oidcSupport

package

v0.7.2 Latest Latest Go to latest Published: Sep 26, 2024 License: Apache-2.0 Imports: 17 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hexa-org/policy-mapper

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AnnotateError(err error, annotation string, _ int) error
type Handler
type HumanReadableError
type HumanReadableWrapper
- func (h HumanReadableWrapper) HTTPCode() int
- func (h HumanReadableWrapper) HumanError() string
type OidcClientHandler
- func NewOidcClientHandler(sessionHandler sessionSupport.SessionManager, resources fs.FS) (*OidcClientHandler, error)

Constants ¶

View Source

const (
	EnvOidcProviderName = "HEXA_OIDC_PROVIDER_NAME"
	EnvOidcEnabled      = "HEXA_OIDC_ENABLED"
	EnvOidcClientId     = "HEXA_OIDC_CLIENT_ID"
	EnvOidcClientSecret = "HEXA_OIDC_CLIENT_SECRET"
	EnvOidcProviderUrl  = "HEXA_OIDC_PROVIDER_URL"
	EnvOidcRedirectUrl  = "HEXA_OIDC_REDIRECT_URL"
	EnvOidcLoginPath    = "HEXA_OIDC_LOGIN_PATH"  // HEXA_OIDC_LOGIN_URL is the handler path that will be used to start a login flow to the OIDC provider (default: /login)
	EnvOidcLogoutPath   = "HEXA_OIDC_LOGOUT_PATH" // HEXA_OIDC_LOGOUT_PATH is the path used to cancel the local session (default: /logout)
	DefOidcProviderName = "OpenID Login"
	DefOidcRedirectPath = "/redirect"
	DefOidcLoginPath    = "/"
	DefOidcLogoutPath   = "/logout"
)

Variables ¶

This section is empty.

Functions ¶

func AnnotateError ¶

func AnnotateError(err error, annotation string, _ int) error

AnnotateError wraps an error with a message that is intended for a human end-user to read, plus an associated HTTP error code.

Types ¶

type Handler ¶

type Handler func(http.ResponseWriter, *http.Request) error

type HumanReadableError ¶

type HumanReadableError interface {
	HumanError() string
	HTTPCode() int
}

HumanReadableError represents error information that can be fed back to a human user.

This prevents internal state that might be sensitive being leaked to the outside world.

It's also useful because raw error strings rarely make much sense to a human.

type HumanReadableWrapper ¶

type HumanReadableWrapper struct {
	ToHuman string
	Code    int
	// contains filtered or unexported fields
}

HumanReadableWrapper implements HumanReadableError

func (HumanReadableWrapper) HTTPCode ¶

func (h HumanReadableWrapper) HTTPCode() int

func (HumanReadableWrapper) HumanError ¶

func (h HumanReadableWrapper) HumanError() string

type OidcClientHandler ¶

type OidcClientHandler struct {
	ClientConfig   *oauth2.Config
	OidcConfig     *oidc.Config
	Verifier       *oidc.IDTokenVerifier
	Provider       *oidc.Provider
	LogoutPath     string
	LoginPath      string
	AuthPath       string
	Enabled        bool
	SessionHandler sessionSupport.SessionManager
	Middleware     func(handler Handler) Handler
	ErrorHandler   func(handler func(w http.ResponseWriter, r *http.Request) error) http.Handler
	MainPage       string
	ProviderName   string
	Resources      fs.FS
}

func NewOidcClientHandler ¶

func NewOidcClientHandler(sessionHandler sessionSupport.SessionManager, resources fs.FS) (*OidcClientHandler, error)

func (*OidcClientHandler) HandleAuthorize ¶ added in v0.6.15

func (o *OidcClientHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) (err error)

HandleAuthorize is a Handler that redirects the user to Twitch for login, and provides the 'state' parameter which protects against login CSRF.

func (*OidcClientHandler) HandleLogin ¶

func (o *OidcClientHandler) HandleLogin(w http.ResponseWriter, _ *http.Request) (err error)

HandleLogin is a Handler that shows a login button. In production, if the frontend is served / generated by Go, it should use html/template to prevent XSS attacks.

func (*OidcClientHandler) HandleLogout ¶

func (o *OidcClientHandler) HandleLogout(w http.ResponseWriter, r *http.Request) (err error)

func (*OidcClientHandler) HandleOAuth2Callback ¶

func (o *OidcClientHandler) HandleOAuth2Callback(w http.ResponseWriter, r *http.Request) (err error)

HandleOAuth2Callback is a Handler for oauth's 'redirect_uri' endpoint; it validates the state token and retrieves an OAuth token from the request parameters.

func (*OidcClientHandler) HandleSessionScope ¶

func (o *OidcClientHandler) HandleSessionScope(next http.HandlerFunc, _ []string) http.HandlerFunc

func (*OidcClientHandler) InitHandlers ¶

func (o *OidcClientHandler) InitHandlers(router *mux.Router)

InitHandlers initalizes the SessionHandler middleware and configures the login/logout/authorize endpoints if enabled

func (*OidcClientHandler) ParseIdTokenClaims ¶ added in v0.6.15

func (o *OidcClientHandler) ParseIdTokenClaims(rawIDToken string, claims interface{}) (err error)

ParseIdTokenClaims parses a raw token into a claims struct specified by claims

Source Files ¶

View all Source files

client.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL