providers

package
v3.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2019 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AzureProvider 

type AzureProvider struct {
	*ProviderData
	Tenant string
}

AzureProvider represents an Azure based Identity Provider

func NewAzureProvider 

func NewAzureProvider(p *ProviderData) *AzureProvider

NewAzureProvider initiates a new AzureProvider

func (*AzureProvider) Configure 

func (p *AzureProvider) Configure(tenant string)

Configure defaults the AzureProvider configuration options

func (*AzureProvider) GetEmailAddress 

func (p *AzureProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

type FacebookProvider 

type FacebookProvider struct {
	*ProviderData
}

FacebookProvider represents an Facebook based Identity Provider

func NewFacebookProvider 

func NewFacebookProvider(p *ProviderData) *FacebookProvider

NewFacebookProvider initiates a new FacebookProvider

func (*FacebookProvider) GetEmailAddress 

func (p *FacebookProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*FacebookProvider) ValidateSessionState 

func (p *FacebookProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type GitHubProvider 

type GitHubProvider struct {
	*ProviderData
	Org  string
	Team string
}

GitHubProvider represents an GitHub based Identity Provider

func NewGitHubProvider 

func NewGitHubProvider(p *ProviderData) *GitHubProvider

NewGitHubProvider initiates a new GitHubProvider

func (*GitHubProvider) GetEmailAddress 

func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*GitHubProvider) GetUserName 

func (p *GitHubProvider) GetUserName(s *SessionState) (string, error)

GetUserName returns the Account user name

func (*GitHubProvider) SetOrgTeam 

func (p *GitHubProvider) SetOrgTeam(org, team string)

SetOrgTeam adds GitHub org reading parameters to the OAuth2 scope

type GitLabProvider 

type GitLabProvider struct {
	*ProviderData
}

GitLabProvider represents an GitLab based Identity Provider

func NewGitLabProvider 

func NewGitLabProvider(p *ProviderData) *GitLabProvider

NewGitLabProvider initiates a new GitLabProvider

func (*GitLabProvider) GetEmailAddress 

func (p *GitLabProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

type GoogleProvider 

type GoogleProvider struct {
	*ProviderData
	RedeemRefreshURL *url.URL
	// GroupValidator is a function that determines if the passed email is in
	// the configured Google group.
	GroupValidator func(string) bool
}

GoogleProvider represents an Google based Identity Provider

func NewGoogleProvider 

func NewGoogleProvider(p *ProviderData) *GoogleProvider

NewGoogleProvider initiates a new GoogleProvider

func (*GoogleProvider) Redeem 

func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

func (*GoogleProvider) RefreshSessionIfNeeded 

func (p *GoogleProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required

func (*GoogleProvider) SetGroupRestriction 

func (p *GoogleProvider) SetGroupRestriction(groups []string, adminEmail string, credentialsReader io.Reader)

SetGroupRestriction configures the GoogleProvider to restrict access to the specified group(s). AdminEmail has to be an administrative email on the domain that is checked. CredentialsFile is the path to a json file containing a Google service account credentials.

func (*GoogleProvider) ValidateGroup 

func (p *GoogleProvider) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured Google group(s).

type LinkedInProvider 

type LinkedInProvider struct {
	*ProviderData
}

LinkedInProvider represents an LinkedIn based Identity Provider

func NewLinkedInProvider 

func NewLinkedInProvider(p *ProviderData) *LinkedInProvider

NewLinkedInProvider initiates a new LinkedInProvider

func (*LinkedInProvider) GetEmailAddress 

func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*LinkedInProvider) ValidateSessionState 

func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type OIDCProvider 

type OIDCProvider struct {
	*ProviderData

	Verifier *oidc.IDTokenVerifier
}

OIDCProvider represents an OIDC based Identity Provider

func NewOIDCProvider 

func NewOIDCProvider(p *ProviderData) *OIDCProvider

NewOIDCProvider initiates a new OIDCProvider

func (*OIDCProvider) Redeem 

func (p *OIDCProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem exchanges the OAuth2 authentication token for an ID token

func (*OIDCProvider) RefreshSessionIfNeeded 

func (p *OIDCProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded checks if the session has expired and uses the RefreshToken to fetch a new ID token if required

WARNGING: This implementation is broken and does not check with the upstream OIDC provider before refreshing the session

type Provider 

type Provider interface {
	Data() *ProviderData
	GetEmailAddress(*SessionState) (string, error)
	GetUserName(*SessionState) (string, error)
	Redeem(string, string) (*SessionState, error)
	ValidateGroup(string) bool
	ValidateSessionState(*SessionState) bool
	GetLoginURL(redirectURI, finalRedirect string) string
	RefreshSessionIfNeeded(*SessionState) (bool, error)
	SessionFromCookie(string, *cookie.Cipher) (*SessionState, error)
	CookieForSession(*SessionState, *cookie.Cipher) (string, error)
}

Provider represents an upstream identity provider implementation

func New 

func New(provider string, p *ProviderData) Provider

New provides a new Provider based on the configured provider string

type ProviderData 

type ProviderData struct {
	ProviderName      string
	ClientID          string
	ClientSecret      string
	LoginURL          *url.URL
	RedeemURL         *url.URL
	ProfileURL        *url.URL
	ProtectedResource *url.URL
	ValidateURL       *url.URL
	Scope             string
	ApprovalPrompt    string
}

ProviderData contains information required to configure all implementations of OAuth2 providers

func (*ProviderData) CookieForSession 

func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)

CookieForSession serializes a session state for storage in a cookie

func (*ProviderData) Data 

func (p *ProviderData) Data() *ProviderData

Data returns the ProviderData

func (*ProviderData) GetEmailAddress 

func (p *ProviderData) GetEmailAddress(s *SessionState) (string, error)

GetEmailAddress returns the Account email address

func (*ProviderData) GetLoginURL 

func (p *ProviderData) GetLoginURL(redirectURI, state string) string

GetLoginURL with typical oauth parameters

func (*ProviderData) GetUserName 

func (p *ProviderData) GetUserName(s *SessionState) (string, error)

GetUserName returns the Account username

func (*ProviderData) Redeem 

func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)

Redeem provides a default implementation of the OAuth2 token redemption process

func (*ProviderData) RefreshSessionIfNeeded 

func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded should refresh the user's session if required and do nothing if a refresh is not required

func (*ProviderData) SessionFromCookie 

func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)

SessionFromCookie deserializes a session from a cookie value

func (*ProviderData) ValidateGroup 

func (p *ProviderData) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured provider email group(s).

func (*ProviderData) ValidateSessionState 

func (p *ProviderData) ValidateSessionState(s *SessionState) bool

ValidateSessionState validates the AccessToken

type SessionState 

type SessionState struct {
	AccessToken  string
	ExpiresOn    time.Time
	RefreshToken string
	Email        string
	User         string
}

SessionState is used to store information about the currently authenticated user session

func DecodeSessionState 

func DecodeSessionState(v string, c *cookie.Cipher) (s *SessionState, err error)

DecodeSessionState decodes the session cookie string into a SessionState

func (*SessionState) EncodeSessionState 

func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)

EncodeSessionState returns string representation of the current session

func (*SessionState) EncryptedString 

func (s *SessionState) EncryptedString(c *cookie.Cipher) (string, error)

EncryptedString encrypts the session state into a cookie string

func (*SessionState) IsExpired 

func (s *SessionState) IsExpired() bool

IsExpired checks whether the session has expired

func (*SessionState) String 

func (s *SessionState) String() string

String constructs a summary of the session state

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.