identity

package
v0.64.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 19, 2024 License: Apache-2.0 Imports: 11 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthorizeScopes

func AuthorizeScopes(manager Manager, user User, scopes map[string]bool) (map[string]bool, map[string]bool)

AuthorizeScopes uses the provided manager and user to filter the provided scopes and returns a mapping of only the authorized scopes.

func GetSessionRef

func GetSessionRef(label string, audience string, userID string) *string

GetSessionRef builds a per user and audience unique identifier.

func GetUserClaimsForScopes

func GetUserClaimsForScopes(user User, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap) map[string]jwt.Claims

GetUserClaimsForScopes returns a mapping of user claims of the provided user filtered by the provided scopes.

func NewContext

func NewContext(ctx context.Context, auth AuthRecord) context.Context

NewContext returns a new Context that carries value auth.

Types

type AuthRecord

type AuthRecord interface {
	Manager() Manager
	Subject() string
	AuthorizedScopes() map[string]bool
	AuthorizeScopes(map[string]bool)
	AuthorizedClaims() *payload.ClaimsRequest
	AuthorizeClaims(*payload.ClaimsRequest)
	Claims(...string) []jwt.Claims

	User() PublicUser
	SetUser(PublicUser)

	LoggedOn() (bool, time.Time)
	SetAuthTime(time.Time)
}

AuthRecord is an interface which provides identity auth information with scopes and claims..

func FromContext

func FromContext(ctx context.Context) (AuthRecord, bool)

FromContext returns the AuthRecord value stored in ctx, if any.

func NewAuthRecord

func NewAuthRecord(manager Manager, sub string, authorizedScopes map[string]bool, authorizedClaims *payload.ClaimsRequest, claimsByScope map[string]jwt.Claims) AuthRecord

NewAuthRecord returns a implementation of identity.AuthRecord holding the provided data in memory.

type Config

type Config struct {
	SignInFormURI *url.URL
	SignedOutURI  *url.URL

	ScopesSupported []string

	Logger logrus.FieldLogger
}

Config defines a IdentityManager's configuration settings.

type IsHandledError

type IsHandledError struct {
}

IsHandledError is an error which tells that the backend has handled the request and all further handling should stop

func (*IsHandledError) Error

func (err *IsHandledError) Error() string

Error implements the error interface.

type LoginRequiredError

type LoginRequiredError struct {
	// contains filtered or unexported fields
}

LoginRequiredError which backends can return to indicate that sign-in is required.

func NewLoginRequiredError

func NewLoginRequiredError(id string, signInURI *url.URL) *LoginRequiredError

NewLoginRequiredError creates a new corresponding error with the provided id.

func (*LoginRequiredError) Error

func (err *LoginRequiredError) Error() string

Error implements the error interface.

func (*LoginRequiredError) SignInURI

func (err *LoginRequiredError) SignInURI() *url.URL

SignInURI returns the sign-in URL of the accociated error.

type Manager

type Manager interface {
	Authenticate(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, next Manager) (AuthRecord, error)
	Authorize(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, auth AuthRecord) (AuthRecord, error)
	EndSession(ctx context.Context, rw http.ResponseWriter, req *http.Request, esr *payload.EndSessionRequest) error

	ApproveScopes(ctx context.Context, sub string, audience string, approvedScopesList map[string]bool) (string, error)
	ApprovedScopes(ctx context.Context, sub string, audience string, ref string) (map[string]bool, error)

	Fetch(ctx context.Context, userID string, sessionRef *string, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap, requestedScopes map[string]bool) (AuthRecord, bool, error)

	Name() string
	ScopesSupported(scopes map[string]bool) []string
	ClaimsSupported(claims []string) []string

	AddRoutes(ctx context.Context, router *mux.Router)

	OnSetLogon(func(ctx context.Context, rw http.ResponseWriter, user User) error) error
	OnUnsetLogon(func(ctx context.Context, rw http.ResponseWriter) error) error
}

Manager is a interface to define a identity manager.

type PublicUser

type PublicUser interface {
	Subject() string
	Raw() string
}

PublicUser is a user with a public Subject and a raw id.

type RedirectError

type RedirectError struct {
	// contains filtered or unexported fields
}

RedirectError is an error which backends can return if a redirection is required.

func NewRedirectError

func NewRedirectError(id string, redirectURI *url.URL) *RedirectError

NewRedirectError creates a new corresponding error with the provided id and redirect URL.

func (*RedirectError) Error

func (err *RedirectError) Error() string

Error implements the error interface.

func (*RedirectError) RedirectURI

func (err *RedirectError) RedirectURI() *url.URL

RedirectURI returns the redirection URL of the accociated error.

type User

type User interface {
	Subject() string
}

User defines a most simple user with an id defined as subject.

type UserWithClaims

type UserWithClaims interface {
	User
	Claims() jwt.MapClaims
}

UserWithClaims is a User with jwt claims.

type UserWithEmail

type UserWithEmail interface {
	User
	Email() string
	EmailVerified() bool
}

UserWithEmail is a User with Email.

type UserWithID

type UserWithID interface {
	User
	ID() int64
}

UserWithID is a User with a locally unique numeric id.

type UserWithProfile

type UserWithProfile interface {
	User
	Name() string
	FamilyName() string
	GivenName() string
}

UserWithProfile is a User with Name.

type UserWithScopedClaims

type UserWithScopedClaims interface {
	User
	ScopedClaims(authorizedScopes map[string]bool) jwt.MapClaims
}

UserWithScopedClaims is a user with jwt claims bound to provided scopes.

type UserWithSessionRef

type UserWithSessionRef interface {
	User
	SessionRef() *string
}

UserWithSessionRef is a user which supports an underlaying session reference.

type UserWithUniqueID

type UserWithUniqueID interface {
	User
	UniqueID() string
}

UserWithUniqueID is a User with a unique string id.

type UserWithUsername

type UserWithUsername interface {
	User
	Username() string
}

UserWithUsername is a User with an username different from subject.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL