Documentation ¶
Overview ¶
Package external implements an OAuth flow with an external identity provider
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler exposes an external oauth provider flow (including the call back) as an oauth.handlers.AuthenticationHandler to allow our internal oauth server to use an external oauth provider for authentication
func NewExternalOAuthRedirector ¶ added in v0.2.1
func NewExternalOAuthRedirector(provider Provider, state State, redirectURL string, success handlers.AuthenticationSuccessHandler, errorHandler handlers.AuthenticationErrorHandler, mapper authapi.UserIdentityMapper) (*Handler, error)
func (*Handler) AuthenticationRedirect ¶ added in v0.2.1
AuthenticationRedirect implements oauth.handlers.RedirectAuthHandler
type Provider ¶
type Provider interface { // NewConfig returns a client information that allows a standard oauth client to communicate with external oauth NewConfig() (*osincli.ClientConfig, error) // GetTransport returns the transport to use for server-to-server calls. If nil is returned, http.DefaultTransport is used. GetTransport() (http.RoundTripper, error) // AddCustomParameters allows an external oauth provider to provide parameters that are extension to the spec. Some providers require this. AddCustomParameters(*osincli.AuthorizeRequest) // GetUserIdentity takes the external oauth token information this and returns the user identity, isAuthenticated, and error GetUserIdentity(*osincli.AccessData) (authapi.UserIdentityInfo, bool, error) }
Provider encapsulates the URLs, configuration, any custom authorize request parameters, and the method for transforming an access token into an identity, for an external OAuth provider.
type RedirectorState ¶ added in v0.4.4
type RedirectorState interface { State handlers.AuthenticationSuccessHandler handlers.AuthenticationErrorHandler }
RedirectorState combines state generation/verification with redirections on authentication success and error
func CSRFRedirectingState ¶ added in v0.4.4
func CSRFRedirectingState(csrf csrf.CSRF) RedirectorState
type State ¶
type State interface { Generate(w http.ResponseWriter, req *http.Request) (string, error) Check(state string, req *http.Request) (bool, error) }
State handles generating and verifying the state parameter round-tripped to an external OAuth flow. Examples: CSRF protection, post authentication redirection