Documentation ¶
Index ¶
- Constants
- func DecryptPrivate(aead tink.AEAD, enc []byte) (*sessionpb.Private, error)
- func DecryptSessionCookie(aead tink.AEAD, c *http.Cookie) (*encryptedcookiespb.SessionCookie, error)
- func DecryptStateB64(aead tink.AEAD, enc string) (*encryptedcookiespb.OpenIDState, error)
- func DeriveCodeChallenge(codeVerifier string) string
- func EncryptPrivate(aead tink.AEAD, private *sessionpb.Private) ([]byte, error)
- func EncryptSessionCookie(aead tink.AEAD, pb *encryptedcookiespb.SessionCookie) (*http.Cookie, error)
- func EncryptStateB64(aead tink.AEAD, state *encryptedcookiespb.OpenIDState) (string, error)
- func GenerateCodeVerifier() string
- func GenerateNonce() []byte
- func HitRevocationEndpoint(ctx context.Context, doc *openid.DiscoveryDoc, params map[string]string) error
- func HitTokenEndpoint(ctx context.Context, doc *openid.DiscoveryDoc, params map[string]string) (*sessionpb.Private, time.Time, error)
- func MakeRedirectURL(base, dest string) (string, error)
- func NewSessionCookie(id session.ID) (*encryptedcookiespb.SessionCookie, tink.AEAD)
- func NormalizeURL(dest string) (string, error)
- func RegisterStoreImpl(impl StoreImpl)
- func RemoveCookie(rw http.ResponseWriter, r *http.Request, cookie string)
- func ShouldRefreshSession(ctx context.Context, ttl time.Duration) bool
- func UnsealPrivate(c *encryptedcookiespb.SessionCookie, s *sessionpb.Session) (*sessionpb.Private, tink.AEAD, error)
- type EndpointError
- type StoreImpl
Constants ¶
const (
// SessionCookieName is the name of the session cookie.
SessionCookieName = "LUCISID"
)
Variables ¶
This section is empty.
Functions ¶
func DecryptPrivate ¶
DecryptPrivate decrypts and deserializes sessionpb.Private proto.
func DecryptSessionCookie ¶
func DecryptSessionCookie(aead tink.AEAD, c *http.Cookie) (*encryptedcookiespb.SessionCookie, error)
DecryptSessionCookie decrypts the encrypted session cookie.
func DecryptStateB64 ¶
func DecryptStateB64(aead tink.AEAD, enc string) (*encryptedcookiespb.OpenIDState, error)
DecryptStateB64 decrypts and deserializes `state` used in OpneID protocol.
func DeriveCodeChallenge ¶
DeriveCodeChallenge derives code_challenge from the code_verifier.
func EncryptPrivate ¶
EncryptPrivate serializes and encrypts sessionpb.Private proto.
func EncryptSessionCookie ¶
func EncryptSessionCookie(aead tink.AEAD, pb *encryptedcookiespb.SessionCookie) (*http.Cookie, error)
EncryptSessionCookie produces the final session cookie.
func EncryptStateB64 ¶
func EncryptStateB64(aead tink.AEAD, state *encryptedcookiespb.OpenIDState) (string, error)
EncryptStateB64 serializes and encrypts `state` used in OpenID protocol.
func GenerateCodeVerifier ¶
func GenerateCodeVerifier() string
GenerateCodeVerifier generates a random string used as a code_verifier in the PKCE protocol.
func HitRevocationEndpoint ¶
func HitRevocationEndpoint(ctx context.Context, doc *openid.DiscoveryDoc, params map[string]string) error
HitRevocationEndpoint sends a request to the OpenID provider's revocation endpoint.
Returns nil if the token was successfully revoked or it is already invalid.
func HitTokenEndpoint ¶
func HitTokenEndpoint(ctx context.Context, doc *openid.DiscoveryDoc, params map[string]string) (*sessionpb.Private, time.Time, error)
HitTokenEndpoint sends a request to the OpenID provider's token endpoint.
Returns the produced tokens and their expiry time. Tags errors as transient if necessary.
func MakeRedirectURL ¶
MakeRedirectURL is used to generate login and logout URLs.
func NewSessionCookie ¶
func NewSessionCookie(id session.ID) (*encryptedcookiespb.SessionCookie, tink.AEAD)
NewSessionCookie generates a new session cookie (in a clear text form).
Generates the per-session encryption key and puts it into the produced cookie. Returns the AEAD primitive that can be used to encrypt things using the new per-session key.
func NormalizeURL ¶
NormalizeURL verifies URL is parsable and that it is relative.
func RegisterStoreImpl ¶
func RegisterStoreImpl(impl StoreImpl)
RegisterStoreImpl registers an available store implementation.
Called during init() time by packages that implements stores.
func RemoveCookie ¶
func RemoveCookie(rw http.ResponseWriter, r *http.Request, cookie string)
RemoveCookie sets a cookie to a past expiration date so that the browser can remove it.
It also replaces the value with junk, in case the browser decides to ignore the expiration time.
func ShouldRefreshSession ¶
ShouldRefreshSession returns true if we should refresh the session now.
The decision in based on `ttl`, which is a duration till the hard session staleness deadline. We attempt to refresh the session sooner.
func UnsealPrivate ¶
func UnsealPrivate(c *encryptedcookiespb.SessionCookie, s *sessionpb.Session) (*sessionpb.Private, tink.AEAD, error)
UnsealPrivate decrypts the private part of the session using the key from the cookie.
Returns the instantiated per-session AEAD primitive.
Types ¶
type EndpointError ¶
type EndpointError struct { Code string `json:"error"` // e.g. invalid_grant Description string `json:"error_description"` // human readable text }
EndpointError is returned on recognized error responses.
If the provider replies with some gibberish, some generic error will be returned instead.
func (*EndpointError) Error ¶
func (ee *EndpointError) Error() string
Error makes EndpointError implement `error` interface.
type StoreImpl ¶
type StoreImpl struct { ID string Factory func(ctx context.Context, namespace string) (session.Store, error) Deps []module.Dependency }
StoreImpl represents a factory for producing session.Store.
func StoreImpls ¶
func StoreImpls() []StoreImpl
StoreImpls returns registered store implementations.
Directories ¶
Path | Synopsis |
---|---|
Package fakecookies implements a cookie-based fake authentication method.
|
Package fakecookies implements a cookie-based fake authentication method. |