authenticationflow

package
v0.0.0-...-09efcc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2024 License: Apache-2.0 Imports: 55 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	JsonPointerTokenOneOf string = "one_of"
	JsonPointerTokenSteps string = "steps"
)
View Source 
const (
	BotProtectionVerificationOutcomeFailed             = "failed"
	BotProtectionVerificationOutcomeVerified           = "verified"
	BotProtectionVerificationOutcomeServiceUnavailable = "service_unavailable"
)
View Source 
const (
	AuthowAPIPerIP ratelimit.BucketName = "AuthflowAPIPerIP"
)
View Source 
const Lifetime = duration.UserInteraction
View Source 
const (
	WebsocketEndpointV1 = "/api/v1/authentication_flows/ws"
)

Variables

View Source 
var AllFlowTypes []FlowType = []FlowType{
	FlowTypeSignup,
	FlowTypePromote,
	FlowTypeLogin,
	FlowTypeSignupLogin,
	FlowTypeReauth,
	FlowTypeAccountRecovery,
}
View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(Dependencies), "*"),
	NewServiceLogger,
	wire.Struct(new(Service), "*"),
	wire.Struct(new(StoreImpl), "*"),
	wire.Bind(new(Store), new(*StoreImpl)),
	wire.Struct(new(IntlMiddleware), "*"),
	wire.Struct(new(RateLimitMiddleware), "*"),
	NewWebsocketEventStore,
)
View Source 
var ErrEOF = errors.New("eof")

ErrEOF means end of flow. This error originates from CanReactTo and will be propagated to public API.

View Source 
var ErrFlowNotAllowed = apierrors.Forbidden.WithReason("AuthenticationFlowNotAllowed").New("flow not allowed")
View Source 
var ErrFlowNotFound = apierrors.NotFound.WithReason("AuthenticationFlowNotFound").New("flow not found")
View Source 
var ErrIncompatibleInput = errors.New("incompatible input")

ErrIncompatibleInput means the input reactor cannot react to the input. This error can only be returned by ReactTo.

View Source 
var ErrInvalidJSONPointer = errors.New("invalid json pointer")
View Source 
var ErrNoChange = errors.New("no change")

ErrNoChange means the input does not cause the flow to change. This error originates from Accept and will be propagated to public API.

View Source 
var ErrNoEntries = errors.New("no entries")
View Source 
var ErrSameNode = errors.New("same node")

ErrSameNode means the input is reacted to, but no node is produced. This typically means the node has performed some immediate side effects. This error can only be returned by ReactTo.

View Source 
var ErrStepNotFound = apierrors.NotFound.WithReason("AuthenticationFlowStepNotFound").New("step not found")
View Source 
var ErrUnknownFlow = apierrors.BadRequest.WithReason("AuthenticationFlowUnknownFlow").New("unknown flow")
View Source 
var ErrUpdateNode = errors.New("update node")

ErrUpdateNode means the input is reacted to, but instead of producing a new node to be appended, the returned node should replace the node. This error can only be returned by ReactTo.

View Source 
var InputTakeAccountRecoveryCodeSchemaBuilder validation.SchemaBuilder

Functions

func ApplyAllEffects 

func ApplyAllEffects(ctx context.Context, deps *Dependencies, flows Flows) error

func ApplyRunEffects 

func ApplyRunEffects(ctx context.Context, deps *Dependencies, flows Flows) error

func AsInput 

func AsInput(i Input, iface interface{}) bool

func CollectCookies 

func CollectCookies(ctx context.Context, deps *Dependencies, flows Flows) (cookies []*http.Cookie, err error)

func FindAllMilestones 

func FindAllMilestones[T Milestone](w *Flow) []T

func FlowObject 

func FlowObject(flowRootObject config.AuthenticationFlowObject, pointer jsonpointer.T) (config.AuthenticationFlowObject, error)

func FlowObjectGetName 

func FlowObjectGetName(o config.AuthenticationFlowObject) string

func FlowObjectGetOneOf 

func FlowObjectGetOneOf(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)

func FlowObjectGetSteps 

func FlowObjectGetSteps(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)

func GetAuthenticationInfoEntry 

func GetAuthenticationInfoEntry(ctx context.Context, deps *Dependencies, flows Flows) (*authenticationinfo.Entry, bool)

func GetCurrentObject 

func GetCurrentObject(entries []TraverseEntry) (config.AuthenticationFlowObject, error)

func GetFlowID 

func GetFlowID(ctx context.Context) string

func GetIDToken 

func GetIDToken(ctx context.Context) string

func GetLoginHint 

func GetLoginHint(ctx context.Context) string

func GetOAuthSessionID 

func GetOAuthSessionID(ctx context.Context) string

func GetSAMLSessionID 

func GetSAMLSessionID(ctx context.Context) string

func GetSuppressIDPSessionCookie 

func GetSuppressIDPSessionCookie(ctx context.Context) bool

func GetUserIDHint 

func GetUserIDHint(ctx context.Context) string

func JSONPointerForOneOf 

func JSONPointerForOneOf(p jsonpointer.T, index int) jsonpointer.T

func JSONPointerForStep 

func JSONPointerForStep(p jsonpointer.T, index int) jsonpointer.T

func JSONPointerSubtract 

func JSONPointerSubtract(p1 jsonpointer.T, p2 jsonpointer.T) jsonpointer.T

func JSONPointerToParent 

func JSONPointerToParent(p jsonpointer.T) jsonpointer.T

func NewWebsocketChannelName 

func NewWebsocketChannelName() string

func RegisterFlow 

func RegisterFlow(flow PublicFlow)

RegisterFlow is for registering a flow.

func RegisterIntent 

func RegisterIntent(intent Intent)

func RegisterNode 

func RegisterNode(node NodeSimple)

func TraverseFlow 

func TraverseFlow(t Traverser, w *Flow) error

TraverseFlow traverse the flow, and intent of the flow is treated as the last node of the flow

func TraverseFlowIntentFirst 

func TraverseFlowIntentFirst(t Traverser, w *Flow) error

TraverseFlowIntentFirst is same as TraverseFlow, except that it ensures all nodes and intents must be traversed in the order they are inserted to the flow i.e. The intent will invoke the Traverser before the nodes belongs that intent

func TraverseIntentFromEndToRoot 

func TraverseIntentFromEndToRoot(t IntentTraverser, w *Flow) error

func TraverseNode 

func TraverseNode(t Traverser, w *Flow, n *Node) error

func TraverseNodeIntentFirst 

func TraverseNodeIntentFirst(t Traverser, w *Flow, n *Node) error

func WebsocketChannelName 

func WebsocketChannelName(r *http.Request) string

func WebsocketURL 

func WebsocketURL(origin string, channel string) (websocketURL string, err error)

Types

type AcceptResult 

type AcceptResult struct {
	BotProtectionVerificationResult *BotProtectionVerificationResult `json:"bot_protection,omitempty"`
}

func Accept 

func Accept(ctx context.Context, deps *Dependencies, flows Flows, rawMessage json.RawMessage) (*AcceptResult, error)

Accept executes the flow to the deepest using input. In addition to the errors caused by intents and nodes, ErrEOF and ErrNoChange can be returned.

func AcceptSyntheticInput 

func AcceptSyntheticInput(ctx context.Context, deps *Dependencies, flows Flows, syntheticInput Input) (result *AcceptResult, err error)

type AccountMigrationService 

type AccountMigrationService interface {
	Run(ctx context.Context, migrationTokenString string) (*accountmigration.HookResponse, error)
}

type AnonymousIdentityService 

type AnonymousIdentityService interface {
	ParseRequestUnverified(requestJWT string) (*anonymous.Request, error)
	ParseRequest(requestJWT string, identity *identity.Anonymous) (*anonymous.Request, error)

	Get(ctx context.Context, userID string, id string) (*identity.Anonymous, error)
	GetByKeyID(ctx context.Context, keyID string) (*identity.Anonymous, error)
}

type AnonymousUserPromotionCodeStore 

type AnonymousUserPromotionCodeStore interface {
	GetPromotionCode(ctx context.Context, codeHash string) (*anonymous.PromotionCode, error)
	DeletePromotionCode(ctx context.Context, code *anonymous.PromotionCode) error
}

type AuthenticationInfoEntryGetter 

type AuthenticationInfoEntryGetter interface {
	GetAuthenticationInfoEntry(ctx context.Context, deps *Dependencies, flows Flows) *authenticationinfo.Entry
}

type AuthenticationInfoService 

type AuthenticationInfoService interface {
	Save(ctx context.Context, entry *authenticationinfo.Entry) error
}

type AuthenticatorService 

type AuthenticatorService interface {
	NewWithAuthenticatorID(ctx context.Context, authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error)
	UpdatePassword(ctx context.Context, ainfo *authenticator.Info, options *service.UpdatePasswordOptions) (changed bool, info *authenticator.Info, err error)
	Get(ctx context.Context, authenticatorID string) (*authenticator.Info, error)
	Create(ctx context.Context, authenticatorInfo *authenticator.Info, markVerified bool) error
	Update(ctx context.Context, authenticatorInfo *authenticator.Info) error
	List(ctx context.Context, userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error)
	VerifyWithSpec(ctx context.Context, info *authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (verifyResult *service.VerifyResult, err error)
	VerifyOneWithSpec(ctx context.Context, userID string, authenticatorType model.AuthenticatorType, infos []*authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (info *authenticator.Info, verifyResult *service.VerifyResult, err error)
	ClearLockoutAttempts(ctx context.Context, userID string, usedMethods []config.AuthenticationLockoutMethod) error
}

type BotProtectionService 

type BotProtectionService interface {
	Verify(ctx context.Context, response string) error
}

type BotProtectionVerificationOutcome 

type BotProtectionVerificationOutcome string

type BotProtectionVerificationResult 

type BotProtectionVerificationResult struct {
	Outcome  BotProtectionVerificationOutcome `json:"outcome,omitempty"`
	Response interface{}                      `json:"response,omitempty"`
}

func GetBotProtectionVerificationResult 

func GetBotProtectionVerificationResult(ctx context.Context) *BotProtectionVerificationResult

type CaptchaService 

type CaptchaService interface {
	VerifyToken(ctx context.Context, token string) error
}

type ChallengeService 

type ChallengeService interface {
	Consume(ctx context.Context, token string) (*challenge.Purpose, error)
	Get(ctx context.Context, token string) (*challenge.Challenge, error)
}

type CookieGetter 

type CookieGetter interface {
	GetCookies(ctx context.Context, deps *Dependencies, flows Flows) ([]*http.Cookie, error)
}

type CookieManager 

type CookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
	ValueCookie(def *httputil.CookieDef, value string) *http.Cookie
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type CustomAttrsService 

type CustomAttrsService interface {
	UpdateCustomAttributesWithList(ctx context.Context, role accesscontrol.Role, userID string, attrs attrs.List) error
}

type Data 

type Data interface {
	Data()
}

Data is a marker. Ensure all data is a struct, not an ad-hoc map.

type DataFinishRedirectURI 

type DataFinishRedirectURI struct {
	FinishRedirectURI string `json:"finish_redirect_uri,omitempty"`
}

func (*DataFinishRedirectURI) Data 

func (*DataFinishRedirectURI) Data()

type DataOutputer 

type DataOutputer interface {
	InputReactor
	OutputData(ctx context.Context, deps *Dependencies, flows Flows) (Data, error)
}

DataOutputer is an InputReactor. The data it outputs allow the caller to proceed.

type Dependencies 

type Dependencies struct {
	Config        *config.AppConfig
	FeatureConfig *config.FeatureConfig

	Clock      clock.Clock
	RemoteIP   httputil.RemoteIP
	HTTPOrigin httputil.HTTPOrigin

	HTTPRequest *http.Request

	Users                           UserService
	Identities                      IdentityService
	AnonymousIdentities             AnonymousIdentityService
	AnonymousUserPromotionCodeStore AnonymousUserPromotionCodeStore
	Authenticators                  AuthenticatorService
	MFA                             MFAService
	StdAttrsService                 StdAttrsService
	CustomAttrsService              CustomAttrsService
	OTPCodes                        OTPCodeService
	OTPSender                       OTPSender
	Verification                    VerificationService
	ForgotPassword                  ForgotPasswordService
	ResetPassword                   ResetPasswordService
	AccountMigrations               AccountMigrationService
	Challenges                      ChallengeService
	Captcha                         CaptchaService
	BotProtection                   BotProtectionService
	OAuthProviderFactory            OAuthProviderFactory
	PasskeyRequestOptionsService    PasskeyRequestOptionsService
	PasskeyCreationOptionsService   PasskeyCreationOptionsService
	PasskeyService                  PasskeyService
	LoginIDs                        LoginIDService
	LDAP                            LDAPService
	LDAPClientFactory               LDAPClientFactory

	IDPSessions          IDPSessionService
	Sessions             SessionService
	AuthenticationInfos  AuthenticationInfoService
	SessionCookie        session.CookieDef
	MFADeviceTokenCookie mfa.CookieDef

	UserFacade UserFacade

	Cookies CookieManager

	Events      EventService
	RateLimiter RateLimiter

	OfflineGrants OfflineGrantStore
	IDTokens      IDTokenService
}

type Effect 

type Effect interface {
	// contains filtered or unexported methods
}

type EffectGetter 

type EffectGetter interface {
	GetEffects(ctx context.Context, deps *Dependencies, flows Flows) (effs []Effect, err error)
}

type EndOfFlowDataOutputer 

type EndOfFlowDataOutputer interface {
	PublicFlow
	OutputEndOfFlowData(ctx context.Context, deps *Dependencies, flows Flows, baseData *DataFinishRedirectURI) (Data, error)
}

EndOfFlowDataOutputer is an optional interface to be implemented by PublicFlow. The implementation MUST return a Data that contains baseData.

type ErrorBotProtectionVerification 

type ErrorBotProtectionVerification struct {
	Status ErrorBotProtectionVerificationStatus
}

ErrorBotProtectionVerification is a special error for interrupting the flow in case of failed or service-unavailable 

var (
	ErrorBotProtectionVerificationFailed *ErrorBotProtectionVerification = &ErrorBotProtectionVerification{
		Status: ErrorBotProtectionVerificationStatusFailed,
	}
	ErrorBotProtectionVerificationSuccess *ErrorBotProtectionVerification = &ErrorBotProtectionVerification{
		Status: ErrorBotProtectionVerificationStatusSuccess,
	}
	ErrorBotProtectionVerificationServiceUnavailable *ErrorBotProtectionVerification = &ErrorBotProtectionVerification{
		Status: ErrorBotProtectionVerificationStatusServiceUnavailable,
	}
)

func (*ErrorBotProtectionVerification) Error 

func (e *ErrorBotProtectionVerification) Error() string

type ErrorBotProtectionVerificationStatus 

type ErrorBotProtectionVerificationStatus string
const (
	ErrorBotProtectionVerificationStatusFailed             ErrorBotProtectionVerificationStatus = "failed"
	ErrorBotProtectionVerificationStatusSuccess            ErrorBotProtectionVerificationStatus = "success"
	ErrorBotProtectionVerificationStatusServiceUnavailable ErrorBotProtectionVerificationStatus = "service-unavailable"
)

type ErrorRewriteFlow 

type ErrorRewriteFlow struct {
	Intent Intent
	Nodes  []Node
	// SyntheticInput advance the rewritten flow at the current state.
	SyntheticInput Input
}

ErrorRewriteFlow is a special error for rewriting the flow.

func (*ErrorRewriteFlow) Error 

func (e *ErrorRewriteFlow) Error() string

type ErrorSwitchFlow 

type ErrorSwitchFlow struct {
	// FlowReference indicates the flow to switch to.
	FlowReference FlowReference
	// SyntheticInput advance the switched flow at the current state.
	// It MUST include the input that triggers this error.
	SyntheticInput Input
}

ErrorSwitchFlow is a special error for switching flow.

func (*ErrorSwitchFlow) Error 

func (e *ErrorSwitchFlow) Error() string

type Event 

type Event interface {
	// contains filtered or unexported methods
}

type EventKind 

type EventKind string
const (
	// EventKindRefresh indicates client should re-fetch current state of flow for updated state.
	EventKindRefresh EventKind = "refresh"
)

type EventRefresh 

type EventRefresh struct {
	Kind EventKind `json:"kind"`
}

func NewEventRefresh 

func NewEventRefresh() *EventRefresh

type EventService 

type EventService interface {
	DispatchEventOnCommit(ctx context.Context, payload event.Payload) error
	DispatchEventImmediately(ctx context.Context, payload event.NonBlockingPayload) error
}

type FindInputReactorResult 

type FindInputReactorResult struct {
	Flows        Flows
	InputReactor InputReactor
	InputSchema  InputSchema
}

func FindInputReactor 

func FindInputReactor(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)

func FindInputReactorForFlow 

func FindInputReactorForFlow(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)

func FindInputReactorForNode 

func FindInputReactorForNode(ctx context.Context, deps *Dependencies, flows Flows, n *Node) (*FindInputReactorResult, error)

type Flow 

type Flow struct {
	FlowID     string
	StateToken string
	Intent     Intent
	Nodes      []Node
}

func CloneFlow 

func CloneFlow(w *Flow) *Flow

func FindTargetStep 

func FindTargetStep(w *Flow, name string) (out *Flow, err error)

func NewFlow 

func NewFlow(flowID string, intent Intent) *Flow

func (*Flow) MarshalJSON 

func (w *Flow) MarshalJSON() ([]byte, error)

func (*Flow) UnmarshalJSON 

func (w *Flow) UnmarshalJSON(d []byte) (err error)

type FlowAction 

type FlowAction struct {
	Type           FlowActionType                          `json:"type"`
	Identification config.AuthenticationFlowIdentification `json:"identification,omitempty"`
	Authentication config.AuthenticationFlowAuthentication `json:"authentication,omitempty"`
	Data           Data                                    `json:"data,omitempty"`
}

FlowAction is an API object.

func GetFlowAction 

func GetFlowAction(flowRootObject config.AuthenticationFlowObject, pointer jsonpointer.T) *FlowAction

type FlowActionType 

type FlowActionType string
const (
	FlowActionTypeFinished FlowActionType = "finished"
)

func FlowActionTypeFromStepType 

func FlowActionTypeFromStepType(t config.AuthenticationFlowStepType) FlowActionType

type FlowAllowlist 

type FlowAllowlist struct {
	DefinedGroups []*config.UIAuthenticationFlowGroup
	AllowedGroups []*config.AuthenticationFlowAllowlistGroup
	AllowedFlows  []*config.AuthenticationFlowAllowlistFlow
}

FlowAllowlist contains union of flow group and flow allowlist.

func NewFlowAllowlist 

func NewFlowAllowlist(allowlist *config.AuthenticationFlowAllowlist, definedGroups []*config.UIAuthenticationFlowGroup) FlowAllowlist

func (FlowAllowlist) CanCreateFlow 

func (a FlowAllowlist) CanCreateFlow(flowReference FlowReference) bool

func (FlowAllowlist) DeriveFlowNameForDefaultUI 

func (a FlowAllowlist) DeriveFlowNameForDefaultUI(flowType FlowType, flowGroup string) (string, error)

type FlowReference 

type FlowReference struct {
	Type FlowType `json:"type"`
	Name string   `json:"name"`
}

FlowReference is an API object.

func FindCurrentFlowReference 

func FindCurrentFlowReference(flow *Flow) *FlowReference

type FlowResponse 

type FlowResponse struct {
	StateToken string      `json:"state_token"`
	Type       FlowType    `json:"type,omitempty"`
	Name       string      `json:"name,omitempty"`
	Action     *FlowAction `json:"action,omitempty"`
}

FlowResponse is an API object.

type FlowType 

type FlowType string

FlowType denotes the type of the intents. 

const (
	FlowTypeSignup          FlowType = "signup"
	FlowTypePromote         FlowType = "promote"
	FlowTypeLogin           FlowType = "login"
	FlowTypeSignupLogin     FlowType = "signup_login"
	FlowTypeReauth          FlowType = "reauth"
	FlowTypeAccountRecovery FlowType = "account_recovery"
)

type Flows 

type Flows struct {
	Root    *Flow
	Nearest *Flow
}

func FindMilestoneInCurrentFlow 

func FindMilestoneInCurrentFlow[T Milestone](flows Flows) (T, Flows, bool)

FindMilestoneInCurrentFlow find the last milestone in the flow. It does not recur into sub flows. If the found milestone is a node, then the returned flows is the same as flows. If the found milestone is a intent, then the returned flows is Nearest=intent.

func NewFlows 

func NewFlows(root *Flow) Flows

func (Flows) Replace 

func (w Flows) Replace(nearest *Flow) Flows

type ForgotPasswordService 

type ForgotPasswordService interface {
	IsRateLimitError(err error, target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) bool
	CodeLength(target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) int

	SendCode(ctx context.Context, loginID string, options *forgotpassword.CodeOptions) error
	InspectState(ctx context.Context, target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) (*otp.State, error)
}

type IDPSessionService 

type IDPSessionService interface {
	MakeSession(*session.Attrs) (*idpsession.IDPSession, string)
	Create(ctx context.Context, s *idpsession.IDPSession) error
	Reauthenticate(ctx context.Context, idpSessionID string, amr []string) error
}

type IDTokenService 

type IDTokenService interface {
	VerifyIDToken(idToken string) (jwt.Token, error)
}

type IdentityService 

type IdentityService interface {
	New(ctx context.Context, userID string, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)
	UpdateWithSpec(ctx context.Context, is *identity.Info, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)
	Get(ctx context.Context, id string) (*identity.Info, error)
	SearchBySpec(ctx context.Context, spec *identity.Spec) (exactMatch *identity.Info, otherMatches []*identity.Info, err error)
	ListByClaim(ctx context.Context, name string, value string) ([]*identity.Info, error)
	ListByUser(ctx context.Context, userID string) ([]*identity.Info, error)
	CheckDuplicatedByUniqueKey(ctx context.Context, info *identity.Info) (*identity.Info, error)
	Create(ctx context.Context, is *identity.Info) error
	Update(ctx context.Context, oldIs *identity.Info, newIs *identity.Info) error
	Delete(ctx context.Context, is *identity.Info) error
}

type Input 

type Input interface {
	Input()
}

Input is a marker to signify some struct is an Input.

type InputReactor 

type InputReactor interface {
	CanReactTo(ctx context.Context, deps *Dependencies, flows Flows) (InputSchema, error)
	ReactTo(ctx context.Context, deps *Dependencies, flows Flows, input Input) (*Node, error)
}

InputReactor, if can react to some input, must return an InputSchema. It must react to the Input produced by its InputSchema. As a special case, CanReactTo can return a nil InputSchema, which means the InputReactor can react to a nil Input.

type InputSchema 

type InputSchema interface {
	GetJSONPointer() jsonpointer.T
	GetFlowRootObject() config.AuthenticationFlowObject
	SchemaBuilder() validation.SchemaBuilder
	// MakeInput MUST return *validation.AggregateError if rawMessage does not validate against the JSON schema.
	MakeInput(rawMessage json.RawMessage) (Input, error)
}

InputSchema validates and parses the input. It is associated with a json pointer which points to the a step, or a branch of a step.

type InputTakeAccountRecoveryCode 

type InputTakeAccountRecoveryCode struct {
	AccountRecoveryCode string `json:"account_recovery_code"`
}

func MakeInputTakeAccountRecoveryCode 

func MakeInputTakeAccountRecoveryCode(rawMessage json.RawMessage) (*InputTakeAccountRecoveryCode, bool)

type InputUnwrapper 

type InputUnwrapper interface {
	Unwrap() Input
}

InputUnwrapper is for advanced usage. This usage is not used at the moment.

type Intent 

type Intent interface {
	Kinder
	InputReactor
}

func InstantiateIntent 

func InstantiateIntent(kind string) (Intent, error)

type IntentTraverser 

type IntentTraverser = func(intent Intent) error

type IntlMiddleware 

type IntlMiddleware struct{}

func (*IntlMiddleware) Handle 

func (m *IntlMiddleware) Handle(next http.Handler) http.Handler

type JSONResponseWriter 

type JSONResponseWriter interface {
	WriteResponse(rw http.ResponseWriter, resp *api.Response)
}

type Kinder 

type Kinder interface {
	Kind() string
}

type LDAPClientFactory 

type LDAPClientFactory interface {
	MakeClient(serverConfig *config.LDAPServerConfig) *ldap.Client
}

type LDAPService 

type LDAPService interface {
	MakeSpecFromEntry(serverConfig *config.LDAPServerConfig, loginUsername string, entry *ldap.Entry) (*identity.Spec, error)
}

type LoginIDService 

type LoginIDService interface {
	CheckAndNormalize(spec identity.LoginIDSpec) (normalized string, uniqueKey string, err error)
}

type MFAService 

type MFAService interface {
	GenerateRecoveryCodes(ctx context.Context) []string
	ListRecoveryCodes(ctx context.Context, userID string) ([]*mfa.RecoveryCode, error)
	ReplaceRecoveryCodes(ctx context.Context, userID string, codes []string) ([]*mfa.RecoveryCode, error)
	VerifyRecoveryCode(ctx context.Context, userID string, code string) (*mfa.RecoveryCode, error)
	ConsumeRecoveryCode(ctx context.Context, c *mfa.RecoveryCode) error

	GenerateDeviceToken(ctx context.Context) string
	CreateDeviceToken(ctx context.Context, userID string, token string) (*mfa.DeviceToken, error)
	VerifyDeviceToken(ctx context.Context, userID string, deviceToken string) error
}

type Milestone 

type Milestone interface {
	Milestone()
}

Milestone is a marker. The designed use case is to find out whether a particular milestone exists in the flow, or any of its subflows.

type Node 

type Node struct {
	Type    NodeType   `json:"type"`
	Simple  NodeSimple `json:"simple,omitempty"`
	SubFlow *Flow      `json:"flow,omitempty"`
}

func CloneNode 

func CloneNode(n *Node) *Node

func NewNodeSimple 

func NewNodeSimple(simple NodeSimple) *Node

func NewSubFlow 

func NewSubFlow(intent Intent) *Node

func (*Node) MarshalJSON 

func (n *Node) MarshalJSON() ([]byte, error)

func (*Node) UnmarshalJSON 

func (n *Node) UnmarshalJSON(d []byte) (err error)

type NodeOrIntent 

type NodeOrIntent interface {
	Kinder
}

type NodeSimple 

type NodeSimple interface {
	Kinder
}

func InstantiateNode 

func InstantiateNode(kind string) (NodeSimple, error)

type NodeType 

type NodeType string
const (
	NodeTypeSimple  NodeType = "SIMPLE"
	NodeTypeSubFlow NodeType = "SUB_FLOW"
)

type OAuthClientResolver 

type OAuthClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type OAuthProviderFactory 

type OAuthProviderFactory interface {
	GetProviderConfig(alias string) (oauthrelyingparty.ProviderConfig, error)

	GetAuthorizationURL(ctx context.Context, alias string, options oauthrelyingparty.GetAuthorizationURLOptions) (string, error)
	GetUserProfile(ctx context.Context, alias string, options oauthrelyingparty.GetUserProfileOptions) (oauthrelyingparty.UserProfile, error)
}

type OTPCodeService 

type OTPCodeService interface {
	GenerateOTP(ctx context.Context, kind otp.Kind, target string, form otp.Form, opt *otp.GenerateOptions) (string, error)
	VerifyOTP(ctx context.Context, kind otp.Kind, target string, otp string, opts *otp.VerifyOptions) error
	InspectState(ctx context.Context, kind otp.Kind, target string) (*otp.State, error)

	LookupCode(ctx context.Context, purpose otp.Purpose, code string) (target string, err error)
	SetSubmittedCode(ctx context.Context, kind otp.Kind, target string, code string) (*otp.State, error)
}

type OTPSender 

type OTPSender interface {
	Send(ctx context.Context, opts otp.SendOptions) error
}

type OfflineGrantStore 

type OfflineGrantStore interface {
	ListClientOfflineGrants(ctx context.Context, clientID string, userID string) ([]*oauth.OfflineGrant, error)
}

type OnCommitEffect 

type OnCommitEffect func(ctx context.Context, deps *Dependencies) error

type PasskeyCreationOptionsService 

type PasskeyCreationOptionsService interface {
	MakeCreationOptions(ctx context.Context, userID string) (*model.WebAuthnCreationOptions, error)
}

type PasskeyRequestOptionsService 

type PasskeyRequestOptionsService interface {
	MakeModalRequestOptions(ctx context.Context) (*model.WebAuthnRequestOptions, error)
	MakeModalRequestOptionsWithUser(ctx context.Context, userID string) (*model.WebAuthnRequestOptions, error)
}

type PasskeyService 

type PasskeyService interface {
	ConsumeAttestationResponse(ctx context.Context, attestationResponse []byte) (err error)
	ConsumeAssertionResponse(ctx context.Context, assertionResponse []byte) (err error)
}

type PublicFlow 

type PublicFlow interface {
	Intent
	FlowType() FlowType
	FlowInit(r FlowReference, startFrom jsonpointer.T)
	FlowFlowReference() FlowReference
	FlowRootObject(deps *Dependencies) (config.AuthenticationFlowObject, error)
}

PublicFlow is a instantiable intent by the public.

func InstantiateFlow 

func InstantiateFlow(f FlowReference, startFrom jsonpointer.T) (PublicFlow, error)

InstantiateFlow is used by the HTTP layer to instantiate a Flow.

type RateLimitMiddleware 

type RateLimitMiddleware struct {
	RateLimiter RateLimiter
	RemoteIP    httputil.RemoteIP
	JSON        JSONResponseWriter
	Config      *config.AppConfig
}

func (*RateLimitMiddleware) Handle 

func (m *RateLimitMiddleware) Handle(next http.Handler) http.Handler

type RateLimiter 

type RateLimiter interface {
	Allow(ctx context.Context, spec ratelimit.BucketSpec) (*ratelimit.FailedReservation, error)
	Reserve(ctx context.Context, spec ratelimit.BucketSpec) (*ratelimit.Reservation, *ratelimit.FailedReservation, error)
	Cancel(ctx context.Context, r *ratelimit.Reservation)
}

type ResetPasswordService 

type ResetPasswordService interface {
	VerifyCode(ctx context.Context, code string) (state *otp.State, err error)
	VerifyCodeWithTarget(ctx context.Context, target string, code string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) (state *otp.State, err error)
	ResetPasswordByEndUser(ctx context.Context, code string, newPassword string) error
	ResetPasswordWithTarget(ctx context.Context, target string, code string, newPassword string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) error
}

type RunEffect 

type RunEffect func(ctx context.Context, deps *Dependencies) error

type Service 

type Service struct {
	Deps                *Dependencies
	Logger              ServiceLogger
	Store               Store
	Database            ServiceDatabase
	UIConfig            *config.UIConfig
	UIInfoResolver      ServiceUIInfoResolver
	OAuthClientResolver OAuthClientResolver
}

func (*Service) CreateNewFlow 

func (s *Service) CreateNewFlow(ctx context.Context, publicFlow PublicFlow, sessionOptions *SessionOptions) (output *ServiceOutput, err error)

func (*Service) FeedInput 

func (s *Service) FeedInput(ctx context.Context, stateToken string, rawMessage json.RawMessage) (output *ServiceOutput, err error)

func (*Service) FeedSyntheticInput 

func (s *Service) FeedSyntheticInput(ctx context.Context, stateToken string, syntheticInput Input) (output *ServiceOutput, err error)

func (*Service) Get 

func (s *Service) Get(ctx context.Context, stateToken string) (output *ServiceOutput, err error)

type ServiceDatabase 

type ServiceDatabase interface {
	WithTx(ctx context.Context, do func(ctx context.Context) error) (err error)
	ReadOnly(ctx context.Context, do func(ctx context.Context) error) (err error)
}

type ServiceLogger 

type ServiceLogger struct{ *log.Logger }

func NewServiceLogger 

func NewServiceLogger(lf *log.Factory) ServiceLogger

type ServiceOutput 

type ServiceOutput struct {
	Session       *Session
	SessionOutput *SessionOutput
	Flow          *Flow

	FlowReference *FlowReference
	Finished      bool
	FlowAction    *FlowAction

	Cookies []*http.Cookie
}

func (*ServiceOutput) ToFlowResponse 

func (o *ServiceOutput) ToFlowResponse() FlowResponse

type ServiceUIInfoResolver 

type ServiceUIInfoResolver interface {
	SetAuthenticationInfoInQuery(redirectURI string, e *authenticationinfo.Entry) string
}

type Session 

type Session struct {
	FlowID string `json:"flow_id"`

	OAuthSessionID string `json:"oauth_session_id,omitempty"`
	SAMLSessionID  string `json:"saml_session_id,omitempty"`

	ClientID    string   `json:"client_id,omitempty"`
	RedirectURI string   `json:"redirect_uri,omitempty"`
	Prompt      []string `json:"prompt,omitempty"`
	State       string   `json:"state,omitempty"`
	XState      string   `json:"x_state,omitempty"`
	UILocales   string   `json:"ui_locales,omitempty"`

	BotProtectionVerificationResult *BotProtectionVerificationResult `json:"bot_protection_verification_result,omitempty"`
	IDToken                         string                           `json:"id_token,omitempty"`
	SuppressIDPSessionCookie        bool                             `json:"suppress_idp_session_cookie,omitempty"`
	UserIDHint                      string                           `json:"user_id_hint,omitempty"`
	LoginHint                       string                           `json:"login_hint,omitempty"`
}

Session must not contain web session ID. This is to ensure webapp does not have privilege in authflow.

func NewSession 

func NewSession(opts *SessionOptions) *Session

func (*Session) MakeContext 

func (s *Session) MakeContext(ctx context.Context, deps *Dependencies) context.Context

func (*Session) SetBotProtectionVerificationResult 

func (s *Session) SetBotProtectionVerificationResult(result *BotProtectionVerificationResult)

func (*Session) ToOutput 

func (s *Session) ToOutput() *SessionOutput

type SessionOptions 

type SessionOptions struct {
	OAuthSessionID string
	SAMLSessionID  string

	ClientID    string
	RedirectURI string
	Prompt      []string
	State       string
	XState      string
	UILocales   string

	BotProtectionVerificationResult *BotProtectionVerificationResult
	IDToken                         string
	SuppressIDPSessionCookie        bool
	UserIDHint                      string
	LoginHint                       string
}

func (*SessionOptions) PartiallyMergeFrom 

func (s *SessionOptions) PartiallyMergeFrom(o *SessionOptions) *SessionOptions

type SessionOutput 

type SessionOutput struct {
	FlowID      string `json:"flow_id"`
	ClientID    string `json:"client_id,omitempty"`
	RedirectURI string `json:"redirect_uri,omitempty"`
}

type SessionService 

type SessionService interface {
	RevokeWithoutEvent(ctx context.Context, s session.SessionBase) error
}

type StdAttrsService 

type StdAttrsService interface {
	PopulateStandardAttributes(ctx context.Context, userID string, iden *identity.Info) error
	UpdateStandardAttributesWithList(ctx context.Context, role accesscontrol.Role, userID string, attrs attrs.List) error
}

type Store 

type Store interface {
	CreateSession(ctx context.Context, session *Session) error
	GetSession(ctx context.Context, flowID string) (*Session, error)
	DeleteSession(ctx context.Context, session *Session) error
	UpdateSession(ctx context.Context, session *Session) error

	CreateFlow(ctx context.Context, flow *Flow) error
	GetFlowByStateToken(ctx context.Context, stateToken string) (*Flow, error)
	DeleteFlow(ctx context.Context, flow *Flow) error
}

type StoreImpl 

type StoreImpl struct {
	Redis *appredis.Handle
	AppID config.AppID
}

func (*StoreImpl) CreateFlow 

func (s *StoreImpl) CreateFlow(ctx context.Context, flow *Flow) error

func (*StoreImpl) CreateSession 

func (s *StoreImpl) CreateSession(ctx context.Context, session *Session) error

func (*StoreImpl) DeleteFlow 

func (s *StoreImpl) DeleteFlow(ctx context.Context, flow *Flow) error

func (*StoreImpl) DeleteSession 

func (s *StoreImpl) DeleteSession(ctx context.Context, session *Session) error

func (*StoreImpl) GetFlowByStateToken 

func (s *StoreImpl) GetFlowByStateToken(ctx context.Context, stateToken string) (*Flow, error)

func (*StoreImpl) GetSession 

func (s *StoreImpl) GetSession(ctx context.Context, flowID string) (*Session, error)

func (*StoreImpl) UpdateSession 

func (s *StoreImpl) UpdateSession(ctx context.Context, session *Session) error

type TargetStep 

type TargetStep interface {
	GetName() string
	GetJSONPointer() jsonpointer.T
}

type TraverseEntry 

type TraverseEntry struct {
	FlowObject  config.AuthenticationFlowObject
	JSONPointer jsonpointer.T
	Name        string
	FieldName   string
	Index       int
}

func Traverse 

func Traverse(o config.AuthenticationFlowObject, pointer jsonpointer.T) ([]TraverseEntry, error)

type Traverser 

type Traverser struct {
	Intent     func(intent Intent, w *Flow) error
	NodeSimple func(nodeSimple NodeSimple, w *Flow) error
}

type UserFacade 

type UserFacade interface {
	GetUserIDsByLoginHint(ctx context.Context, hint *oauth.LoginHint) ([]string, error)
}

type UserService 

type UserService interface {
	Get(ctx context.Context, id string, role accesscontrol.Role) (*model.User, error)
	GetRaw(ctx context.Context, id string) (*user.User, error)
	Create(ctx context.Context, userID string) (*user.User, error)
	UpdateLoginTime(ctx context.Context, userID string, t time.Time) error
	UpdateMFAEnrollment(ctx context.Context, userID string, t *time.Time) error
	AfterCreate(
		ctx context.Context,
		user *user.User,
		identities []*identity.Info,
		authenticators []*authenticator.Info,
		isAdminAPI bool,
	) error
}

type VerificationService 

type VerificationService interface {
	NewVerifiedClaim(ctx context.Context, userID string, claimName string, claimValue string) *verification.Claim
	GetClaimStatus(ctx context.Context, userID string, claimName model.ClaimName, claimValue string) (*verification.ClaimStatus, error)
	GetIdentityVerificationStatus(ctx context.Context, i *identity.Info) ([]verification.ClaimStatus, error)
	MarkClaimVerified(ctx context.Context, claim *verification.Claim) error
}

type WebsocketEventStore 

type WebsocketEventStore struct {
	AppID       config.AppID
	RedisHandle *appredis.Handle
	Store       Store
	// contains filtered or unexported fields
}

func NewWebsocketEventStore 

func NewWebsocketEventStore(appID config.AppID, handle *appredis.Handle, store Store) *WebsocketEventStore

func (*WebsocketEventStore) ChannelName 

func (s *WebsocketEventStore) ChannelName(websocketChannelName string) string

func (*WebsocketEventStore) Publish 

func (s *WebsocketEventStore) Publish(ctx context.Context, websocketChannelName string, e Event) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.