Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthorizationError ¶
type AuthorizationError struct {
Err error
}
func (*AuthorizationError) Error ¶
func (e *AuthorizationError) Error() string
func (*AuthorizationError) Unwrap ¶
func (e *AuthorizationError) Unwrap() error
type Authorizer ¶ added in v0.1.1
type Authorizer interface { // AuthorizeSession authorizes the user/device session and returns an EnrollContext that can be passed to an EnrollmentGenerator. // If the request is not authorized, an error of type AuthorizationError is returned. AuthorizeSession(ctx context.Context, info *header.MachineInfo, oauth2Token *oauth2.Token, idToken *oidc.IDToken) (enrollprofile.Context, error) }
type CacheAuthorizer ¶
type CacheAuthorizer struct {
// contains filtered or unexported fields
}
CacheAuthorizer wraps an Authorizer and caches results for configurable durations. The cache uses the OIDC id_token subject as the cache key. Note: only errors that are AuthorizationError (when checked with errors.As) are cached.
func NewCacheAuthorizer ¶
func NewCacheAuthorizer(authorizer Authorizer, opts ...CacheOption) *CacheAuthorizer
func (CacheAuthorizer) AuthorizeSession ¶
func (a CacheAuthorizer) AuthorizeSession(ctx context.Context, info *header.MachineInfo, oauth2Token *oauth2.Token, idToken *oidc.IDToken) (enrollprofile.Context, error)
type CacheOption ¶
type CacheOption func(a *CacheAuthorizer)
func WithFailureCacheTTL ¶
func WithFailureCacheTTL(ttl time.Duration) CacheOption
WithFailureCacheTTL configures the cache to cache failed authorizations for the given duration. If left unconfigured, a default of 1 minute will be used.
func WithLogger ¶
func WithLogger(logger *slog.Logger) CacheOption
WithLogger configures the authorizer with the given logger If left unconfigured, logging will be disabled
func WithSuccessCacheTTL ¶
func WithSuccessCacheTTL(ttl time.Duration) CacheOption
WithSuccessCacheTTL configures the cache to cache successful authorizations for the given duration. If left unconfigured, a default of 10 minutes will be used
type NopAuthorizer ¶
type NopAuthorizer struct{}
NopAuthorizer authorizes every session
func (NopAuthorizer) AuthorizeSession ¶
func (a NopAuthorizer) AuthorizeSession(_ context.Context, _ *header.MachineInfo, _ *oauth2.Token, _ *oidc.IDToken) (enrollprofile.Context, error)