Documentation
¶
Index ¶
- func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error)
- func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error)
- func GetConsoleCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)
- func GetTokenFromRequest(r *http.Request) (*string, error)
- func IsSessionTokenValid(token string) bool
- func NewEncryptedTokenForClient(credentials *credentials.Value, actions []string) (string, error)
- type DecryptedClaims
- type IdentityProvider
- type IdentityProviderClient
- type OperatorClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetConsoleCredentialsForOperator ¶
func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error)
GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Login
func GetConsoleCredentialsFromLDAP ¶
func GetConsoleCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)
GetConsoleCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled if the authentication succeed *credentials.Login object is returned and we continue with the normal STSAssumeRole flow
func GetTokenFromRequest ¶
GetTokenFromRequest returns a token from a http Request either defined on a cookie `token` or on Authorization header.
Authorization Header needs to be like "Authorization Bearer <token>"
func IsSessionTokenValid ¶ added in v0.3.4
IsSessionTokenValid returns true or false depending if the provided session token is valid or not
func NewEncryptedTokenForClient ¶ added in v0.3.4
func NewEncryptedTokenForClient(credentials *credentials.Value, actions []string) (string, error)
NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first encrypts the claims and the sign them
Types ¶
type DecryptedClaims ¶
type DecryptedClaims struct {
AccessKeyID string
SecretAccessKey string
SessionToken string
Actions []string
}
DecryptedClaims claims struct for decrypted credentials
func SessionTokenAuthenticate ¶ added in v0.3.4
func SessionTokenAuthenticate(token string) (*DecryptedClaims, error)
SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature if the session token claims are valid we proceed to decrypt the information inside
returns claims after validation in the following format:
type DecryptedClaims struct {
AccessKeyID
SecretAccessKey
SessionToken
}
type IdentityProvider ¶
type IdentityProvider struct {
Client IdentityProviderClient
}
Interface implementation
Define the structure of a IdentityProvider Client and define the functions that are actually used during the authentication flow.
func (IdentityProvider) GenerateLoginURL ¶
func (c IdentityProvider) GenerateLoginURL() string
GenerateLoginURL returns a new URL used by the user to login against the idp
func (IdentityProvider) VerifyIdentity ¶
func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error)
VerifyIdentity will verify the user identity against the idp using the authorization code flow
type IdentityProviderClient ¶
type IdentityProviderClient interface {
VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error)
GenerateLoginURL() string
}
IdentityProviderClient interface with all functions to be implemented by mock when testing, it should include all IdentityProviderClient respective api calls that are used within this project.
Source Files
Directories