konnect

package module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 2, 2017 License: AGPL-3.0-only Imports: 4 Imported by: 1

README

Konnect

TL;DW

Make sure you have Go 1.8 installed. This assumes your GOPATH is ~/go and you have ~/go/bin in your $PATH and you have Glide installed as well.

Furthermore this also assumes that you have a set-up Konano with a reverse proxy on https://mykopano.local together with the proper proxy configuration to pass through all requests to the /konnect/v1/ prefix to 127.0.0.1:8777. also do not forget to reverse proxy /.well-known/openid-configuration as well.

Kopano Webapp needs to support the ?continue= request parameter and the domains of possible OIDC clients need to be added into webapp/config.php with the REDIRECT_ALLOWED_DOMAINS setting.

mkdir -p ~/go/src/stash.kopano.io/kc
cd ~/go/src/stash.kopano.io/kc
git clone <THIS-PROJECT> konnect
cd konnect
make
bin/konnectd serve --listen 127.0.0.1:8777 \
  --iss=https://mykopano.local \
  --insecure \
  --signInFormURI=https://mykopano.local/webapp/ \
  cookie https://mykopano.local/webapp/?load=custom&name=oidcuser KOPANO_WEBAPP encryption-store-key

For continuous use, create a RSA key-pair and provide the provide key file with the --key parameter.

Konnect can encrypt certain values inside its tokens. For that, create a hex-key with openssl rand -hex 32 and provide it with via the --secret parameter.

Run unit tests

cd ~/go/src/stash.kopano.io/kc/konnect
make test

Documentation

Index

Constants

View Source
const (
	IsAccessTokenClaim    = "kc.isAccessToken"
	AuthorizedScopesClaim = "kc.authorizedScopes"
	IsRefreshTokenClaim   = "kc.isRefreshToken"
	RefClaim              = "kc.ref"
	IdentityClaim         = "kc.identity"
)

Access token claims used by Konnect.

View Source
const (
	// ScopeID is the string value for the Konnect ID scope.
	ScopeID = "konnect/id"
)

Variables

This section is empty.

Functions

func FromClaimsContext

func FromClaimsContext(ctx context.Context) (jwt.Claims, bool)

FromClaimsContext returns the AuthRecord value stored in ctx, if any.

func NewClaimsContext

func NewClaimsContext(ctx context.Context, claims jwt.Claims) context.Context

NewClaimsContext returns a new Context that carries value auth.

Types

type AccessTokenClaims

type AccessTokenClaims struct {
	IsAccessToken        bool     `json:"kc.isAccessToken"`
	AuthorizedScopesList []string `json:"kc.authorizedScopes"`
	jwt.StandardClaims
	IdentityClaims jwt.MapClaims `json:"kc.identity"`
}

AccessTokenClaims define the claims found in access tokens issued by Konnect.

func (AccessTokenClaims) AuthorizedScopes

func (c AccessTokenClaims) AuthorizedScopes() map[string]bool

AuthorizedScopes returns a map with scope keys and true value of all scopes set in the accociated access token.

func (AccessTokenClaims) Valid

func (c AccessTokenClaims) Valid() error

Valid implements the jwt.Claims interface.

type RefreshTokenClaims

type RefreshTokenClaims struct {
	IsRefreshToken     bool     `json:"kc.isRefreshToken"`
	ApprovedScopesList []string `json:"kc.approvedScopes"`
	Ref                string   `json:"kc.ref"`
	jwt.StandardClaims
	IdentityClaims jwt.MapClaims `json:"kc.identity"`
}

RefreshTokenClaims define the claims used by refresh tokens.

func (RefreshTokenClaims) Valid

func (c RefreshTokenClaims) Valid() error

Valid implements the jwt.Claims interface.

type UserInfoResponse

type UserInfoResponse struct {
	*payload.UserInfoResponse

	// Note(longsleep): Additional response data for compatibility.
	ID       int64  `json:"id,omitempty"`
	UserName string `json:"username,omitempty"`
}

UserInfoResponse defines the data returned from the Konnect UserInfo endpoint. It is the standard ODIC response, extended with additional fields.

Directories

Path Synopsis
cmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL