konnect

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2017 License: AGPL-3.0-only Imports: 4 Imported by: 0

README

Konnect

TL;DW

Make sure you have Go 1.8 installed. This assumes your GOPATH is ~/go and you have ~/go/bin in your $PATH and you have Glide installed as well.

Building from source

mkdir -p ~/go/src/stash.kopano.io/kc
cd ~/go/src/stash.kopano.io/kc
git clone <THIS-PROJECT> konnect
cd konnect
make

Running Konnect

Konnect can provide a full user login with Kopano Groupware Core as backend or use any cookie aware login area which supports the ?continue parameter and is based on cookies.

All backends require certain general parameters to be present. Create a RSA key-pair and provide the provide key file with the --key parameter. If you skip this, Konnect will create a key pair on startup.

To encrypt certain values, Konnect needs a secure key. Create a hex-key with openssl rand -hex 32 and provide it with via the --secret parameter.

This assumes that you have a set-up Konano with a reverse proxy on https://mykopano.local together with the proper proxy configuration to pass through all requests to the /konnect/v1/ prefix to 127.0.0.1:8777. also do not forget to reverse proxy /.well-known/openid-configuration as well.

Kopano Webapp needs to support the ?continue= request parameter and the domains of possible OIDC clients need to be added into webapp/config.php with the REDIRECT_ALLOWED_DOMAINS setting.

bin/konnectd serve --listen 127.0.0.1:8777 \
  --iss=https://mykopano.local \
  --insecure \
  --secret=$(openssl rand -hex 32) \
  --sign-in-uri=https://mykopano.local/webapp/ \
  cookie https://mykopano.local/webapp/?load=custom&name=oidcuser "KOPANO_WEBAPP encryption-store-key"
Kopano Groupware Core backend

This assumes that Konnect can connect directly to a Kopano server via SOAP either using a unix socket or a TCP connection.

export KOPANO_SERVER_DEFAULT_URI=http://mykopano.local:236
export KOPANO_SERVER_USERNAME=my-kopano-user
export KOPANO_SERVER_PASSWORD=my-kopano-password

bin/konnectd serve --listen 127.0.0.1:8777 \
  --iss=https://mykonnect.local \
  --insecure \
  --secret=$(openssl rand -hex 32) \
  kc

Run unit tests

cd ~/go/src/stash.kopano.io/kc/konnect
make test

Documentation

Index

Constants

View Source 
const (
	IsAccessTokenClaim    = "kc.isAccessToken"
	AuthorizedScopesClaim = "kc.authorizedScopes"
	IsRefreshTokenClaim   = "kc.isRefreshToken"
	RefClaim              = "kc.ref"
	IdentityClaim         = "kc.identity"
)

Access token claims used by Konnect.

View Source 
const (
	IdentifiedUsernameClaim    = "kc.i.un"
	IdentifiedDisplayNameClaim = "kc.i.dn"
)

Identifier claims used by Konnect.

View Source 
const (
	// ScopeID is the string value for the Konnect ID scope.
	ScopeID = "konnect/id"
)

Variables

This section is empty.

Functions

func FromClaimsContext 

func FromClaimsContext(ctx context.Context) (jwt.Claims, bool)

FromClaimsContext returns the AuthRecord value stored in ctx, if any.

func NewClaimsContext 

func NewClaimsContext(ctx context.Context, claims jwt.Claims) context.Context

NewClaimsContext returns a new Context that carries value auth.

Types

type AccessTokenClaims 

type AccessTokenClaims struct {
	IsAccessToken        bool     `json:"kc.isAccessToken"`
	AuthorizedScopesList []string `json:"kc.authorizedScopes"`
	jwt.StandardClaims
	IdentityClaims jwt.MapClaims `json:"kc.identity"`
}

AccessTokenClaims define the claims found in access tokens issued by Konnect.

func (AccessTokenClaims) AuthorizedScopes 

func (c AccessTokenClaims) AuthorizedScopes() map[string]bool

AuthorizedScopes returns a map with scope keys and true value of all scopes set in the accociated access token.

func (AccessTokenClaims) Valid 

func (c AccessTokenClaims) Valid() error

Valid implements the jwt.Claims interface.

type RefreshTokenClaims 

type RefreshTokenClaims struct {
	IsRefreshToken     bool     `json:"kc.isRefreshToken"`
	ApprovedScopesList []string `json:"kc.approvedScopes"`
	Ref                string   `json:"kc.ref"`
	jwt.StandardClaims
	IdentityClaims jwt.MapClaims `json:"kc.identity"`
}

RefreshTokenClaims define the claims used by refresh tokens.

func (RefreshTokenClaims) Valid 

func (c RefreshTokenClaims) Valid() error

Valid implements the jwt.Claims interface.

type UserInfoResponse 

type UserInfoResponse struct {
	*payload.UserInfoResponse

	// Note(longsleep): Additional response data for compatibility.
	ID       int64  `json:"id,omitempty"`
	Username string `json:"username,omitempty"`
}

UserInfoResponse defines the data returned from the Konnect UserInfo endpoint. It is the standard ODIC response, extended with additional fields.

Source Files

View all Source files

Directories

Path Synopsis
cmd
konnectd
backends
clients
managers
code
code/managers
payload
provider

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.