Documentation ¶
Index ¶
- Constants
- func MakeCookieMetadata(key, value string, flags ...string) string
- func Username(ctx context.Context) string
- type SessionManager
- func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (string, error)
- func (mgr *SessionManager) OIDCProvider() (*oidc.Provider, error)
- func (mgr *SessionManager) OfflineAsScope() bool
- func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, error)
- func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, error)
- func (mgr *SessionManager) VerifyUsernamePassword(username, password string) error
Constants ¶
const (
// SessionManagerClaimsIssuer fills the "iss" field of the token.
SessionManagerClaimsIssuer = "argocd"
)
Variables ¶
This section is empty.
Functions ¶
func MakeCookieMetadata ¶ added in v0.3.3
MakeCookieMetadata generates a string representing a Web cookie. Yum!
Types ¶
type SessionManager ¶
type SessionManager struct {
// contains filtered or unexported fields
}
SessionManager generates and validates JWT tokens for login sessions.
func NewSessionManager ¶ added in v0.4.0
func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager
NewSessionManager creates a new session manager from ArgoCD settings
func (*SessionManager) Create ¶
func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (string, error)
Create creates a new token for a given subject (user) and returns it as a string. Passing a value of `0` for secondsBeforeExpiry creates a token that never expires.
func (*SessionManager) OIDCProvider ¶ added in v0.4.0
func (mgr *SessionManager) OIDCProvider() (*oidc.Provider, error)
OIDCProvider lazily initializes and returns the OIDC provider, querying the well known oidc configuration path (http://example-argocd.com/api/dex/.well-known/openid-configuration). We have to initialize the provider lazily since ArgoCD is an OIDC client to itself, which presents a chicken-and-egg problem of (1) serving dex over HTTP, and (2) querying the OIDC provider (ourselves) to initialize the app.
func (*SessionManager) OfflineAsScope ¶ added in v0.4.0
func (mgr *SessionManager) OfflineAsScope() bool
func (*SessionManager) Parse ¶
func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, error)
Parse tries to parse the provided string and returns the token claims for local superuser login.
func (*SessionManager) VerifyToken ¶ added in v0.4.0
func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, error)
VerifyToken verifies if a token is correct. Tokens can be issued either from us or by dex. We choose how to verify based on the issuer.
func (*SessionManager) VerifyUsernamePassword ¶ added in v0.4.0
func (mgr *SessionManager) VerifyUsernamePassword(username, password string) error
VerifyUsernamePassword verifies if a username/password combo is correct