Documentation ¶
Index ¶
Constants ¶
const ( MaxOpenRetries = 10 RetryDelayMS = 200 * time.Millisecond )
const ( StatusMFAChallenge = "MFA_CHALLENGE" StatusMFARequired = "MFA_REQUIRED" ResultWaiting = "WAITING" ResultRejected = "REJECTED" ResultTimeout = "TIMEOUT" OktaPushDefaultPollIntervalInSeconds = 3 OktaPushDefaultPollTimeoutInSeconds = 120 )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct { Provider string // Which MFA provider to use when presented with an MFA challenge FactorType string // Which of the factor types of the MFA provider to use DuoDevice string // Which DUO device to use for DUO MFA Device Device // The implementation that interacts with the device Id string // the unique id for the MFA device provided by Okta }
type DUODevice ¶
type DUODevice struct {
// contains filtered or unexported fields
}
DUODevice is implementation of MFADevice for SMS
type Device ¶
type Device interface { // Supported takes in an mfa.Config object and returns nil if this device can be used with // the config. If the device doesn't support this config an error if it can't Supported(factor Config) error // Verify makes a call out to the implementation for this MFA factor type/provider. // the implementation is basically a state machine that uses tmpUserAuthn to determine // what the correct state is. Using this verify interfacce to interact with the device means // that someone using this client in their own application could in theory implement their own // MFA type or re-implement an existing type if there are specific requirements. Verify(authResp types.OktaUserAuthn) (string, []byte, error) }
func DefaultDevices ¶
DefaultDevices returns all the default MFA devices that are supported.
type FIDODevice ¶
type FIDODevice struct { }
FIDODevice is implementation of MFADevice for SMS
func (*FIDODevice) Supported ¶
func (d *FIDODevice) Supported(factor Config) error
Supported will check if the mfa config can be used by this device
func (*FIDODevice) Verify ¶
func (d *FIDODevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)
Verify is called to get generate the payload that will be sent to Okta.
We will call this twice, once to tell Okta to send the code then Once to prompt the user using `CodeSupplier` for the code.
type FidoClient ¶
type FidoClient struct { ChallengeNonce string AppId string Version string Device u2fhost.Device KeyHandle string StateToken string }
func NewFidoClient ¶
func NewFidoClient(challengeNonce, appId, version, keyHandle, stateToken string) (FidoClient, error)
func (*FidoClient) ChallengeU2f ¶
func (d *FidoClient) ChallengeU2f() (*SignedAssertion, error)
type PushDevice ¶ added in v1.1.2
type PushDevice struct { PollIntervalInSeconds int PollTimeoutInSeconds int // contains filtered or unexported fields }
PushDevice is implementation of MFADevice for OKTA PUSH
func NewPushDevice ¶ added in v1.1.2
func NewPushDevice() *PushDevice
func (*PushDevice) Supported ¶ added in v1.1.2
func (d *PushDevice) Supported(factor Config) error
Supported will check if the mfa config can be used by this device
func (*PushDevice) Verify ¶ added in v1.1.2
func (d *PushDevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)
Verify is called to get generate the payload that will be sent to Okta.
type SMSDevice ¶
type SMSDevice struct {
// contains filtered or unexported fields
}
SMSDevice is implementation of MFADevice for SMS
type SignedAssertion ¶
type TOTPDevice ¶
type TOTPDevice struct {
// contains filtered or unexported fields
}
TOTPDevice is the implementation of MFADevice
func (*TOTPDevice) Supported ¶
func (d *TOTPDevice) Supported(factor Config) error
Supported will return no error if this MFAConfig can be used with this device implementaion
func (*TOTPDevice) Verify ¶
func (d *TOTPDevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)
Verify will prompt the user for a code then return the payload for verification