external

package
v3.11.0-0.10.0+incompa... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 27, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package external implements an OAuth flow with an external identity provider

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewOAuthPasswordAuthenticator

func NewOAuthPasswordAuthenticator(provider Provider, mapper authapi.UserIdentityMapper) (authenticator.Password, error)

Types

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler exposes an external oauth provider flow (including the call back) as an oauth.handlers.AuthenticationHandler to allow our internal oauth server to use an external oauth provider for authentication

func (*Handler) AuthenticatePassword

func (h *Handler) AuthenticatePassword(username, password string) (user.Info, bool, error)

func (*Handler) AuthenticationRedirect

func (h *Handler) AuthenticationRedirect(w http.ResponseWriter, req *http.Request) error

AuthenticationRedirect implements oauth.handlers.RedirectAuthHandler

func (*Handler) ServeHTTP

func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request)

ServeHTTP handles the callback request in response to an external oauth flow

type Provider

type Provider interface {
	// NewConfig returns a client information that allows a standard oauth client to communicate with external oauth
	NewConfig() (*osincli.ClientConfig, error)
	// GetTransport returns the transport to use for server-to-server calls. If nil is returned, http.DefaultTransport is used.
	GetTransport() (http.RoundTripper, error)
	// AddCustomParameters allows an external oauth provider to provide parameters that are extension to the spec.  Some providers require this.
	AddCustomParameters(*osincli.AuthorizeRequest)
	// GetUserIdentity takes the external oauth token information this and returns the user identity, isAuthenticated, and error
	GetUserIdentity(*osincli.AccessData) (authapi.UserIdentityInfo, bool, error)
}

Provider encapsulates the URLs, configuration, any custom authorize request parameters, and the method for transforming an access token into an identity, for an external OAuth provider.

type RedirectorState

RedirectorState combines state generation/verification with redirections on authentication success and error

func CSRFRedirectingState

func CSRFRedirectingState(csrf csrf.CSRF) RedirectorState

type State

type State interface {
	Generate(w http.ResponseWriter, req *http.Request) (string, error)
	Check(state string, req *http.Request) (bool, error)
}

State handles generating and verifying the state parameter round-tripped to an external OAuth flow. Examples: CSRF protection, post authentication redirection

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL