Documentation ¶
Index ¶
- Variables
- func APIEnvironment() (clientID string, secretKey string, err error)
- func WithAPICreds(id string, apikeyB64 string) func(y *YubiClient)
- func WithAPIEnvironment() func(y *YubiClient)
- func WithAPIServers(servers []string) func(y *YubiClient)
- type VerifyRequest
- type VerifyResponse
- type YubiClient
Constants ¶
This section is empty.
Variables ¶
var YubiCloudServers = []string{
"https://api.yubico.com/wsapi/2.0/verify",
"https://api2.yubico.com/wsapi/2.0/verify",
"https://api3.yubico.com/wsapi/2.0/verify",
"https://api4.yubico.com/wsapi/2.0/verify",
"https://api5.yubico.com/wsapi/2.0/verify",
}
YubiCloudServers Yubico servers that know about your factory-configured yubikey slot #1.
Functions ¶
func APIEnvironment ¶
APIEnvironment reads well-known environment variables (YUBICO_API_CLIENT_ID, YUBICO_API_SECRET_KEY) to get your Yubi client API creds. Note that YUBICO_API_SECRET_KEY must be base64-encoded.
func WithAPICreds ¶
func WithAPICreds(id string, apikeyB64 string) func(y *YubiClient)
WithAPICreds an optional arg to NewYubiClient that specifies the Yubico API creds. The apikeyB64 must be base64 encoded as it is provided by the Yubico API Key Signup.
func WithAPIEnvironment ¶
func WithAPIEnvironment() func(y *YubiClient)
WithAPIEnvironment an optional arg to NewYubiClient that reads Yubico API creds from environment variables YUBICO_API_CLIENT_ID and YUBICO_API_SECRET_KEY.
func WithAPIServers ¶
func WithAPIServers(servers []string) func(y *YubiClient)
WithAPIServers an optional arg to NewYubiClient that specifies Yubico API servers. Default is to use the manifest definitions.
Types ¶
type VerifyRequest ¶
type VerifyRequest struct { ID string // Required Yubico Client ID associated with API key OTP string // Required OTP to validate H string // Optional HMAC-SHA1 signature for the request. Timestamp bool // Optional servers provides timestamp and session counter info in response Nonce string // Required 16 to 40 character long string with random unique data SL string // Optional value 0 to 100 indicating percentage of syncing required by client, or strings "fast" or "secure" to use server-configured values; if absent, let the server decide Timeout int // Optional number of seconds to wait for sync responses; if absent, let the server decide }
VerifyRequest A request to verify a OTP
type VerifyResponse ¶
type VerifyResponse struct { // OTP one time password from the YubiKey, from request OTP string // Nonce is a random unique data, from request Nonce string // H Signature H []byte // T timestamp in UTC T time.Time // Status is the status of the operation Status common.Status // Timestamp YubiKey internal timestamp value when key was pressed Timestamp uint // SessionCounter YubiKey internal usage counter when key was pressed SessionCounter uint // SessionUse YubiKey internal session usage counter when key was pressed SessionUse uint // SL percentage of external validation server that replied successfully (0 to 100) SL int }
VerifyResponse Response from a Yubico verify request
func VerifyDefault ¶
func VerifyDefault(otp string) (*VerifyResponse, error)
VerifyDefault helper for a one-shot OTP validation using default values.
You may prefer to use NewYubiClient() if you will be validating more than one OTP.
type YubiClient ¶
type YubiClient struct {
// contains filtered or unexported fields
}
YubiClient Yubico API key info
func NewTestYubiClient ¶
func NewTestYubiClient(server string) (*YubiClient, error)
NewTestYubiClient a test suite function
func NewYubiClient ¶
func NewYubiClient(options ...func(client *YubiClient)) (ry *YubiClient, rerr error)
NewYubiClient creates a new Yubi Cloud client to verify future tokens.
Options may be one of the With*() functions. Ex. WithAPIEnvironment().
You must use your own client id and apiKey to use their servers. Refer to APIEnvironment().
See [Obtain a Yubico API Key]: https://support.yubico.com/hc/en-us/articles/360013717560-Obtaining-an-API-Key-for-YubiKey-Development
func (*YubiClient) Verify ¶
func (y *YubiClient) Verify(req *VerifyRequest) (*VerifyResponse, error)
Verify generic request. See VerifyDefault() for convenience.
func (*YubiClient) VerifyOTP ¶
func (y *YubiClient) VerifyOTP(otp string) (*VerifyResponse, error)
VerifyOTP formats and makes a request to validate a OTP from Yubico API. If it could not validate for any reason, an error is returned.