Documentation ¶
Index ¶
- Constants
- func MakeCookieMetadata(key, value string, flags ...string) string
- func MakeSignature(size int) ([]byte, error)
- type SessionManager
- func (mgr *SessionManager) Create(subject string) (string, error)
- func (mgr *SessionManager) OIDCProvider() (*oidc.Provider, error)
- func (mgr *SessionManager) OfflineAsScope() bool
- func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, error)
- func (mgr *SessionManager) ReissueClaims(claims jwt.MapClaims) (string, error)
- func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, error)
- func (mgr *SessionManager) VerifyUsernamePassword(username, password string) error
Constants ¶
const (
// SessionManagerClaimsIssuer fills the "iss" field of the token.
SessionManagerClaimsIssuer = "argocd"
)
Variables ¶
This section is empty.
Functions ¶
func MakeCookieMetadata ¶ added in v0.3.3
MakeCookieMetadata generates a string representing a Web cookie. Yum!
func MakeSignature ¶
MakeSignature generates a cryptographically-secure pseudo-random token, based on a given number of random bytes, for signing purposes.
Types ¶
type SessionManager ¶
type SessionManager struct {
// contains filtered or unexported fields
}
SessionManager generates and validates JWT tokens for login sessions.
func NewSessionManager ¶ added in v0.4.0
func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager
NewSessionManager creates a new session manager from ArgoCD settings
func (*SessionManager) Create ¶
func (mgr *SessionManager) Create(subject string) (string, error)
Create creates a new token for a given subject (user) and returns it as a string.
func (*SessionManager) OIDCProvider ¶ added in v0.4.0
func (mgr *SessionManager) OIDCProvider() (*oidc.Provider, error)
OIDCProvider lazily initializes and returns the OIDC provider, querying the well known oidc configuration path (http://example-argocd.com/api/dex/.well-known/openid-configuration). We have to initialize the proviver lazily since ArgoCD is an OIDC client to itself, which presents a chicken-and-egg problem of (1) serving dex over HTTP, and (2) querying the OIDC provider (ourselves) to initialize the app.
func (*SessionManager) OfflineAsScope ¶ added in v0.4.0
func (mgr *SessionManager) OfflineAsScope() bool
func (*SessionManager) Parse ¶
func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, error)
Parse tries to parse the provided string and returns the token claims.
func (*SessionManager) ReissueClaims ¶ added in v0.4.0
func (mgr *SessionManager) ReissueClaims(claims jwt.MapClaims) (string, error)
ReissueClaims re-issues and re-signs a new token signed by us, while preserving most of the claim values
func (*SessionManager) VerifyToken ¶ added in v0.4.0
func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, error)
VerifyToken verifies if a token is correct. Tokens can be issued either from us or by dex. We choose how to verify based on the issuer.
func (*SessionManager) VerifyUsernamePassword ¶ added in v0.4.0
func (mgr *SessionManager) VerifyUsernamePassword(username, password string) error
VerifyUsernamePassword verifies if a username/password combo is correct