Documentation ¶
Overview ¶
Package idp defines the API provided by all identity providers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Register ¶
func Register(idpType string, f func(func(interface{}) error) (IdentityProvider, error))
Register is used by identity providers to register a function that can be used to unmarshal an identity provider type. When the identity provider with the given name is used, f will be called to unmarshal its parameters from YAML. Its argument will be an unmarshalYAML function that can be used to unmarshal the configuration parameters into its argument according to the rules specified in gopkg.in/yaml.v2.
Types ¶
type Config ¶
type Config struct {
IdentityProvider
}
Config allows an IdentityProvider instance to be unmarshaled from a YAML configuration file. The "type" field determines which registered provider is used for the unmarshaling.
func (*Config) UnmarshalYAML ¶
type DischargeTokenCreator ¶
type DischargeTokenCreator interface { // DischargeToken creates a new httpbakery.DischargeToken for the // given identity. DischargeToken(ctx context.Context, id *store.Identity) (*httpbakery.DischargeToken, error) }
A DischargeTokenCreator is used by the identity providers to create a new httpbakery.DischargeToken for authenticated identity.
type IdentityProvider ¶
type IdentityProvider interface { // Name is the short name for the identity provider, this will // appear in urls. Name() string // Domain is the domain in which this identity provider will // create users. Domain() string // Description is a name for the identity provider used to show // end users. Description() string // Interactive indicates whether login is provided by the end // user interacting directly with the identity provider (usually // through a web browser). Interactive() bool // Init is used to perform any one time initialization tasks that // are needed for the identity provider. Init is called once by // the identity manager once it has determined the identity // providers final location, any initialization tasks that depend // on having access to the final URL, or the per identity // provider database should be performed here. Init(ctx context.Context, params InitParams) error // URL returns the URL to use to attempt a login with this // identity provider. If the identity provider is interactive // then the user will be automatically redirected to the URL. // Otherwise the URL is returned in the response to a // request for login methods. URL(dischargeID string) string // SetInteraction adds interaction information for this identity // provider to the given interaction required error. SetInteraction(ierr *httpbakery.Error, dischargeID string) // Handle handles any requests sent to the identity provider's // endpoints. The URL.Path in the request will contain only the // handler local path, that is the part after URLPrefix above. // The given request will have had ParseForm called. Handle(ctx context.Context, w http.ResponseWriter, req *http.Request) // GetGroups retrieves additional group information that is // stored in the identity provider for the given identity. // TODO define what happens when the identity doesn't exist. GetGroups(ctx context.Context, id *store.Identity) (groups []string, err error) }
IdentityProvider is the interface that is satisfied by all identity providers.
type InitParams ¶
type InitParams struct { // Store contains the identity store being used in the identity // server. Store store.Store // KeyValueStore contains a store that the provider may use to // store additional data that is not related to identities. KeyValueStore simplekv.Store // Oven contains an oven that may be used in the identity // provider to mint new macaroons. Oven *bakery.Oven // Key contains the identity server's public/private key pair. Key *bakery.KeyPair // URLPrefix contains the prefix of all requests to the Handle // method. The URL.Path parameter in the request passed to handle // will contain only the part after this prefix. URLPrefix string // DischargeTokenCreator is the DischargeTokenCreator that the identity // provider should use to create discharge tokens. DischargeTokenCreator DischargeTokenCreator // VisitCompleter is the LoginCompleter that the identity // provider should use to complete visit requests. VisitCompleter VisitCompleter // Template contains the templates loaded in the identity server. Template *template.Template }
InitParams are passed to the identity provider to initialise it.
type VisitCompleter ¶
type VisitCompleter interface { // Success is used by an identity provider to indicate that a // successful login has been completed for the given identity. Success(ctx context.Context, w http.ResponseWriter, req *http.Request, dischargeID string, id *store.Identity) // Failure is used by an identity provider to indicate that a // login attempt has failed with the specified error. Failure(ctx context.Context, w http.ResponseWriter, req *http.Request, dischargeID string, err error) // RedirectFailure redirects to the given returnTo address with the given error. RedirectFailure(ctx context.Context, w http.ResponseWriter, req *http.Request, returnTo, state string, err error) // RedirectSuccess redirects to the given returnTo address // providing a code which can be used by the client to obtain a // disharge token for the given id. RedirectSuccess(ctx context.Context, w http.ResponseWriter, req *http.Request, returnTo, state string, id *store.Identity) }
A VisitCompleter is used by the identity providers to finish login visit attempts.
Directories ¶
Path | Synopsis |
---|---|
Package agent is an identity provider that uses the agent authentication scheme.
|
Package agent is an identity provider that uses the agent authentication scheme. |
Package azure is an identity provider that authenticates with azure.
|
Package azure is an identity provider that authenticates with azure. |
Package google is an identity provider that authenticates with google.
|
Package google is an identity provider that authenticates with google. |
Package idputil contains utility routines common to many identity providers.
|
Package idputil contains utility routines common to many identity providers. |
Package keystone contains identity providers that validate against keystone servers.
|
Package keystone contains identity providers that validate against keystone servers. |
internal/keystone
Package keystone implements a keystone client.
|
Package keystone implements a keystone client. |
Package ldap contains identity providers that validate against ldap servers.
|
Package ldap contains identity providers that validate against ldap servers. |
Package openid provides identity providers that use OpenID to determine the identity.
|
Package openid provides identity providers that use OpenID to determine the identity. |
Package test contains an identity provider useful for testing other parts of the system.
|
Package test contains an identity provider useful for testing other parts of the system. |
Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID.
|
Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID. |
internal/kvnoncestore
Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore.
|
Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore. |
ussodischarge
Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol.
|
Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol. |
ussodischarge/cmd/login
login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol.
|
login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol. |
ussooauth
Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth.
|
Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth. |