uaa

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 24, 2024 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// We set this value in a context for wrapped requests
	KeyLoggedInUser ctxKey = iota
)

Variables

This section is empty.

Functions

func MustCreateBasicCookieHandler 

func MustCreateBasicCookieHandler(insecure bool) *sessions.CookieStore

Create cookie handler, panic upon failure

Types

type Client 

type Client struct {
	// URL is the URL to UAA, e.g. https://uaa.system.example.com.
	URL string

	// Used for authorize redirects, and issuer validation
	ExternalURL string

	ClientID     string
	ClientSecret string

	// If specified, used in instead of system CAs
	CACerts []string
	// contains filtered or unexported fields
}

Client will validate access tokens against a UAA instance, caching keys as required.

func NewClientFromAPIURL 

func NewClientFromAPIURL(apiEndpoint string) (*Client, error)

NewClientFromAPIURL looks up, via the apiEndpoint, the correct UAA address and returns a client.

func (*Client) ExchangeBearerTokenForClientToken 

func (c *Client) ExchangeBearerTokenForClientToken(bearerLine string) (*OAuthGrant, error)

ExchangeBearerTokenForClientToken takes a bearer token (such as that returned by CF), and exchanges via the API auth flow, for an OAuthGrant for the specified clientID. The clientSecret here is really not a secret.

func (*Client) FetchAccessToken 

func (c *Client) FetchAccessToken(postData url.Values) (*OAuthGrant, error)

FetchAccessToken sends data to endpoint to fetch a token and returns a grant object.

func (*Client) GetAuthorizeEndpoint 

func (c *Client) GetAuthorizeEndpoint() string

func (*Client) GetTokenEndpoint 

func (c *Client) GetTokenEndpoint() string

func (*Client) ValidateAccessToken 

func (c *Client) ValidateAccessToken(at, expectedClientID string) (jwt.MapClaims, error)

ValidateAccessToken will validate the given access token, ensure it matches the client ID, and return the claims reported within.

type LoggedInUser 

type LoggedInUser struct {
	// Will be valid for at least 5 minutes
	AccessToken string

	// Email address for user as reported by CloudFoundry
	EmailAddress string

	// Access token will expire around TTL
	TTL time.Time
}

This value is set for handlers to be able to use

type LoginHandler 

type LoginHandler struct {
	// Non-persistent store
	Cookies *sessions.CookieStore

	// UAA validator
	UAA *Client

	// Scopes to request
	Scopes []string

	// BaseURL of ourselves for redirect URIs
	BaseURL string

	// ExternalURL for UAA
	ExternalUAAURL string

	// Written if access is denied
	DeniedContent []byte

	// If this returns true, then this request will be passed through with no further processing
	ShouldIgnore func(*http.Request) bool

	// If this returns true, then this request will look for an Authorization header instead of cookies
	AcceptAPIHeader func(*http.Request) bool

	// If set, will log debug info
	Logger *log.Logger

	// AllowedUsers if not empty, then user is 403ed unless they are in this list
	AllowedUsers []string
}

http.Hander which is middleware that ensure a user is logged in, and will pass a LoggedInUser to wrapped HTTP requests

func (*LoginHandler) Wrap 

func (lh *LoginHandler) Wrap(h http.Handler) http.Handler

Wrap child handler, handle OAuth for us, call child handler once logged in

type OAuthGrant 

type OAuthGrant struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	Scope        string `json:"scope"`
	RefreshToken string `json:"refresh_token"`
	JTI          string `json:"jti"`
}

OAuthGrant used to parse JSON for an access token from UAA server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.