oidcSupport

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2024 License: Apache-2.0 Imports: 17 Imported by: 2

Documentation

Index

Constants

View Source
const (
	EnvOidcProviderName = "HEXA_OIDC_PROVIDER_NAME"
	EnvOidcEnabled      = "HEXA_OIDC_ENABLED"
	EnvOidcClientId     = "HEXA_OIDC_CLIENT_ID"
	EnvOidcClientSecret = "HEXA_OIDC_CLIENT_SECRET"
	EnvOidcProviderUrl  = "HEXA_OIDC_PROVIDER_URL"
	EnvOidcRedirectUrl  = "HEXA_OIDC_REDIRECT_URL"
	EnvOidcLoginPath    = "HEXA_OIDC_LOGIN_PATH"  // HEXA_OIDC_LOGIN_URL is the handler path that will be used to start a login flow to the OIDC provider (default: /login)
	EnvOidcLogoutPath   = "HEXA_OIDC_LOGOUT_PATH" // HEXA_OIDC_LOGOUT_PATH is the path used to cancel the local session (default: /logout)
	DefOidcProviderName = "OpenID Login"
	DefOidcRedirectPath = "/redirect"
	DefOidcLoginPath    = "/"
	DefOidcLogoutPath   = "/logout"
)

Variables

This section is empty.

Functions

func AnnotateError

func AnnotateError(err error, annotation string, _ int) error

AnnotateError wraps an error with a message that is intended for a human end-user to read, plus an associated HTTP error code.

Types

type Handler

type Handler func(http.ResponseWriter, *http.Request) error

type HumanReadableError

type HumanReadableError interface {
	HumanError() string
	HTTPCode() int
}

HumanReadableError represents error information that can be fed back to a human user.

This prevents internal state that might be sensitive being leaked to the outside world.

It's also useful because raw error strings rarely make much sense to a human.

type HumanReadableWrapper

type HumanReadableWrapper struct {
	ToHuman string
	Code    int
	// contains filtered or unexported fields
}

HumanReadableWrapper implements HumanReadableError

func (HumanReadableWrapper) HTTPCode

func (h HumanReadableWrapper) HTTPCode() int

func (HumanReadableWrapper) HumanError

func (h HumanReadableWrapper) HumanError() string

type OidcClientHandler

type OidcClientHandler struct {
	ClientConfig   *oauth2.Config
	OidcConfig     *oidc.Config
	Verifier       *oidc.IDTokenVerifier
	Provider       *oidc.Provider
	LogoutPath     string
	LoginPath      string
	AuthPath       string
	Enabled        bool
	SessionHandler sessionSupport.SessionManager
	Middleware     func(handler Handler) Handler
	ErrorHandler   func(handler func(w http.ResponseWriter, r *http.Request) error) http.Handler
	MainPage       string
	ProviderName   string
	Resources      fs.FS
}

func NewOidcClientHandler

func NewOidcClientHandler(sessionHandler sessionSupport.SessionManager, resources fs.FS) (*OidcClientHandler, error)

func (*OidcClientHandler) HandleAuthorize added in v0.6.15

func (o *OidcClientHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) (err error)

HandleAuthorize is a Handler that redirects the user to Twitch for login, and provides the 'state' parameter which protects against login CSRF.

func (*OidcClientHandler) HandleLogin

func (o *OidcClientHandler) HandleLogin(w http.ResponseWriter, _ *http.Request) (err error)

HandleLogin is a Handler that shows a login button. In production, if the frontend is served / generated by Go, it should use html/template to prevent XSS attacks.

func (*OidcClientHandler) HandleLogout

func (o *OidcClientHandler) HandleLogout(w http.ResponseWriter, r *http.Request) (err error)

func (*OidcClientHandler) HandleOAuth2Callback

func (o *OidcClientHandler) HandleOAuth2Callback(w http.ResponseWriter, r *http.Request) (err error)

HandleOAuth2Callback is a Handler for oauth's 'redirect_uri' endpoint; it validates the state token and retrieves an OAuth token from the request parameters.

func (*OidcClientHandler) HandleSessionScope

func (o *OidcClientHandler) HandleSessionScope(next http.HandlerFunc, _ []string) http.HandlerFunc

func (*OidcClientHandler) InitHandlers

func (o *OidcClientHandler) InitHandlers(router *mux.Router)

InitHandlers initalizes the SessionHandler middleware and configures the login/logout/authorize endpoints if enabled

func (*OidcClientHandler) ParseIdTokenClaims added in v0.6.15

func (o *OidcClientHandler) ParseIdTokenClaims(rawIDToken string, claims interface{}) (err error)

ParseIdTokenClaims parses a raw token into a claims struct specified by claims

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL