mfa

package
v1.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 13, 2022 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxOpenRetries = 10
	RetryDelayMS   = 200 * time.Millisecond
)
View Source 
const (
	StatusMFAChallenge = "MFA_CHALLENGE"
	StatusMFARequired  = "MFA_REQUIRED"
	ResultWaiting      = "WAITING"
	ResultRejected     = "REJECTED"
	ResultTimeout      = "TIMEOUT"

	OktaPushDefaultPollIntervalInSeconds = 3
	OktaPushDefaultPollTimeoutInSeconds  = 120
)

Variables

This section is empty.

Functions

func BuildMFAPath 

func BuildMFAPath(factorId string, action string) (string, error)

BuildMFAPath returns a path that okta client can use to make a request to okta

Types

type Config 

type Config struct {
	Provider   string // Which MFA provider to use when presented with an MFA challenge
	FactorType string // Which of the factor types of the MFA provider to use
	DuoDevice  string // Which DUO device to use for DUO MFA
	Device     Device // The implementation that interacts with the device
	Id         string // the unique id for the MFA device provided by Okta
}

type DUODevice 

type DUODevice struct {
	// contains filtered or unexported fields
}

DUODevice is implementation of MFADevice for SMS

func (*DUODevice) Supported 

func (d *DUODevice) Supported(factor Config) error

Supported will check if the mfa config can be used by this device

func (*DUODevice) Verify 

func (d *DUODevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)

Verify is called to get generate the payload that will be sent to Okta. 

We will call this twice, once to tell Okta to send the code then
Once to prompt the user using `CodeSupplier` for the code.

type Device 

type Device interface {

	// Supported takes in an mfa.Config object and returns nil if this device can be used with
	// the config. If the device doesn't support this config an error if it can't
	Supported(factor Config) error

	// Verify makes a call out to the implementation for this MFA factor type/provider.
	// the implementation is basically a state machine that uses tmpUserAuthn to determine
	// what the correct state is. Using this verify interfacce to interact with the device means
	// that someone using this client in their own application could in theory implement their own
	// MFA type or re-implement an existing type if there are specific requirements.
	Verify(authResp types.OktaUserAuthn) (string, []byte, error)
}

func DefaultDevices 

func DefaultDevices(input Input, mfaConfig Config) []Device

DefaultDevices returns all the default MFA devices that are supported.

type FIDODevice 

type FIDODevice struct {
}

FIDODevice is implementation of MFADevice for SMS

func (*FIDODevice) Supported 

func (d *FIDODevice) Supported(factor Config) error

Supported will check if the mfa config can be used by this device

func (*FIDODevice) Verify 

func (d *FIDODevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)

Verify is called to get generate the payload that will be sent to Okta. 

We will call this twice, once to tell Okta to send the code then
Once to prompt the user using `CodeSupplier` for the code.

type FidoClient 

type FidoClient struct {
	ChallengeNonce string
	AppId          string
	Version        string
	Device         u2fhost.Device
	KeyHandle      string
	StateToken     string
}

func NewFidoClient 

func NewFidoClient(challengeNonce, appId, version, keyHandle, stateToken string) (FidoClient, error)

func (*FidoClient) ChallengeU2f 

func (d *FidoClient) ChallengeU2f() (*SignedAssertion, error)

type Input 

type Input interface {
	CodeSupplier(factor Config) (string, error)
}

Input is provided to get input from the user.

type PushDevice added in v1.1.2 

type PushDevice struct {
	PollIntervalInSeconds int
	PollTimeoutInSeconds  int
	// contains filtered or unexported fields
}

PushDevice is implementation of MFADevice for OKTA PUSH

func NewPushDevice added in v1.1.2 

func NewPushDevice() *PushDevice

func (*PushDevice) Supported added in v1.1.2 

func (d *PushDevice) Supported(factor Config) error

Supported will check if the mfa config can be used by this device

func (*PushDevice) Verify added in v1.1.2 

func (d *PushDevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)

Verify is called to get generate the payload that will be sent to Okta.

type SMSDevice 

type SMSDevice struct {
	// contains filtered or unexported fields
}

SMSDevice is implementation of MFADevice for SMS

func (*SMSDevice) Supported 

func (d *SMSDevice) Supported(factor Config) error

Supported will check if the mfa config can be used by this device

func (*SMSDevice) Verify 

func (d *SMSDevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)

Verify is called to get generate the payload that will be sent to Okta. 

We will call this twice, once to tell Okta to send the code then
Once to prompt the user using `CodeSupplier` for the code.

type SignedAssertion 

type SignedAssertion struct {
	StateToken        string `json:"stateToken"`
	ClientData        string `json:"clientData"`
	SignatureData     string `json:"signatureData"`
	AuthenticatorData string `json:"authenticatorData"`
}

type TOTPDevice 

type TOTPDevice struct {
	// contains filtered or unexported fields
}

TOTPDevice is the implementation of MFADevice

func (*TOTPDevice) Supported 

func (d *TOTPDevice) Supported(factor Config) error

Supported will return no error if this MFAConfig can be used with this device implementaion

func (*TOTPDevice) Verify 

func (d *TOTPDevice) Verify(authResp types.OktaUserAuthn) (string, []byte, error)

Verify will prompt the user for a code then return the payload for verification

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.