Documentation ¶
Index ¶
- Constants
- Variables
- type AccessGroup
- type Group
- type Identity
- type Provider
- type Scope
- type SealedGroup
- type SealedUser
- type Standalone
- func (s *Standalone) AddUserToGroups(token, uid string, gids ...string) error
- func (s *Standalone) ChangeUserPassword(uid, oldPassword string) (string, error)
- func (s *Standalone) DeleteUser(token, uid string) error
- func (s *Standalone) GetIdentity(token string) (Identity, error)
- func (s *Standalone) LoginUser(uid, password string) (string, int64, error)
- func (s *Standalone) NewGroup(token string, scopes ...Scope) (string, error)
- func (s *Standalone) NewUser(scopes ...Scope) (string, string, error)
- func (s *Standalone) RemoveUserFromGroups(token, uid string, gids ...string) error
- type StandaloneConfig
- type User
Constants ¶
const ( DataTypeSealedUser io.DataType = iota + io.DataTypeEnd + 1 DataTypeSealedGroup )
Variables ¶
var ErrNotAuthenticated = errors.New("user not authenticated")
Error returned if a user cannot be authenticated, e.g. if they provide a wrong password.
var ErrNotAuthorized = errors.New("not authorized")
var ErrNotFound = errors.New("not found")
Functions ¶
This section is empty.
Types ¶
type AccessGroup ¶
AccessGroup represents a group of Identities. The Provider implementations should ensure that the ID string is unique across all instances.
type Group ¶
type Group struct {
Scopes Scope
}
Group contains data about a group of users. Note: All fields need to exported in order for gob to serialize them.
type Identity ¶
type Identity struct { ID string Scopes Scope Groups map[string]AccessGroup }
Identity represents data about the caller of the library. The Provider implementations should ensure that the ID string is unique across all instances.
func (*Identity) GetIDScope ¶
GetIDScope returns the scopes associated with a given ID (identity or group ID).
type Scope ¶
type Scope uint64
const ScopeNone Scope = 0
func ScopeUnion ¶
ScopeUnion returns the union of all the input scopes.
type SealedGroup ¶
SealedGroup is an encrypted structure which contains data about a user group.
type SealedUser ¶
SealedUser is an encrypted structure which contains data about a user.
type Standalone ¶
type Standalone struct {
// contains filtered or unexported fields
}
Standalone is an ID Provider that manages its own data.
func NewStandalone ¶
func NewStandalone(config StandaloneConfig, ioProvider io.Provider) (Standalone, error)
NewStandalone creates an ID Provider that uses the provided key material and stores data in the given IO provider.
func (*Standalone) AddUserToGroups ¶
func (s *Standalone) AddUserToGroups(token, uid string, gids ...string) error
AddUserToGroups adds the user to the provided groups. The authorizing user must be a member of all the groups.
func (*Standalone) ChangeUserPassword ¶
func (s *Standalone) ChangeUserPassword(uid, oldPassword string) (string, error)
ChangeUserPassword authenticates the provided user with the given password and generates a new password for the user.
func (*Standalone) DeleteUser ¶ added in v1.0.16
func (s *Standalone) DeleteUser(token, uid string) error
DeleteUser deletes the user from the IO Provider.
func (*Standalone) GetIdentity ¶
func (s *Standalone) GetIdentity(token string) (Identity, error)
func (*Standalone) LoginUser ¶
func (s *Standalone) LoginUser(uid, password string) (string, int64, error)
LoginUser checks whether the password provided matches the user. If authentication is successful a token is generated and returned alongside its expiry time in Unix time.
func (*Standalone) NewGroup ¶
func (s *Standalone) NewGroup(token string, scopes ...Scope) (string, error)
NewGroup creates a new group and adds the calling user to it.
func (*Standalone) NewUser ¶
func (s *Standalone) NewUser(scopes ...Scope) (string, string, error)
NewUser creates a new user with a randomly generated ID and password.
func (*Standalone) RemoveUserFromGroups ¶
func (s *Standalone) RemoveUserFromGroups(token, uid string, gids ...string) error
RemoveUserFromGroups removes the user from the provided groups. The authorizing user must be a member of all the groups.
type StandaloneConfig ¶ added in v1.0.18
type StandaloneConfig struct { UEK []byte `koanf:"uek"` GEK []byte `koanf:"gek"` TEK []byte `koanf:"tek"` }
StandaloneConfig contains the keys with which the Standalone ID Provider will be configured.