Documentation ¶
Index ¶
- Constants
- type AuthorityMetadata
- type AuthorityRegistration
- type Details
- func (d *Details) IdentityClaimValue(claims interface{}) (string, map[string]interface{}, error)
- func (d *Details) IsReady() bool
- func (d *Details) JWTKeyfunc() jwt.Keyfunc
- func (d *Details) MakeRedirectAuthenticationRequestURL(state string) (*url.URL, map[string]interface{}, error)
- func (d *Details) MakeRedirectEndSessionRequestURL(ref interface{}, state string) (*url.URL, map[string]interface{}, error)
- func (d *Details) MakeRedirectEndSessionResponseURL(req interface{}, state string) (*url.URL, map[string]interface{}, error)
- func (d *Details) Metadata() interface{}
- func (d *Details) ParseStateResponse(req *http.Request, state string, extra map[string]interface{}) (interface{}, error)
- type Registry
- func (r *Registry) Default(ctx context.Context) *Details
- func (r *Registry) Find(ctx context.Context, selector func(authority AuthorityRegistration) bool) (AuthorityRegistration, bool)
- func (r *Registry) Get(ctx context.Context, authorityID string) (AuthorityRegistration, bool)
- func (r *Registry) Lookup(ctx context.Context, authorityID string) (*Details, error)
- func (r *Registry) Register(authority AuthorityRegistration) error
Constants ¶
const ( AuthorityTypeOIDC = "oidc" AuthorityTypeSAML2 = "saml2" )
Supported Authority kind string values.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthorityMetadata ¶
type AuthorityMetadata interface { }
type AuthorityRegistration ¶
type AuthorityRegistration interface { ID() string Name() string AuthorityType() string Authority() *Details Issuer() string Validate() error Initialize(ctx context.Context, registry *Registry) error MakeRedirectAuthenticationRequestURL(state string) (*url.URL, map[string]interface{}, error) MakeRedirectEndSessionRequestURL(ref interface{}, state string) (*url.URL, map[string]interface{}, error) MakeRedirectEndSessionResponseURL(req interface{}, state string) (*url.URL, map[string]interface{}, error) ParseStateResponse(req *http.Request, state string, extra map[string]interface{}) (interface{}, error) ValidateIdpEndSessionRequest(req interface{}, state string) (bool, error) ValidateIdpEndSessionResponse(res interface{}, state string) (bool, error) IdentityClaimValue(data interface{}) (string, map[string]interface{}, error) Metadata() AuthorityMetadata }
AuthorityRegistration defines an authority with its properties.
type Details ¶
type Details struct { ID string Name string AuthorityType string ClientID string ClientSecret string Trusted bool Insecure bool Scopes []string ResponseType string CodeChallengeMethod string EndSessionEnabled bool // contains filtered or unexported fields }
Details hold immutable information about external authorities identified by ID.
func (*Details) IdentityClaimValue ¶
IdentityClaimValue returns the identity claim value from the provided data.
func (*Details) IsReady ¶
IsReady returns wether or not the associated registration entry was ready at time of creation of the associated details.
func (*Details) JWTKeyfunc ¶
func (d *Details) JWTKeyfunc() jwt.Keyfunc
JWTKeyfunc returns a key func to validate JWTs with the keys of the associated authority registration.
func (*Details) MakeRedirectAuthenticationRequestURL ¶
func (d *Details) MakeRedirectAuthenticationRequestURL(state string) (*url.URL, map[string]interface{}, error)
MakeRedirectAuthenticationRequestURL returns the authentication request URL which can be used to initiate authentication with the associated authority. It takes a state as parameter and in addition to the URL it also returns a mapping of extra state data and potentially an error.
func (*Details) MakeRedirectEndSessionRequestURL ¶
func (d *Details) MakeRedirectEndSessionRequestURL(ref interface{}, state string) (*url.URL, map[string]interface{}, error)
MakeRedirectEndSessionRequestURL returns the end session request URL which can be used to initiate end session with the associated authority. It takes a state as paraeter and in addition to the URL it also returns a mappting of extra state data and potentially an error.
func (*Details) MakeRedirectEndSessionResponseURL ¶
func (d *Details) MakeRedirectEndSessionResponseURL(req interface{}, state string) (*url.URL, map[string]interface{}, error)
MakeRedirectEndSessionResponseURL returns the end session response URL which can be used to redirect back the response for an incoming end session request. It takes the authority specific request and a state, returning the destination url, additional state mapping and potential error.
func (*Details) ParseStateResponse ¶
func (d *Details) ParseStateResponse(req *http.Request, state string, extra map[string]interface{}) (interface{}, error)
ParseStateResponse takes an incoming request, a state and optional extra data and returns the parsed authority specific response data for that request or error.
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry implements the registry for registered authorities.
func NewRegistry ¶
func NewRegistry(ctx context.Context, baseURI *url.URL, registrationConfFilepath string, logger logrus.FieldLogger) (*Registry, error)
NewRegistry creates a new authorizations Registry with the provided parameters.
func (*Registry) Default ¶
Default returns the default authority from the associated registry if any.
func (*Registry) Find ¶
func (r *Registry) Find(ctx context.Context, selector func(authority AuthorityRegistration) bool) (AuthorityRegistration, bool)
Find returns the first registered authority that satisfies the provided selector function.
func (*Registry) Get ¶
Get returns the registered authorities registration for the provided client ID.
func (*Registry) Lookup ¶
Lookup returns and validates the authority Detail information for the provided parameters from the accociated authority registry.
func (*Registry) Register ¶
func (r *Registry) Register(authority AuthorityRegistration) error
Register validates the provided authority registration and adds the authority to the accociated registry if valid. Returns error otherwise.