Documentation ¶
Index ¶
- type AzureProvider
- type FacebookProvider
- type GitHubProvider
- type GitLabProvider
- type GoogleProvider
- func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error)
- func (p *GoogleProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)
- func (p *GoogleProvider) SetGroupRestriction(groups []string, adminEmail string, credentialsReader io.Reader)
- func (p *GoogleProvider) ValidateGroup(email string) bool
- type LinkedInProvider
- type LoginGovProvider
- type OIDCProvider
- type Provider
- type ProviderData
- func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)
- func (p *ProviderData) Data() *ProviderData
- func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)
- func (p *ProviderData) GetLoginURL(redirectURI, state string) string
- func (p *ProviderData) GetUserName(s *SessionState) (string, error)
- func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)
- func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)
- func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)
- func (p *ProviderData) ValidateGroup(email string) bool
- func (p *ProviderData) ValidateSessionState(s *SessionState) bool
- type SessionState
- type SessionStateJSON
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AzureProvider ¶
type AzureProvider struct { *ProviderData Tenant string }
AzureProvider represents an Azure based Identity Provider
func NewAzureProvider ¶
func NewAzureProvider(p *ProviderData) *AzureProvider
NewAzureProvider initiates a new AzureProvider
func (*AzureProvider) Configure ¶
func (p *AzureProvider) Configure(tenant string)
Configure defaults the AzureProvider configuration options
func (*AzureProvider) GetEmailAddress ¶
func (p *AzureProvider) GetEmailAddress(s *SessionState) (string, error)
GetEmailAddress returns the Account email address
type FacebookProvider ¶
type FacebookProvider struct {
*ProviderData
}
FacebookProvider represents an Facebook based Identity Provider
func NewFacebookProvider ¶
func NewFacebookProvider(p *ProviderData) *FacebookProvider
NewFacebookProvider initiates a new FacebookProvider
func (*FacebookProvider) GetEmailAddress ¶
func (p *FacebookProvider) GetEmailAddress(s *SessionState) (string, error)
GetEmailAddress returns the Account email address
func (*FacebookProvider) ValidateSessionState ¶
func (p *FacebookProvider) ValidateSessionState(s *SessionState) bool
ValidateSessionState validates the AccessToken
type GitHubProvider ¶
type GitHubProvider struct { *ProviderData Org string Team string }
GitHubProvider represents an GitHub based Identity Provider
func NewGitHubProvider ¶
func NewGitHubProvider(p *ProviderData) *GitHubProvider
NewGitHubProvider initiates a new GitHubProvider
func (*GitHubProvider) GetEmailAddress ¶
func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)
GetEmailAddress returns the Account email address
func (*GitHubProvider) GetUserName ¶
func (p *GitHubProvider) GetUserName(s *SessionState) (string, error)
GetUserName returns the Account user name
func (*GitHubProvider) SetOrgTeam ¶
func (p *GitHubProvider) SetOrgTeam(org, team string)
SetOrgTeam adds GitHub org reading parameters to the OAuth2 scope
type GitLabProvider ¶
type GitLabProvider struct {
*ProviderData
}
GitLabProvider represents an GitLab based Identity Provider
func NewGitLabProvider ¶
func NewGitLabProvider(p *ProviderData) *GitLabProvider
NewGitLabProvider initiates a new GitLabProvider
func (*GitLabProvider) GetEmailAddress ¶
func (p *GitLabProvider) GetEmailAddress(s *SessionState) (string, error)
GetEmailAddress returns the Account email address
type GoogleProvider ¶
type GoogleProvider struct { *ProviderData RedeemRefreshURL *url.URL // GroupValidator is a function that determines if the passed email is in // the configured Google group. GroupValidator func(string) bool }
GoogleProvider represents an Google based Identity Provider
func NewGoogleProvider ¶
func NewGoogleProvider(p *ProviderData) *GoogleProvider
NewGoogleProvider initiates a new GoogleProvider
func (*GoogleProvider) Redeem ¶
func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error)
Redeem exchanges the OAuth2 authentication token for an ID token
func (*GoogleProvider) RefreshSessionIfNeeded ¶
func (p *GoogleProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)
RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required
func (*GoogleProvider) SetGroupRestriction ¶
func (p *GoogleProvider) SetGroupRestriction(groups []string, adminEmail string, credentialsReader io.Reader)
SetGroupRestriction configures the GoogleProvider to restrict access to the specified group(s). AdminEmail has to be an administrative email on the domain that is checked. CredentialsFile is the path to a json file containing a Google service account credentials.
func (*GoogleProvider) ValidateGroup ¶
func (p *GoogleProvider) ValidateGroup(email string) bool
ValidateGroup validates that the provided email exists in the configured Google group(s).
type LinkedInProvider ¶
type LinkedInProvider struct {
*ProviderData
}
LinkedInProvider represents an LinkedIn based Identity Provider
func NewLinkedInProvider ¶
func NewLinkedInProvider(p *ProviderData) *LinkedInProvider
NewLinkedInProvider initiates a new LinkedInProvider
func (*LinkedInProvider) GetEmailAddress ¶
func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error)
GetEmailAddress returns the Account email address
func (*LinkedInProvider) ValidateSessionState ¶
func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool
ValidateSessionState validates the AccessToken
type LoginGovProvider ¶
type LoginGovProvider struct { *ProviderData // TODO (@timothy-spencer): Ideally, the nonce would be in the session state, but the session state // is created only upon code redemption, not during the auth, when this must be supplied. Nonce string AcrValues string JWTKey *rsa.PrivateKey PubJWKURL *url.URL }
LoginGovProvider represents an OIDC based Identity Provider
func NewLoginGovProvider ¶
func NewLoginGovProvider(p *ProviderData) *LoginGovProvider
NewLoginGovProvider initiates a new LoginGovProvider
func (*LoginGovProvider) GetLoginURL ¶
func (p *LoginGovProvider) GetLoginURL(redirectURI, state string) string
GetLoginURL overrides GetLoginURL to add login.gov parameters
func (*LoginGovProvider) Redeem ¶
func (p *LoginGovProvider) Redeem(redirectURL, code string) (s *SessionState, err error)
Redeem exchanges the OAuth2 authentication token for an ID token
type OIDCProvider ¶
type OIDCProvider struct { *ProviderData Verifier *oidc.IDTokenVerifier }
OIDCProvider represents an OIDC based Identity Provider
func NewOIDCProvider ¶
func NewOIDCProvider(p *ProviderData) *OIDCProvider
NewOIDCProvider initiates a new OIDCProvider
func (*OIDCProvider) Redeem ¶
func (p *OIDCProvider) Redeem(redirectURL, code string) (s *SessionState, err error)
Redeem exchanges the OAuth2 authentication token for an ID token
func (*OIDCProvider) RefreshSessionIfNeeded ¶
func (p *OIDCProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)
RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required
func (*OIDCProvider) ValidateSessionState ¶
func (p *OIDCProvider) ValidateSessionState(s *SessionState) bool
ValidateSessionState checks that the session's IDToken is still valid
type Provider ¶
type Provider interface { Data() *ProviderData GetEmailAddress(*SessionState) (string, error) GetUserName(*SessionState) (string, error) Redeem(string, string) (*SessionState, error) ValidateGroup(string) bool ValidateSessionState(*SessionState) bool GetLoginURL(redirectURI, finalRedirect string) string RefreshSessionIfNeeded(*SessionState) (bool, error) SessionFromCookie(string, *cookie.Cipher) (*SessionState, error) CookieForSession(*SessionState, *cookie.Cipher) (string, error) }
Provider represents an upstream identity provider implementation
func New ¶
func New(provider string, p *ProviderData) Provider
New provides a new Provider based on the configured provider string
type ProviderData ¶
type ProviderData struct { ProviderName string ClientID string ClientSecret string LoginURL *url.URL RedeemURL *url.URL ProfileURL *url.URL ProtectedResource *url.URL ValidateURL *url.URL Scope string ApprovalPrompt string }
ProviderData contains information required to configure all implementations of OAuth2 providers
func (*ProviderData) CookieForSession ¶
func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)
CookieForSession serializes a session state for storage in a cookie
func (*ProviderData) Data ¶
func (p *ProviderData) Data() *ProviderData
Data returns the ProviderData
func (*ProviderData) GetEmailAddress ¶
func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)
GetEmailAddress returns the Account email address
func (*ProviderData) GetLoginURL ¶
func (p *ProviderData) GetLoginURL(redirectURI, state string) string
GetLoginURL with typical oauth parameters
func (*ProviderData) GetUserName ¶
func (p *ProviderData) GetUserName(s *SessionState) (string, error)
GetUserName returns the Account username
func (*ProviderData) Redeem ¶
func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)
Redeem provides a default implementation of the OAuth2 token redemption process
func (*ProviderData) RefreshSessionIfNeeded ¶
func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)
RefreshSessionIfNeeded should refresh the user's session if required and do nothing if a refresh is not required
func (*ProviderData) SessionFromCookie ¶
func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)
SessionFromCookie deserializes a session from a cookie value
func (*ProviderData) ValidateGroup ¶
func (p *ProviderData) ValidateGroup(email string) bool
ValidateGroup validates that the provided email exists in the configured provider email group(s).
func (*ProviderData) ValidateSessionState ¶
func (p *ProviderData) ValidateSessionState(s *SessionState) bool
ValidateSessionState validates the AccessToken
type SessionState ¶
type SessionState struct { AccessToken string `json:",omitempty"` IDToken string `json:",omitempty"` ExpiresOn time.Time `json:"-"` RefreshToken string `json:",omitempty"` Email string `json:",omitempty"` User string `json:",omitempty"` }
SessionState is used to store information about the currently authenticated user session
func DecodeSessionState ¶
func DecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error)
DecodeSessionState decodes the session cookie string into a SessionState
func (*SessionState) EncodeSessionState ¶
func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)
EncodeSessionState returns string representation of the current session
func (*SessionState) IsExpired ¶
func (s *SessionState) IsExpired() bool
IsExpired checks whether the session has expired
func (*SessionState) String ¶
func (s *SessionState) String() string
String constructs a summary of the session state
type SessionStateJSON ¶
type SessionStateJSON struct { *SessionState ExpiresOn *time.Time `json:",omitempty"` }
SessionStateJSON is used to encode SessionState into JSON without exposing time.Time zero value