authenticator

package
v0.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 3, 2025 License: MPL-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Package authenticator is responsible for handling the authentication of users with third party identity providers.

Index

Constants

View Source
const (
	EmailClaim claim = "email"
	SubClaim   claim = "sub"
	NameClaim  claim = "name"

	DefaultUsernameClaim = NameClaim
)

Variables

View Source
var (
	// "openid" is a required scope for OpenID Connect flows, and profile
	// gives OTF access to the user's username.
	DefaultOIDCScopes       = []string{oidc.ScopeOpenID, "profile"}
	ErrMissingOIDCIssuerURL = errors.New("missing oidc-issuer-url")
)
View Source
var ErrOAuthCredentialsIncomplete = errors.New("must specify both client ID and client secret")

Functions

func NewAuthenticatorService

func NewAuthenticatorService(ctx context.Context, opts Options) (*service, error)

NewAuthenticatorService constructs a service for logging users onto the system. Supports multiple clients: zero or more clients that support an opaque token, and one client that supports IDToken/OIDC.

func NewOIDCIssuer

func NewOIDCIssuer(t *testing.T, username, aud, name string) string

NewOIDCIssuer creates an oidc issuer server and returns its url. For testing purposes.

Types

type IdentityProviderClient added in v0.1.14

type IdentityProviderClient interface {
	// GetCurrentUser retrieves the currently authenticated user
	GetCurrentUser(ctx context.Context) (string, error)
}

type OAuthClient

type OAuthClient struct {
	OAuthConfig

	// for retrieving OTF system hostname to construct redirect URLs
	*internal.HostnameService
	// contains filtered or unexported fields
}

OAuthClient performs the client role in an oauth handshake, requesting authorization from the user to access their account details on a particular cloud.

func (*OAuthClient) RequestPath

func (a *OAuthClient) RequestPath() string

func (*OAuthClient) String

func (a *OAuthClient) String() string

String provides a human-readable identifier for the oauth client, using the name of its underlying cloud provider

type OAuthConfig added in v0.1.14

type OAuthConfig struct {
	Hostname            string
	ClientID            string
	ClientSecret        string
	Endpoint            oauth2.Endpoint
	Scopes              []string
	Name                string
	SkipTLSVerification bool
}

OAuthConfig is configuration for constructing an OAuth client

type OIDCConfig added in v0.1.14

type OIDCConfig struct {
	// Name is the user-friendly identifier of the OIDC endpoint.
	Name string
	// IssuerURL is the issuer url for the OIDC provider.
	IssuerURL string
	// ClientID is the client id for the OIDC provider.
	ClientID string
	// ClientSecret is the client secret for the OIDC provider.
	ClientSecret string
	// Skip TLS Verification when communicating with issuer.
	SkipTLSVerification bool
	// Scopes to request from the OIDC provider.
	Scopes []string
	// UsernameClaim is the claim that provides the username.
	UsernameClaim string
}

OIDCConfig is the configuration for a generic OIDC provider.

type OpaqueHandlerConfig added in v0.1.14

type OpaqueHandlerConfig struct {
	OAuthConfig
	ClientConstructor func(cfg OAuthConfig, token *oauth2.Token) (IdentityProviderClient, error)
}

type Options

type Options struct {
	logr.Logger
	html.Renderer

	*internal.HostnameService

	UserService          userService
	TokensService        *tokens.Service
	OpaqueHandlerConfigs []OpaqueHandlerConfig
	IDTokenHandlerConfig OIDCConfig
	SkipTLSVerification  bool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL