Documentation ¶
Index ¶
- type AuthError
- type AuthenticationResult
- type Opts
- type Verifier
- func (o *Verifier) Auth(ctx context.Context, w http.ResponseWriter, r *http.Request) (*AuthenticationResult, error)
- func (o *Verifier) Callback(w http.ResponseWriter, r *http.Request)
- func (o *Verifier) ExpireConfig()
- func (*Verifier) IsRequest(r *http.Request) bool
- func (o *Verifier) Login(w http.ResponseWriter, r *http.Request)
- func (o *Verifier) Logout(w http.ResponseWriter, r *http.Request)
- func (o *Verifier) WriteHeaders(w http.ResponseWriter) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthError ¶
type AuthError struct {
Err error
}
AuthError represents an authentication error. If an error of this type is returned, the caller should call WriteHeaders on the response so that the client has the necessary information to log in using the device flow.
type AuthenticationResult ¶
type AuthenticationResult struct { IdentityType string Subject string Email string Name string IdentityProviderGroups []string }
AuthenticationResult represents an authenticated OIDC client.
type Opts ¶
type Opts struct {
GroupsClaim string
}
Opts contains optional configurable fields for the Verifier.
type Verifier ¶
type Verifier struct {
// contains filtered or unexported fields
}
Verifier holds all information needed to verify an access token offline.
func NewVerifier ¶
func NewVerifier(issuer string, clientID string, audience string, clusterCert func() *shared.CertInfo, identityCache *identity.Cache, httpClientFunc func() (*http.Client, error), options *Opts) (*Verifier, error)
NewVerifier returns a Verifier.
func (*Verifier) Auth ¶
func (o *Verifier) Auth(ctx context.Context, w http.ResponseWriter, r *http.Request) (*AuthenticationResult, error)
Auth extracts OIDC tokens from the request, verifies them, and returns the subject.
func (*Verifier) Callback ¶
func (o *Verifier) Callback(w http.ResponseWriter, r *http.Request)
Callback is a http.HandlerFunc which implements the code exchange required on the /oidc/callback endpoint.
func (*Verifier) ExpireConfig ¶
func (o *Verifier) ExpireConfig()
ExpireConfig sets the expiry time of the current configuration to zero. This forces the verifier to reconfigure the relying party the next time a user authenticates.
func (*Verifier) IsRequest ¶
IsRequest checks if the request is using OIDC authentication. We check for the presence of the Authorization header or one of the ID or refresh tokens and the session cookie.
func (*Verifier) Login ¶
func (o *Verifier) Login(w http.ResponseWriter, r *http.Request)
Login is a http.Handler than initiates the login flow for the UI.
func (*Verifier) Logout ¶
func (o *Verifier) Logout(w http.ResponseWriter, r *http.Request)
Logout deletes the ID and refresh token cookies and redirects the user to the login page.
func (*Verifier) WriteHeaders ¶
func (o *Verifier) WriteHeaders(w http.ResponseWriter) error
WriteHeaders writes the OIDC configuration as HTTP headers so the client can initatiate the device code flow.