oidc

package

v0.11.4 Latest Latest Go to latest Published: Aug 9, 2023 License: MPL-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/waypoint

Links

Open Source Insights

Documentation ¶

Overview ¶

Package oidc contains helpers for implementing OIDC-based auth for Waypoint servers and headless clients.

Index ¶

func ProviderConfig(am *pb.AuthMethod_OIDC, sc *pb.ServerConfig) (*oidc.Config, error)
func SelectorData(am *pb.AuthMethod_OIDC, idClaims, userClaims json.RawMessage) (map[string]interface{}, error)
type CallbackServer
- func NewCallbackServer() (*CallbackServer, error)
type ProviderCache
- func NewProviderCache() *ProviderCache

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ProviderConfig ¶

func ProviderConfig(am *pb.AuthMethod_OIDC, sc *pb.ServerConfig) (*oidc.Config, error)

ProviderConfig returns the OIDC provider configuration for an OIDC auth method. The ServerConfig argument can be nil. If it is not nil, then the server advertise addresses will be added as valid redirect URLs.

func SelectorData ¶

func SelectorData(
	am *pb.AuthMethod_OIDC,
	idClaims, userClaims json.RawMessage,
) (map[string]interface{}, error)

SelectorData returns the data for go-bexpr for selector evaluation. This is useful for server-side OIDC implementations, not client.

Types ¶

type CallbackServer ¶

type CallbackServer struct {
	// contains filtered or unexported fields
}

CallbackServer is started with NewCallbackServer and creates an HTTP server for handling loopback OIDC auth redirects.

func NewCallbackServer ¶

func NewCallbackServer() (*CallbackServer, error)

NewCallbackServer creates and starts a new local HTTP server for OIDC authentication to redirect to. This is used to capture the necessary information to complete the authentication.

func (*CallbackServer) Close ¶

func (s *CallbackServer) Close() error

Close cleans up and shuts down the server. On close, errors may be sent to ErrorCh and should be ignored. Because of that, you should call close outside of receiving any errors on that channel.

func (*CallbackServer) ErrorCh ¶

func (s *CallbackServer) ErrorCh() <-chan error

ErrorCh returns a channel where any errors are sent. Errors may be sent after Close and should be disregarded.

func (*CallbackServer) Nonce ¶

func (s *CallbackServer) Nonce() string

Nonce returns a generated nonce that can be used for the request.

func (*CallbackServer) RedirectUri ¶

func (s *CallbackServer) RedirectUri() string

RedirectUri is the redirect URI that should be provided for the auth.

func (*CallbackServer) ServeHTTP ¶

func (s *CallbackServer) ServeHTTP(w http.ResponseWriter, req *http.Request)

ServeHTTP implements http.Handler and handles the callback request. This isn't usually used directly. Instead, get the server address.

func (*CallbackServer) SuccessCh ¶

func (s *CallbackServer) SuccessCh() <-chan *pb.CompleteOIDCAuthRequest

SuccessCh returns a channel that gets sent a partially completed request to complete the OIDC auth with the Waypoint server.

type ProviderCache ¶

type ProviderCache struct {
	// contains filtered or unexported fields
}

ProviderCache is a cache for OIDC providers. OIDC providers are something you don't want to recreate per-request since they make HTTP requests themselves.

The ProviderCache purges a provider under two scenarios: (1) the provider config is updated and it is different and (2) after a set amount of time (see cacheExpiry for value) in case the remote provider configuration changed.

func NewProviderCache ¶

func NewProviderCache() *ProviderCache

NewProviderCache should be used to initialize a provider cache. This will start up background resources to manage the cache.

func (*ProviderCache) Clear ¶

func (c *ProviderCache) Clear()

Clear is called to delete all the providers in the cache.

func (*ProviderCache) Close ¶

func (c *ProviderCache) Close() error

Close implements io.Closer. This just calls Clear, but we implement io.Closer so that things that look for this interface implementation for "cleanup" will call this.

func (*ProviderCache) Delete ¶

func (c *ProviderCache) Delete(ctx context.Context, name string)

Delete force deletes a single auth method from the cache by name.

func (*ProviderCache) Get ¶

func (c *ProviderCache) Get(
	ctx context.Context, am *pb.AuthMethod, sc *pb.ServerConfig,
) (*oidc.Provider, error)

Get returns the OIDC provider for the given auth method configuration. This will initialize the provider if it isn't already in the cache or if the configuration changed.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL