oathkeeper

package
v0.0.0-...-a423d60 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2024 License: Apache-2.0 Imports: 14 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// CertificateFlow missing godoc
	CertificateFlow AuthFlow = "Certificate"
	// OneTimeTokenFlow missing godoc
	OneTimeTokenFlow AuthFlow = "OneTimeToken"
	// OAuth2Flow missing godoc
	OAuth2Flow AuthFlow = "OAuth2"
	// JWTAuthFlow missing godoc
	JWTAuthFlow AuthFlow = "JWT"
	// ConsumerProviderFlow is using when we have consumer-provider and subscription relationship between them
	ConsumerProviderFlow AuthFlow = "Consumer-Provider"

	// ClientIDKey missing godoc
	ClientIDKey = "client_id"
	// EmailKey missing godoc
	EmailKey = "email"
	// UsernameKey missing godoc
	UsernameKey = "name"
	// GroupsKey missing godoc
	GroupsKey = "groups"
	// ClientIDCertKey missing godoc
	ClientIDCertKey = "client-id-from-certificate"
	// ClientIDCertIssuer missing godoc
	ClientIDCertIssuer = "client-certificate-issuer"
	// ClientIDTokenKey missing godoc
	ClientIDTokenKey = "client-id-from-token"
	// ExternalTenantKey missing godoc
	ExternalTenantKey = "tenant"
	// UserContextKey is a header key containing consumer data
	UserContextKey = "User_context"
	// ScopesKey missing godoc
	ScopesKey = "scope"
	// CertificateSubjectHeader represents a header key for cert subject
	CertificateSubjectHeader = "subject-from-certificate"
	// ConnectorIssuer missing godoc
	ConnectorIssuer = "connector"
	// ExternalIssuer missing godoc
	ExternalIssuer = "certificate-service"
)

Variables

This section is empty.

Functions

func NewReqDataParser

func NewReqDataParser() *reqDataParser

NewReqDataParser missing godoc

Types

type AuthDetails

type AuthDetails struct {
	AuthID        string
	AuthFlow      AuthFlow
	CertIssuer    string
	Authenticator *authenticator.Config
	ScopePrefixes []string
	Subject       string
	Region        string
}

AuthDetails contains information about the currently authenticated client - AuthID, AuthFlow and Authenticator to use for further processing

type AuthFlow

type AuthFlow string

AuthFlow wraps possible flows of auth like OAuth2, JWT and certificate

func (AuthFlow) IsCertFlow

func (f AuthFlow) IsCertFlow() bool

IsCertFlow missing godoc

func (AuthFlow) IsJWTFlow

func (f AuthFlow) IsJWTFlow() bool

IsJWTFlow missing godoc

func (AuthFlow) IsOAuth2Flow

func (f AuthFlow) IsOAuth2Flow() bool

IsOAuth2Flow missing godoc

func (AuthFlow) IsOneTimeTokenFlow

func (f AuthFlow) IsOneTimeTokenFlow() bool

IsOneTimeTokenFlow missing godoc

type ExtraData

type ExtraData struct {
	InternalConsumerID string
	ConsumerType       model.SystemAuthReferenceObjectType
	AccessLevels       []string
}

ExtraData represents the extra fields that might be provided in the incoming request

type ReqBody

type ReqBody struct {
	Subject string                 `json:"subject"`
	Extra   map[string]interface{} `json:"extra"`
	Header  http.Header            `json:"header"`
}

ReqBody represents parsed request input to the handler

type ReqData

type ReqData struct {
	Body   ReqBody
	Header http.Header
	// contains filtered or unexported fields
}

ReqData represents incoming request with parsed body and its header

func NewReqData

func NewReqData(ctx context.Context, reqBody ReqBody, reqHeader http.Header) ReqData

NewReqData missing godoc

func (*ReqData) ConsumerType

func (d *ReqData) ConsumerType() model.SystemAuthReferenceObjectType

ConsumerType gets consumer type from body extra if it exists.

func (*ReqData) ExtractCoordinates

func (d *ReqData) ExtractCoordinates() (authenticator.Coordinates, bool, error)

ExtractCoordinates extracts the authenticator coordinates from ReqData. The coordinates are stored in Body.Extra and the key for them is "authenticator_coordinates".

func (*ReqData) GetExternalTenantID

func (d *ReqData) GetExternalTenantID() (string, error)

GetExternalTenantID returns external tenant ID from the parsed request input if it is defined

func (*ReqData) GetExtraDataWithDefaults

func (d *ReqData) GetExtraDataWithDefaults() ExtraData

GetExtraDataWithDefaults gets body extra.

func (*ReqData) GetScopes

func (d *ReqData) GetScopes() (string, error)

GetScopes returns scopes from the parsed request input if defined

func (*ReqData) GetUserGroups

func (d *ReqData) GetUserGroups() []string

GetUserGroups returns group name or empty string if there's no group

func (*ReqData) GetUserScopes

func (d *ReqData) GetUserScopes(scopePrefixes []string) ([]string, error)

GetUserScopes returns scopes as string array from the parsed request input if defined; also it strips the scopes from any potential authenticator prefixes

func (*ReqData) InternalConsumerID

func (d *ReqData) InternalConsumerID() string

InternalConsumerID gets internal consumer id from body extra if it exists.

func (*ReqData) IsIntegrationSystemFlow

func (d *ReqData) IsIntegrationSystemFlow() bool

IsIntegrationSystemFlow returns true if a tenant header is missing or is provided, but it differs from the client ID found in the certificate

func (*ReqData) MarshalExtra

func (d *ReqData) MarshalExtra() (string, error)

MarshalExtra marshals the request data extra content

func (*ReqData) SetExternalTenantID

func (d *ReqData) SetExternalTenantID(id string)

SetExternalTenantID sets the external tenant ID in the Header collection

func (*ReqData) SetExtraFromClaims

func (d *ReqData) SetExtraFromClaims(claims jwt.MapClaims)

SetExtraFromClaims sets the data based on the JWT claims

func (*ReqData) TenantAccessLevels

func (d *ReqData) TenantAccessLevels() []string

TenantAccessLevels gets the granted tenant access levels from body extra if they exist.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL