Documentation ¶
Index ¶
- type ActiveDirectorySessionData
- type CustomSessionData
- type LDAPSessionData
- type OIDCSessionData
- type PinnipedSession
- func (s *PinnipedSession) Clone() fosite.Session
- func (s *PinnipedSession) GetExpiresAt(key fosite.TokenType) time.Time
- func (s *PinnipedSession) GetSubject() string
- func (s *PinnipedSession) GetUsername() string
- func (s *PinnipedSession) IDTokenClaims() *jwt.IDTokenClaims
- func (s *PinnipedSession) IDTokenHeaders() *jwt.Headers
- func (s *PinnipedSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
- func (s *PinnipedSession) SetSubject(subject string)
- type ProviderType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActiveDirectorySessionData ¶
type ActiveDirectorySessionData struct { UserDN string `json:"userDN"` ExtraRefreshAttributes map[string]string `json:"extraRefreshAttributes,omitempty"` }
ActiveDirectorySessionData is the additional data needed by Pinniped when the upstream IDP is an Active Directory provider.
type CustomSessionData ¶
type CustomSessionData struct { // The Kubernetes resource UID of the identity provider CRD for the upstream IDP used to start this session. // This should be validated again upon downstream refresh to make sure that we are not refreshing against // a different identity provider CRD which just happens to have the same name. // This implies that when a user deletes an identity provider CRD, then the sessions that were started // using that identity provider will not be able to perform any more downstream refreshes. ProviderUID types.UID `json:"providerUID"` // The Kubernetes resource name of the identity provider CRD for the upstream IDP used to start this session. // Used during a downstream refresh to decide which upstream to refresh. // Also used to decide which of the pointer types below should be used. ProviderName string `json:"providerName"` // The type of the identity provider for the upstream IDP used to start this session. // Used during a downstream refresh to decide which upstream to refresh. ProviderType ProviderType `json:"providerType"` // Only used when ProviderType == "oidc". OIDC *OIDCSessionData `json:"oidc,omitempty"` LDAP *LDAPSessionData `json:"ldap,omitempty"` ActiveDirectory *ActiveDirectorySessionData `json:"activedirectory,omitempty"` }
CustomSessionData is the custom session data needed by Pinniped. It should be treated as a union type, where the value of ProviderType decides which other fields to use.
type LDAPSessionData ¶
type LDAPSessionData struct { UserDN string `json:"userDN"` ExtraRefreshAttributes map[string]string `json:"extraRefreshAttributes,omitempty"` }
LDAPSessionData is the additional data needed by Pinniped when the upstream IDP is an LDAP provider.
type OIDCSessionData ¶
type OIDCSessionData struct {
UpstreamRefreshToken string `json:"upstreamRefreshToken"`
}
OIDCSessionData is the additional data needed by Pinniped when the upstream IDP is an OIDC provider.
type PinnipedSession ¶
type PinnipedSession struct { // Delegate most things to the standard fosite OpenID JWT session. Fosite *openid.DefaultSession `json:"fosite,omitempty"` // Custom Pinniped extensions to the session data. Custom *CustomSessionData `json:"custom,omitempty"` }
PinnipedSession is a session container which includes the fosite standard stuff plus custom Pinniped stuff.
func NewPinnipedSession ¶
func NewPinnipedSession() *PinnipedSession
NewPinnipedSession returns a new empty session.
func (*PinnipedSession) Clone ¶
func (s *PinnipedSession) Clone() fosite.Session
func (*PinnipedSession) GetExpiresAt ¶
func (s *PinnipedSession) GetExpiresAt(key fosite.TokenType) time.Time
func (*PinnipedSession) GetSubject ¶
func (s *PinnipedSession) GetSubject() string
func (*PinnipedSession) GetUsername ¶
func (s *PinnipedSession) GetUsername() string
func (*PinnipedSession) IDTokenClaims ¶
func (s *PinnipedSession) IDTokenClaims() *jwt.IDTokenClaims
func (*PinnipedSession) IDTokenHeaders ¶
func (s *PinnipedSession) IDTokenHeaders() *jwt.Headers
func (*PinnipedSession) SetExpiresAt ¶
func (s *PinnipedSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
func (*PinnipedSession) SetSubject ¶
func (s *PinnipedSession) SetSubject(subject string)
type ProviderType ¶
type ProviderType string
const ( ProviderTypeOIDC ProviderType = "oidc" ProviderTypeLDAP ProviderType = "ldap" ProviderTypeActiveDirectory ProviderType = "activedirectory" )