() []string

	AddRoutes(ctx context.Context, router *mux.Router)

	OnSetLogon(func(ctx context.Context, rw http.ResponseWriter, user User) error) error
	OnUnsetLogon(func(ctx context.Context, rw http.ResponseWriter) error) error

	GetClientRegistration(ctx context.Context, clientID string) (*clients.ClientRegistration, bool)
}

Manager is a interface to define a identity manager.

type PublicUser added in v0.11.0

type PublicUser interface {
	Subject() string
	Raw() string
}

PublicUser is a user with a public Subject and a raw id.

type RedirectError

type RedirectError struct {
	// contains filtered or unexported fields
}

RedirectError is an error which backends can return if a redirection is required.

func NewRedirectError

func NewRedirectError(id string, redirectURI *url.URL) *RedirectError

NewRedirectError creates a new corresponding error with the provided id and redirect URL.

func (*RedirectError) Error

func (err *RedirectError) Error() string

Error implements the error interface.

func (*RedirectError) RedirectURI

func (err *RedirectError) RedirectURI() *url.URL

RedirectURI returns the redirection URL of the accociated error.

type User

type User interface {
	Subject() string
}

User defines a most simple user with an id defined as subject.

type UserWithClaims

type UserWithClaims interface {
	User
	Claims() jwt.MapClaims
}

UserWithClaims is a User with jwt claims.

type UserWithEmail

type UserWithEmail interface {
	User
	Email() string
	EmailVerified() bool
}

UserWithEmail is a User with Email.

type UserWithID

type UserWithID interface {
	User
	ID() int64
}

UserWithID is a User with a locally unique numeric id.

type UserWithProfile

type UserWithProfile interface {
	User
	Name() string
	FamilyName() string
	GivenName() string
}

UserWithProfile is a User with Name.

type UserWithScopedClaims added in v0.9.0

type UserWithScopedClaims interface {
	User
	ScopedClaims(authorizedScopes map[string]bool) jwt.MapClaims
}

UserWithScopedClaims is a user with jwt claims bound to provided scopes.

type UserWithSessionRef added in v0.12.0

type UserWithSessionRef interface {
	User
	SessionRef() *string
}

UserWithSessionRef is a user which supports an underlaying session reference.

type UserWithUniqueID added in v0.4.0

type UserWithUniqueID interface {
	User
	UniqueID() string
}

UserWithUniqueID is a User with a unique string id.

type UserWithUsername added in v0.1.0

type UserWithUsername interface {
	User
	Username() string
}

UserWithUsername is a User with an username different from subject.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL