providers

package
v3.2.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2019 License: MIT Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AzureProvider

type AzureProvider struct {
	*ProviderData
	Tenant string
}

AzureProvider represents an Azure based Identity Provider

func NewAzureProvider

func NewAzureProvider(p *ProviderData) *AzureProvider

NewAzureProvider initiates a new AzureProvider

func (*AzureProvider) Configure

func (p *AzureProvider) Configure(tenant string)

Configure defaults the AzureProvider configuration options

func (*AzureProvider) GetEmailAddress

func (p *AzureProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

type FacebookProvider

type FacebookProvider struct {
	*ProviderData
}

FacebookProvider represents an Facebook based Identity Provider

func NewFacebookProvider

func NewFacebookProvider(p *ProviderData) *FacebookProvider

NewFacebookProvider initiates a new FacebookProvider

func (*FacebookProvider) GetEmailAddress

func (p *FacebookProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*FacebookProvider) ValidateSessionState

func (p *FacebookProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type GitHubProvider

type GitHubProvider struct {
	*ProviderData
	Org  string
	Team string
}

GitHubProvider represents an GitHub based Identity Provider

func NewGitHubProvider

func NewGitHubProvider(p *ProviderData) *GitHubProvider

NewGitHubProvider initiates a new GitHubProvider

func (*GitHubProvider) GetEmailAddress

func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*GitHubProvider) GetUserName

func (p *GitHubProvider) GetUserName(s *SessionState) (string, error)

GetUserName returns the Account user name

func (*GitHubProvider) SetOrgTeam

func (p *GitHubProvider) SetOrgTeam(org, team string)

SetOrgTeam adds GitHub org reading parameters to the OAuth2 scope

type GitLabProvider

type GitLabProvider struct {
	*ProviderData
}

GitLabProvider represents an GitLab based Identity Provider

func NewGitLabProvider

func NewGitLabProvider(p *ProviderData) *GitLabProvider

NewGitLabProvider initiates a new GitLabProvider

func (*GitLabProvider) GetEmailAddress

func (p *GitLabProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

type GoogleProvider

type GoogleProvider struct {
	*ProviderData
	RedeemRefreshURL *url.URL
	// GroupValidator is a function that determines if the passed email is in
	// the configured Google group.
	GroupValidator func(string) bool
}

GoogleProvider represents an Google based Identity Provider

func NewGoogleProvider

func NewGoogleProvider(p *ProviderData) *GoogleProvider

NewGoogleProvider initiates a new GoogleProvider

func (*GoogleProvider) Redeem

func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

func (*GoogleProvider) RefreshSessionIfNeeded

func (p *GoogleProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required

func (*GoogleProvider) SetGroupRestriction

func (p *GoogleProvider) SetGroupRestriction(groups []string, adminEmail string, credentialsReader io.Reader)

SetGroupRestriction configures the GoogleProvider to restrict access to the specified group(s). AdminEmail has to be an administrative email on the domain that is checked. CredentialsFile is the path to a json file containing a Google service account credentials.

func (*GoogleProvider) ValidateGroup

func (p *GoogleProvider) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured Google group(s).

type LinkedInProvider

type LinkedInProvider struct {
	*ProviderData
}

LinkedInProvider represents an LinkedIn based Identity Provider

func NewLinkedInProvider

func NewLinkedInProvider(p *ProviderData) *LinkedInProvider

NewLinkedInProvider initiates a new LinkedInProvider

func (*LinkedInProvider) GetEmailAddress

func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*LinkedInProvider) ValidateSessionState

func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type LoginGovProvider

type LoginGovProvider struct {
	*ProviderData

	// TODO (@timothy-spencer): Ideally, the nonce would be in the session state, but the session state
	// is created only upon code redemption, not during the auth, when this must be supplied.
	Nonce     string
	AcrValues string
	JWTKey    *rsa.PrivateKey
	PubJWKURL *url.URL
}

LoginGovProvider represents an OIDC based Identity Provider

func NewLoginGovProvider

func NewLoginGovProvider(p *ProviderData) *LoginGovProvider

NewLoginGovProvider initiates a new LoginGovProvider

func (*LoginGovProvider) GetLoginURL

func (p *LoginGovProvider) GetLoginURL(redirectURI, state string) string

GetLoginURL overrides GetLoginURL to add login.gov parameters

func (*LoginGovProvider) Redeem

func (p *LoginGovProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

type OIDCProvider

type OIDCProvider struct {
	*ProviderData

	Verifier *oidc.IDTokenVerifier
}

OIDCProvider represents an OIDC based Identity Provider

func NewOIDCProvider

func NewOIDCProvider(p *ProviderData) *OIDCProvider

NewOIDCProvider initiates a new OIDCProvider

func (*OIDCProvider) Redeem

func (p *OIDCProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

func (*OIDCProvider) RefreshSessionIfNeeded

func (p *OIDCProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required

func (*OIDCProvider) ValidateSessionState

func (p *OIDCProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState checks that the session's IDToken is still valid

type Provider

type Provider interface {
	Data() *ProviderData
	GetEmailAddress(*SessionState) (string, error)
	GetUserName(*SessionState) (string, error)
	Redeem(string, string) (*SessionState, error)
	ValidateGroup(string) bool
	ValidateSessionState(*SessionState) bool
	GetLoginURL(redirectURI, finalRedirect string) string
	RefreshSessionIfNeeded(*SessionState) (bool, error)
	SessionFromCookie(string, *cookie.Cipher) (*SessionState, error)
	CookieForSession(*SessionState, *cookie.Cipher) (string, error)
}

Provider represents an upstream identity provider implementation

func New

func New(provider string, p *ProviderData) Provider

New provides a new Provider based on the configured provider string

type ProviderData

type ProviderData struct {
	ProviderName      string
	ClientID          string
	ClientSecret      string
	LoginURL          *url.URL
	RedeemURL         *url.URL
	ProfileURL        *url.URL
	ProtectedResource *url.URL
	ValidateURL       *url.URL
	Scope             string
	ApprovalPrompt    string
}

ProviderData contains information required to configure all implementations of OAuth2 providers

func (*ProviderData) CookieForSession

func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)

CookieForSession serializes a session state for storage in a cookie

func (*ProviderData) Data

func (p *ProviderData) Data() *ProviderData

Data returns the ProviderData

func (*ProviderData) GetEmailAddress

func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*ProviderData) GetLoginURL

func (p *ProviderData) GetLoginURL(redirectURI, state string) string

GetLoginURL with typical oauth parameters

func (*ProviderData) GetUserName

func (p *ProviderData) GetUserName(s *SessionState) (string, error)

GetUserName returns the Account username

func (*ProviderData) Redeem

func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem provides a default implementation of the OAuth2 token redemption process

func (*ProviderData) RefreshSessionIfNeeded

func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded should refresh the user's session if required and do nothing if a refresh is not required

func (*ProviderData) SessionFromCookie

func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)

SessionFromCookie deserializes a session from a cookie value

func (*ProviderData) ValidateGroup

func (p *ProviderData) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured provider email group(s).

func (*ProviderData) ValidateSessionState

func (p *ProviderData) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type SessionState

type SessionState struct {
	AccessToken  string    `json:",omitempty"`
	IDToken      string    `json:",omitempty"`
	ExpiresOn    time.Time `json:"-"`
	RefreshToken string    `json:",omitempty"`
	Email        string    `json:",omitempty"`
	User         string    `json:",omitempty"`
}

SessionState is used to store information about the currently authenticated user session

func DecodeSessionState

func DecodeSessionState(v string, c *cookie.Cipher) (*SessionState, error)

DecodeSessionState decodes the session cookie string into a SessionState

func (*SessionState) EncodeSessionState

func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)

EncodeSessionState returns string representation of the current session

func (*SessionState) IsExpired

func (s *SessionState) IsExpired() bool

IsExpired checks whether the session has expired

func (*SessionState) String

func (s *SessionState) String() string

String constructs a summary of the session state

type SessionStateJSON

type SessionStateJSON struct {
	*SessionState
	ExpiresOn *time.Time `json:",omitempty"`
}

SessionStateJSON is used to encode SessionState into JSON without exposing time.Time zero value

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL