Documentation ¶
Index ¶
- Variables
- func NewMiddleware(config *Config) (*fthttp.Middleware, error)
- func TokenSource(token *oauth2.Token) oauth2.TokenSource
- type AuthorizationCodeResponse
- type Authorizer
- type CertificateRepository
- func (cr *CertificateRepository) AddSecurityConfiguration(sc *SecurityConfiguration)
- func (cr *CertificateRepository) GetDefaultConfiguration() *SecurityConfiguration
- func (cr *CertificateRepository) GetSecurityConfiguration(host string) *SecurityConfiguration
- func (cr *CertificateRepository) RemoveSecurityConfiguration(host string)
- func (cr *CertificateRepository) SetDefaultConfiguration(sc *SecurityConfiguration)
- type Client
- func (c *Client) Configure(oauthConfig *model.OAuthConfig)
- func (c *Client) CurrentUser() (*model.UserData, error)
- func (client *Client) DefaultAuthorizer(config *ClientConfig) (Authorizer, error)
- func (c *Client) Initialize() error
- func (c *Client) IsAuthenticated() bool
- func (c *Client) Request(request *Request) (*http.Response, error)
- func (c *Client) SaveTokens(accessTokenJWT, refreshTokenJWT string) error
- func (c *Client) SetHTTPClient(client *http.Client)
- func (c *Client) Token() (*oauth2.Token, error)
- type ClientConfig
- type Config
- type KeyStore
- type KeyStoreError
- type KeyStoreErrorCode
- type Logger
- type LoggerExt
- func (log *LoggerExt) Debugf(format string, a ...interface{})
- func (log *LoggerExt) Debugln(a ...interface{})
- func (log *LoggerExt) Errorf(format string, a ...interface{})
- func (log *LoggerExt) Errorln(a ...interface{})
- func (log *LoggerExt) Infof(format string, a ...interface{})
- func (log *LoggerExt) Infoln(a ...interface{})
- func (log *LoggerExt) Warnf(format string, a ...interface{})
- func (log *LoggerExt) Warnln(a ...interface{})
- type Request
- type SecurityConfiguration
Constants ¶
This section is empty.
Variables ¶
var ( ErrNotAuthenticated = errors.New("the client is not authenticated") ErrNoRefreshToken = errors.New("no refresh token") ErrInvalidKeyStore = errors.New("invalid keystore") )
Common errors.
var ( KeyAccessToken = "access_token" KeyRefreshToken = "refresh_token" )
Common keys.
var (
ErrUnsupportedClientType = errors.New("unsupported client type")
)
Authorizer errors.
var NullLogger = &LoggerExt{nullLogger{}}
NullLogger is a Logger that discards all output.
var StdLogger = &LoggerExt{stdLogger{}}
StdLogger is a Logger that prints all logs to stdout.
Functions ¶
func NewMiddleware ¶
func NewMiddleware(config *Config) (*fthttp.Middleware, error)
NewMiddleware creates a middleware factory for FTAuth verification.
func TokenSource ¶
func TokenSource(token *oauth2.Token) oauth2.TokenSource
TokenSource provides a refreshing token source linked to the KeyStore which is compatible with the oauth2 library.
Types ¶
type AuthorizationCodeResponse ¶
AuthorizationCodeResponse holds the query parameters returned from a successful Authorize call, as well as an error if any error occurred.
func (*AuthorizationCodeResponse) String ¶
func (authResp *AuthorizationCodeResponse) String() string
type Authorizer ¶
type Authorizer interface { // Authorize returns a URL through which the user must authenticate. // The client is responsible for listening to redirect steps and // capturing the query parameters for use with Exchange. Authorize() (string, error) // Exchange communicates with the FTAuth server, exchanging the // authorization code for an access + refresh token. Exchange(authResp *AuthorizationCodeResponse) (*http.Client, error) }
Authorizer handles authorization with the server, invoking WebViews or HTTP requests as necessary on a platform basis.
type CertificateRepository ¶
type CertificateRepository struct {
// contains filtered or unexported fields
}
CertificateRepository holds a map of hosts to certificate pools for use with TLS handshake verification (i.e. certificate pinning).
func GetCertificateRepository ¶
func GetCertificateRepository() *CertificateRepository
GetCertificateRepository returns the main certificate repo for adding/removing security configurations.
func (*CertificateRepository) AddSecurityConfiguration ¶
func (cr *CertificateRepository) AddSecurityConfiguration(sc *SecurityConfiguration)
AddSecurityConfiguration configures the TLS client for request to the specified host.
func (*CertificateRepository) GetDefaultConfiguration ¶
func (cr *CertificateRepository) GetDefaultConfiguration() *SecurityConfiguration
GetDefaultConfiguration returns the default security configuration, i.e. the configuration used when a server's configuration has not been explicitly set.
func (*CertificateRepository) GetSecurityConfiguration ¶
func (cr *CertificateRepository) GetSecurityConfiguration(host string) *SecurityConfiguration
GetSecurityConfiguration returns the stored configuration for the given host, returning nil if not found.
func (*CertificateRepository) RemoveSecurityConfiguration ¶
func (cr *CertificateRepository) RemoveSecurityConfiguration(host string)
RemoveSecurityConfiguration resets the security configuration for the host, using the default security configuration instead.
func (*CertificateRepository) SetDefaultConfiguration ¶
func (cr *CertificateRepository) SetDefaultConfiguration(sc *SecurityConfiguration)
SetDefaultConfiguration sets the default security configuration, i.e. the configuration used when a server's configuration has not been explicitly set.
type Client ¶
type Client struct { Config *ClientConfig KeyStore KeyStore OauthConfig *model.OAuthConfig *LoggerExt sync.RWMutex // protects httpClient // contains filtered or unexported fields }
Client communicates with HTTP services on behalf of an authenticated user.
func NewClient ¶
NewClient creates a new FTAuth client with the given options. Use DefaultOptions if unsure.
func (*Client) Configure ¶
func (c *Client) Configure(oauthConfig *model.OAuthConfig)
Configure initializes OAuth information for the FTAuth client. Depending on the provider, for example, it will change how we initialize it.
func (*Client) CurrentUser ¶
CurrentUser returns the currently logged in user, if authenticated.
func (*Client) DefaultAuthorizer ¶
func (client *Client) DefaultAuthorizer(config *ClientConfig) (Authorizer, error)
DefaultAuthorizer creates an Oauth2 confidential grant client. Public clients should use their platform's implementation.
func (*Client) Initialize ¶
Initialize loads the client with cached values from the KeyStore.
func (*Client) IsAuthenticated ¶
IsAuthenticated returns true if the user has an authenticated HTTP client.
func (*Client) Request ¶
Request performs an HTTP request on behalf of the authenticated user, automatically refreshing credentials as needed.
func (*Client) SaveTokens ¶
SaveTokens validates and stores the tokens in the Keystore.
func (*Client) SetHTTPClient ¶
SetHTTPClient sets the HTTP client for internal use.
type ClientConfig ¶
type ClientConfig struct { GatewayURL string `json:"gateway_url"` ClientID string `json:"client_id"` ClientSecret string `json:"client_secret"` ClientType model.ClientType `json:"client_type"` RedirectURI string `json:"redirect_uri"` Scopes []string `json:"scopes"` Timeout uint `json:"timeout"` // contains filtered or unexported fields }
ClientConfig holds configuration information for the FTAuth client.
func (*ClientConfig) Valid ¶
func (c *ClientConfig) Valid() error
Valid returns an error if there are missing or invalid fields, otherwise nil.
type Config ¶
type Config struct { KeyStore KeyStore Logger *LoggerExt ClientConfig *ClientConfig }
Config holds options for configuring the client. Use DefaultOptions if unsure.
type KeyStore ¶
type KeyStore interface { Save(key string, value []byte) error Get(key string) ([]byte, error) Delete(key string) error Clear() error }
KeyStore exchanges private key data with a backend keychain. Implementations will vary by client, but all should be encrypted or reasonably protected against attacks.
type KeyStoreError ¶
type KeyStoreError struct { Code KeyStoreErrorCode Details string }
KeyStoreError represents an error in retrieving or saving keys to the keychain. It provides a common error type across many platform implementations.
func (*KeyStoreError) Error ¶
func (err *KeyStoreError) Error() string
type KeyStoreErrorCode ¶
type KeyStoreErrorCode int
KeyStoreErrorCode represents the different error types expected from a KeyStore implementation.
const ( KeyStoreErrorCodeUnknown KeyStoreErrorCode = iota // an unknown error occurred KeyStoreErrorCodeAccess // error accessing the keychain (e.g. i/o error) KeyStoreErrorCodeKey // an error accessing the key (i.e. not found) )
KeyStoreErrorCodes
func (KeyStoreErrorCode) Description ¶
func (code KeyStoreErrorCode) Description() string
Description provides a human-readable description of the error code.
type LoggerExt ¶
type LoggerExt struct {
Logger
}
LoggerExt wraps the Logger interface to define extra Go-specific helper functions. These functions cannot be part of the main interface but are helpful on the Go side.
func (*LoggerExt) Debugf ¶
Debugf formats according to fmt.Sprintf and calls log.Debug on the result.
func (*LoggerExt) Debugln ¶
func (log *LoggerExt) Debugln(a ...interface{})
Debugln formats according to fmt.Sprintln and calls log.Debug on the result.
func (*LoggerExt) Errorf ¶
Errorf formats according to fmt.Sprintf and calls log.Error on the result.
func (*LoggerExt) Errorln ¶
func (log *LoggerExt) Errorln(a ...interface{})
Errorln formats according to fmt.Sprintln and calls log.Error on the result.
func (*LoggerExt) Infoln ¶
func (log *LoggerExt) Infoln(a ...interface{})
Infoln formats according to fmt.Sprintln and calls log.Info on the result.
type SecurityConfiguration ¶
type SecurityConfiguration struct { Host string // e.g. google.com TrustPublicPKI bool // contains filtered or unexported fields }
SecurityConfiguration holds a host-specific configuration for the rules to use when verifying a TLS handshake.
func NewSecurityConfiguration ¶
func NewSecurityConfiguration(host string, trustPublicPKI bool) *SecurityConfiguration
NewSecurityConfiguration creates a new configuration object for the given host. Must call CertficateRepository.AddSecurityConfiguration() for it to take effect.
func (*SecurityConfiguration) AddIntermediateASN1 ¶
func (sc *SecurityConfiguration) AddIntermediateASN1(asn1 []byte) error
AddIntermediateASN1 pins the intermediate certificate (in ASN1 DER format), adding it to the list of verified certificates for the host in this configuration.
func (*SecurityConfiguration) AddIntermediatePEM ¶
func (sc *SecurityConfiguration) AddIntermediatePEM(pem []byte) error
AddIntermediatePEM pins the intermediate certificate(s) (in PEM format), adding them to the list of verified certificates for the host in this configuration.
func (*SecurityConfiguration) ResetPinning ¶
func (sc *SecurityConfiguration) ResetPinning()
ResetPinning removes all intermediate certs and resets TrustSystemRoots to true.