Documentation ¶
Overview ¶
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
Index ¶
Constants ¶
const ProfilesCollectionName = "profilesCollection"
I know it is not correct convention for table naming but it needs to be backward compatible :(
Variables ¶
This section is empty.
Functions ¶
func GenerateSSOKey ¶
GenerateSSOKey is a utility function that creates a temporary ID to identity a user from a delegated provider
Types ¶
type Action ¶
type Action string
An Action is a value that defines what a particular authentication profile will do, for example, create and log in a user to the dashboard, or to the portal. Alternatively, create a token or OAuth session
const ( // Pass through / redirect user-based actions GenerateOrLoginDeveloperProfile Action = "GenerateOrLoginDeveloperProfile" // Portal GenerateOrLoginUserProfile Action = "GenerateOrLoginUserProfile" // Dashboard GenerateOAuthTokenForClient Action = "GenerateOAuthTokenForClient" // OAuth token flow // Direct or redirect GenerateTemporaryAuthToken Action = "GenerateTemporaryAuthToken" // Tyk Access Token GenerateOAuthTokenForPassword Action = "GenerateOAuthTokenForClient" // OAuth PW flow )
type AuthRegisterBackend ¶
type AuthRegisterBackend interface { Init(interface{}) error SetKey(key string, orgId string, val interface{}) error GetKey(key string, orgId string, val interface{}) error GetAll(orgId string) []interface{} DeleteKey(key string, orgId string) error }
AuthRegisterBackend is an interface to provide storage for profiles loaded into TAP
type HttpError ¶ added in v1.1.0
func AddProfile ¶ added in v1.1.0
func AddProfile(profile Profile, AuthConfigStore AuthRegisterBackend, flush func(backend AuthRegisterBackend) error) *HttpError
func DeleteProfile ¶ added in v1.1.0
func DeleteProfile(key, orgID string, AuthConfigStore AuthRegisterBackend, flush func(backend AuthRegisterBackend) error) *HttpError
func UpdateProfile ¶ added in v1.1.0
func UpdateProfile(key string, profile Profile, AuthConfigStore AuthRegisterBackend, flush func(backend AuthRegisterBackend) error) *HttpError
type IdentityHandler ¶
type IdentityHandler interface { Init(interface{}) error CompleteIdentityAction(http.ResponseWriter, *http.Request, interface{}, Profile) }
IdentityHandler provides an interface that provides a generic way to handle the creation / login of an SSO session for a specific provider, it should generate users, tokens and SSO sesisons for whatever target system is being used off the back of a delegated authentication provider such as GPlus.
type Profile ¶
type Profile struct { ID string `bson:"ID" json:"ID" gorm:"primaryKey;column:ID"` Name string `bson:"Name" json:"Name"` OrgID string `bson:"OrgID" json:"OrgID"` ActionType Action `bson:"ActionType" json:"ActionType"` MatchedPolicyID string `bson:"MatchedPolicyID" json:"MatchedPolicyID"` Type ProviderType `bson:"Type" json:"Type"` ProviderName string `bson:"ProviderName" json:"ProviderName"` CustomEmailField string `bson:"CustomEmailField" json:"CustomEmailField"` CustomUserIDField string `bson:"CustomUserIDField" json:"CustomUserIDField"` ProviderConfig interface{} `bson:"ProviderConfig" json:"ProviderConfig"` IdentityHandlerConfig map[string]interface{} `bson:"IdentityHandlerConfig" json:"IdentityHandlerConfig"` ProviderConstraints ProfileConstraint `bson:"ProviderConstraints" json:"ProviderConstraints"` ReturnURL string `bson:"ReturnURL" json:"ReturnURL"` DefaultUserGroupID string `bson:"DefaultUserGroupID" json:"DefaultUserGroupID"` CustomUserGroupField string `bson:"CustomUserGroupField" json:"CustomUserGroupField"` UserGroupMapping map[string]string `bson:"UserGroupMapping" json:"UserGroupMapping"` UserGroupSeparator string `bson:"UserGroupSeparator" json:"UserGroupSeparator"` SSOOnlyForRegisteredUsers bool `bson:"SSOOnlyForRegisteredUsers" json:"SSOOnlyForRegisteredUsers"` }
Profile is the configuration object for an authentication session, it combines an Action (what to do with the identity once confirmed, this is delegated to an IdentityHandler) with a Provider (such as Social / GPlus)
func (Profile) GetObjectID ¶ added in v1.4.0
func (Profile) MarshalBinary ¶ added in v1.1.0
func (Profile) SetObjectID ¶ added in v1.4.0
func (Profile) UnmarshalBinary ¶ added in v1.1.0
type ProfileConstraint ¶
ProfileConstraint Certain providers can have constraints, this object sets out those constraints. E.g. Domain: "tyk.io" will limit social logins to only those with a tyk.io domain name
type ProviderType ¶
type ProviderType string
ProviderType is a way of identitying whether a provider passes through or redirects
const ( PASSTHROUGH_PROVIDER ProviderType = "passthrough" REDIRECT_PROVIDER ProviderType = "redirect" )
type TAProvider ¶
type TAProvider interface { Init(IdentityHandler, Profile, []byte) error Name() string ProviderType() ProviderType UseCallback() bool Handle(http.ResponseWriter, *http.Request, map[string]string, Profile) HandleCallback(http.ResponseWriter, *http.Request, func(tag string, errorMsg string, rawErr error, code int, w http.ResponseWriter, r *http.Request), Profile) HandleMetadata(http.ResponseWriter, *http.Request) }
TAProvider is an interface that defines an actual handler for a specific authentication provider. It can wrap largert libraries (such as Goth for social), or individual pass-throughs such as LDAP.