auth

package
v0.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 5, 2020 License: AGPL-3.0 Imports: 20 Imported by: 7

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetClaimsFromTokenInRequest

func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error)

func GetConsoleCredentialsForOperator

func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error)

GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Login

func GetConsoleCredentialsFromLDAP

func GetConsoleCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)

GetConsoleCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled if the authentication succeed *credentials.Login object is returned and we continue with the normal STSAssumeRole flow

func GetTokenFromRequest

func GetTokenFromRequest(r *http.Request) (*string, error)

GetTokenFromRequest returns a token from a http Request either defined on a cookie `token` or on Authorization header.

Authorization Header needs to be like "Authorization Bearer <token>"

func IsSessionTokenValid added in v0.3.4

func IsSessionTokenValid(token string) bool

IsSessionTokenValid returns true or false depending if the provided session token is valid or not

func NewEncryptedTokenForClient added in v0.3.4

func NewEncryptedTokenForClient(credentials *credentials.Value, actions []string) (string, error)

NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first encrypts the claims and the sign them

Types

type DecryptedClaims

type DecryptedClaims struct {
	AccessKeyID     string
	SecretAccessKey string
	SessionToken    string
	Actions         []string
}

DecryptedClaims claims struct for decrypted credentials

func SessionTokenAuthenticate added in v0.3.4

func SessionTokenAuthenticate(token string) (*DecryptedClaims, error)

SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature if the session token claims are valid we proceed to decrypt the information inside

returns claims after validation in the following format:

type DecryptedClaims struct {
	AccessKeyID
	SecretAccessKey
	SessionToken
}

type IdentityProvider

type IdentityProvider struct {
	Client IdentityProviderClient
}

Interface implementation

Define the structure of a IdentityProvider Client and define the functions that are actually used during the authentication flow.

func (IdentityProvider) GenerateLoginURL

func (c IdentityProvider) GenerateLoginURL() string

GenerateLoginURL returns a new URL used by the user to login against the idp

func (IdentityProvider) VerifyIdentity

func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error)

VerifyIdentity will verify the user identity against the idp using the authorization code flow

type IdentityProviderClient

type IdentityProviderClient interface {
	VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error)
	GenerateLoginURL() string
}

IdentityProviderClient interface with all functions to be implemented by mock when testing, it should include all IdentityProviderClient respective api calls that are used within this project.

type OperatorClient

type OperatorClient interface {
	Authenticate(context.Context) ([]byte, error)
}

OperatorClient interface with all functions to be implemented by mock when testing, it should include all OperatorClient respective api calls that are used within this project.

Directories

Path Synopsis
idp
oauth2
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL