Documentation ¶
Index ¶
- func AuthorizeScopes(manager Manager, user User, scopes map[string]bool) (map[string]bool, map[string]bool)
- func GetSessionRef(label string, audience string, userID string) *string
- func GetUserClaimsForScopes(user User, scopes map[string]bool, ...) map[string]jwt.Claims
- func NewContext(ctx context.Context, auth AuthRecord) context.Context
- type AuthRecord
- type Config
- type IsHandledError
- type LoginRequiredError
- type Manager
- type PublicUser
- type RedirectError
- type User
- type UserWithClaims
- type UserWithEmail
- type UserWithID
- type UserWithProfile
- type UserWithScopedClaims
- type UserWithSessionRef
- type UserWithUniqueID
- type UserWithUsername
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthorizeScopes ¶
func AuthorizeScopes(manager Manager, user User, scopes map[string]bool) (map[string]bool, map[string]bool)
AuthorizeScopes uses the provided manager and user to filter the provided scopes and returns a mapping of only the authorized scopes.
func GetSessionRef ¶
GetSessionRef builds a per user and audience unique identifier.
func GetUserClaimsForScopes ¶
func GetUserClaimsForScopes(user User, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap) map[string]jwt.Claims
GetUserClaimsForScopes returns a mapping of user claims of the provided user filtered by the provided scopes.
func NewContext ¶
func NewContext(ctx context.Context, auth AuthRecord) context.Context
NewContext returns a new Context that carries value auth.
Types ¶
type AuthRecord ¶
type AuthRecord interface { Manager() Manager Subject() string AuthorizedScopes() map[string]bool AuthorizeScopes(map[string]bool) AuthorizedClaims() *payload.ClaimsRequest AuthorizeClaims(*payload.ClaimsRequest) Claims(...string) []jwt.Claims User() PublicUser SetUser(PublicUser) LoggedOn() (bool, time.Time) SetAuthTime(time.Time) }
AuthRecord is an interface which provides identity auth information with scopes and claims..
func FromContext ¶
func FromContext(ctx context.Context) (AuthRecord, bool)
FromContext returns the AuthRecord value stored in ctx, if any.
func NewAuthRecord ¶
func NewAuthRecord(manager Manager, sub string, authorizedScopes map[string]bool, authorizedClaims *payload.ClaimsRequest, claimsByScope map[string]jwt.Claims) AuthRecord
NewAuthRecord returns a implementation of identity.AuthRecord holding the provided data in memory.
type Config ¶
type Config struct { SignInFormURI *url.URL SignedOutURI *url.URL ScopesSupported []string Logger logrus.FieldLogger }
Config defines a IdentityManager's configuration settings.
type IsHandledError ¶
type IsHandledError struct { }
IsHandledError is an error which tells that the backend has handled the request and all further handling should stop
func (*IsHandledError) Error ¶
func (err *IsHandledError) Error() string
Error implements the error interface.
type LoginRequiredError ¶
type LoginRequiredError struct {
// contains filtered or unexported fields
}
LoginRequiredError which backends can return to indicate that sign-in is required.
func NewLoginRequiredError ¶
func NewLoginRequiredError(id string, signInURI *url.URL) *LoginRequiredError
NewLoginRequiredError creates a new corresponding error with the provided id.
func (*LoginRequiredError) Error ¶
func (err *LoginRequiredError) Error() string
Error implements the error interface.
func (*LoginRequiredError) SignInURI ¶
func (err *LoginRequiredError) SignInURI() *url.URL
SignInURI returns the sign-in URL of the accociated error.
type Manager ¶
type Manager interface { Authenticate(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, next Manager) (AuthRecord, error) Authorize(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, auth AuthRecord) (AuthRecord, error) EndSession(ctx context.Context, rw http.ResponseWriter, req *http.Request, esr *payload.EndSessionRequest) error ApproveScopes(ctx context.Context, sub string, audience string, approvedScopesList map[string]bool) (string, error) ApprovedScopes(ctx context.Context, sub string, audience string, ref string) (map[string]bool, error) Fetch(ctx context.Context, userID string, sessionRef *string, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap, requestedScopes map[string]bool) (AuthRecord, bool, error) Name() string ScopesSupported(scopes map[string]bool) []string ClaimsSupported(claims []string) []string AddRoutes(ctx context.Context, router *mux.Router) OnSetLogon(func(ctx context.Context, rw http.ResponseWriter, user User) error) error OnUnsetLogon(func(ctx context.Context, rw http.ResponseWriter) error) error }
Manager is a interface to define a identity manager.
type PublicUser ¶
PublicUser is a user with a public Subject and a raw id.
type RedirectError ¶
type RedirectError struct {
// contains filtered or unexported fields
}
RedirectError is an error which backends can return if a redirection is required.
func NewRedirectError ¶
func NewRedirectError(id string, redirectURI *url.URL) *RedirectError
NewRedirectError creates a new corresponding error with the provided id and redirect URL.
func (*RedirectError) Error ¶
func (err *RedirectError) Error() string
Error implements the error interface.
func (*RedirectError) RedirectURI ¶
func (err *RedirectError) RedirectURI() *url.URL
RedirectURI returns the redirection URL of the accociated error.
type User ¶
type User interface {
Subject() string
}
User defines a most simple user with an id defined as subject.
type UserWithClaims ¶
type UserWithClaims interface { User Claims() jwt.MapClaims }
UserWithClaims is a User with jwt claims.
type UserWithEmail ¶
UserWithEmail is a User with Email.
type UserWithID ¶
UserWithID is a User with a locally unique numeric id.
type UserWithProfile ¶
UserWithProfile is a User with Name.
type UserWithScopedClaims ¶
type UserWithScopedClaims interface { User ScopedClaims(authorizedScopes map[string]bool) jwt.MapClaims }
UserWithScopedClaims is a user with jwt claims bound to provided scopes.
type UserWithSessionRef ¶
UserWithSessionRef is a user which supports an underlaying session reference.
type UserWithUniqueID ¶
UserWithUniqueID is a User with a unique string id.
type UserWithUsername ¶
UserWithUsername is a User with an username different from subject.