Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticatorRequest ¶
type AuthenticatorRequest authenticator.Request
func NewKubernetesAuthenticator ¶
func NewKubernetesAuthenticator(c *rest.Config, aud []string) (AuthenticatorRequest, error)
type IDTokenAuthenticator ¶
type IDTokenAuthenticator struct {
Header string // header name where id token is stored
CaBundle []byte
Provider oidc.Provider
ClientID string // need client id to verify the id token
UserIDClaim string // retrieve the userid if the claim exists
GroupsClaim string
}
func (*IDTokenAuthenticator) AuthenticateRequest ¶
func (s *IDTokenAuthenticator) AuthenticateRequest(r *http.Request) (*authenticator.Response, bool, error)
type JWTTokenAuthenticator ¶
type JWTTokenAuthenticator struct {
Header string // header name where JWT access token is stored
CaBundle []byte
Provider oidc.Provider
Audiences []string // need client id to verify the id token
Issuer string // need this for the local check
UserIDClaim string // retrieve the userid if the claim exists
GroupsClaim string
}
func (*JWTTokenAuthenticator) AuthenticateRequest ¶
func (s *JWTTokenAuthenticator) AuthenticateRequest(r *http.Request) (*authenticator.Response, bool, error)
type KubernetesAuthenticator ¶
type KubernetesAuthenticator struct {
Audiences []string
Authenticator AuthenticatorRequest
}
func (*KubernetesAuthenticator) AuthenticateRequest ¶
func (k8sauth *KubernetesAuthenticator) AuthenticateRequest(r *http.Request) (*authenticator.Response, bool, error)
func (*KubernetesAuthenticator) GetCacheKey ¶
func (k8sauth *KubernetesAuthenticator) GetCacheKey(r *http.Request) string
The Kubernetes Authenticator implements the Cacheable interface with the getCacheKey().
type OpaqueTokenAuthenticator ¶
type OpaqueTokenAuthenticator struct {
Header string // header name where opaque access token is stored
CaBundle []byte
Provider oidc.Provider
Oauth2Config *oauth2.Config
UserIDClaim string // retrieve the userid claim
GroupsClaim string // retrieve the groups claim
}
func (*OpaqueTokenAuthenticator) AuthenticateRequest ¶
func (s *OpaqueTokenAuthenticator) AuthenticateRequest(r *http.Request) (*authenticator.Response, bool, error)
func (*OpaqueTokenAuthenticator) GetCacheKey ¶
func (s *OpaqueTokenAuthenticator) GetCacheKey(r *http.Request) string
The Opaque Access Token Authenticator implements the Cacheable interface with the getCacheKey().
type SessionAuthenticator ¶
type SessionAuthenticator struct {
// store is the session store.
Store sessions.Store
// cookie is the name of the cookie that holds the session value.
Cookie string
// header is the header to check as an alternative to finding the session
// value.
Header string
// strictSessionValidation mode checks the validity of the access token
// connected with the session on every request.
StrictSessionValidation bool
// caBundle specifies CAs to trust when talking with the OIDC Provider.
// Relevant only when strictSessionValidation is enabled.
CaBundle []byte
// oauth2Config is the config to use when talking with the OIDC Provider.
// Relevant only when strictSessionValidation is enabled.
Oauth2Config *oauth2.Config
// provider is the OIDC Provider.
// Relevant only when strictSessionValidation is enabled.
Provider oidc.Provider
}
func (*SessionAuthenticator) AuthenticateRequest ¶
func (sa *SessionAuthenticator) AuthenticateRequest(r *http.Request) (*authenticator.Response, bool, error)
Source Files
Click to show internal directories.
Click to hide internal directories.