Documentation
¶
Overview ¶
Package authn handles authentication
Copyright 2022 Molecula Corp (DBA FeatureBase). All rights reserved.
Index ¶
- Constants
- func GetAccessToken(ctx context.Context) (token string, ok bool)
- func GetIndexes(ctx context.Context) (indexes []string, ok bool)
- func GetRefreshToken(ctx context.Context) (token string, ok bool)
- func WithAccessToken(ctx context.Context, token string) context.Context
- func WithIndexes(ctx context.Context, indexes []string) context.Context
- func WithRefreshToken(ctx context.Context, token string) context.Context
- func WithUserInfo(ctx context.Context, userInfo *UserInfo) context.Context
- type Auth
- func (a *Auth) Authenticate(access, refresh string) (*UserInfo, error)
- func (a *Auth) CheckAllowedNetworks(clientIP string) bool
- func (a Auth) CleanOAuthConfig() oauth2.Config
- func (a *Auth) Login(w http.ResponseWriter, r *http.Request)
- func (a *Auth) Logout(w http.ResponseWriter, r *http.Request)
- func (a *Auth) Redirect(w http.ResponseWriter, r *http.Request)
- func (a Auth) SecretKey() []byte
- func (a *Auth) SetCookie(w http.ResponseWriter, access, refresh string, expiry time.Time) error
- func (a *Auth) SetGRPCMetadata(ctx context.Context, md metadata.MD, access, refresh string) (context.Context, error)
- type AuthContextKey
- type Group
- type Groups
- type UserInfo
Constants ¶
const ( // AccessCookieName is the name of the cookie that holds the access token. AccessCookieName = "molecula-chip" // RefreshCookieName is the name of the cookie that holds the refresh token. RefreshCookieName = "refresh-molecula-chip" // RefreshHeaderName is the name of the header that holds the refresh token. RefreshHeaderName = "X-Molecula-Refresh-Token" // ContextValueAccessToken is the key used to set AccessTokens in a ctx. ContextValueAccessToken = AuthContextKey("Access") // ContextValueRefreshToken is the key used to set RefreshTokens in a ctx. ContextValueRefreshToken = AuthContextKey("Refresh") )
Variables ¶
This section is empty.
Functions ¶
func GetAccessToken ¶
GetAccessToken gets the access token from a context.
func GetIndexes ¶
GetIndexes get the indices from a context.
func GetRefreshToken ¶
GetRefreshToken gets the refresh token from a context.
func WithAccessToken ¶
WithAccessToken makes a new Context with an access token.
func WithIndexes ¶
WithIndexes makes a new Context with a []string containing the indicies.
func WithRefreshToken ¶
WithRefreshToken makes a new Context with a refresh token.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth holds state, configuration, and utilities needed for authentication.
func NewAuth ¶
func NewAuth(logger logger.Logger, url string, scopes []string, authURL, tokenURL, groupEndpoint, logout, clientID, clientSecret, secretKey string, configuredIPs []string) (auth *Auth, err error)
NewAuth instantiates and returns a new Auth struct
func (*Auth) Authenticate ¶
Authenticate takes in a auth token `access` and returns UserInfo from that token it is caller's responsibility to inform the user that the access token has been refreshed
func (*Auth) CheckAllowedNetworks ¶
if IP is in allowed networks, then return true to grant admin permissions
func (Auth) CleanOAuthConfig ¶
CleanOAuthConfig returns a's oauthConfig without the client secret
func (*Auth) Login ¶
func (a *Auth) Login(w http.ResponseWriter, r *http.Request)
Login redirects a user to login to their configured oAuth authorize endpoint
func (*Auth) Logout ¶
func (a *Auth) Logout(w http.ResponseWriter, r *http.Request)
Logout clears out the user's cookie, removes the token from our cache, and redirects user to IdP's logout endpoint
func (*Auth) Redirect ¶
func (a *Auth) Redirect(w http.ResponseWriter, r *http.Request)
Redirect handles the oAuth /redirect endpoint. It gets an access token and returns it to the user in the form of a cookie
type AuthContextKey ¶
type AuthContextKey string
AuthContextKey is a unique type to prevent collisions when using context.WithValue()
Source Files