Documentation ¶
Index ¶
- func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error)
- func GetMcsCredentialsForOperator(jwt string) (*credentials.Credentials, error)
- func GetMcsCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)
- func GetTokenFromRequest(r *http.Request) (*string, error)
- func IsJWTValid(token string) bool
- func NewJWTWithClaimsForClient(credentials *credentials.Value, actions []string, audience string) (string, error)
- type DecryptedClaims
- type IdentityProvider
- type IdentityProviderClient
- type OperatorClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetClaimsFromTokenInRequest ¶ added in v0.2.0
func GetMcsCredentialsForOperator ¶ added in v0.2.0
func GetMcsCredentialsForOperator(jwt string) (*credentials.Credentials, error)
GetMcsCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Credentials
func GetMcsCredentialsFromLDAP ¶ added in v0.0.4
func GetMcsCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)
GetMcsCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled if the authentication succeed *credentials.Credentials object is returned and we continue with the normal STSAssumeRole flow
func GetTokenFromRequest ¶ added in v0.2.0
GetTokenFromRequest returns a token from a http Request either defined on a cookie `token` or on Authorization header.
Authorization Header needs to be like "Authorization Bearer <jwt_token>"
func IsJWTValid ¶
IsJWTValid returns true or false depending if the provided jwt is valid or not
func NewJWTWithClaimsForClient ¶
func NewJWTWithClaimsForClient(credentials *credentials.Value, actions []string, audience string) (string, error)
NewJWTWithClaimsForClient generates a new jwt with claims based on the provided STS credentials, first encrypts the claims and the sign them
Types ¶
type DecryptedClaims ¶
type DecryptedClaims struct { AccessKeyID string SecretAccessKey string SessionToken string Actions []string }
DecryptedClaims claims struct for decrypted credentials
func JWTAuthenticate ¶
func JWTAuthenticate(token string) (*DecryptedClaims, error)
JWTAuthenticate takes a jwt, decode it, extract claims and validate the signature if the jwt claims.Data is valid we proceed to decrypt the information inside
returns claims after validation in the following format:
type DecryptedClaims struct { AccessKeyID SecretAccessKey SessionToken }
type IdentityProvider ¶
type IdentityProvider struct {
Client IdentityProviderClient
}
Interface implementation
Define the structure of a IdentityProvider Client and define the functions that are actually used during the authentication flow.
func (IdentityProvider) GenerateLoginURL ¶
func (c IdentityProvider) GenerateLoginURL() string
GenerateLoginURL returns a new URL used by the user to login against the idp
func (IdentityProvider) VerifyIdentity ¶
func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error)
VerifyIdentity will verify the user identity against the idp using the authorization code flow
type IdentityProviderClient ¶
type IdentityProviderClient interface { VerifyIdentity(ctx context.Context, code, state string) (*oauth2.User, error) GenerateLoginURL() string }
IdentityProviderClient interface with all functions to be implemented by mock when testing, it should include all IdentityProviderClient respective api calls that are used within this project.