authflow

package

v0.4.9 Latest Latest Go to latest Published: Sep 25, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/moov-io/authn

Documentation ¶

Index ¶

Variables
func NewAuthenticationResponseWriter(request *http.Request, response http.ResponseWriter, authFlow *authFlow, ...) http.ResponseWriter
func VerifyState(r *http.Request, state State) error
type AuthenticationFlow
- func NewAuthenticationFlow(logger logging.Logger, jweService jwe.JWEService) AuthenticationFlow
type LoginSession
type Register
type SessionConfig
type State
- func NewState() State

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrFlowDoesntMatch   = errors.New("flow doesn't match")
	ErrProviderChanged   = errors.New("provider changed mid flow")
	ErrCredentialMissing = errors.New("credential missing on finish")
)

Functions ¶

func NewAuthenticationResponseWriter ¶

func NewAuthenticationResponseWriter(request *http.Request, response http.ResponseWriter, authFlow *authFlow, session *LoginSession) http.ResponseWriter

func VerifyState ¶

func VerifyState(r *http.Request, state State) error

Types ¶

type AuthenticationFlow ¶

type AuthenticationFlow interface {
	Start(flow string, providerNames []string, request *http.Request, response http.ResponseWriter, run func(w http.ResponseWriter, session *LoginSession) error)

	Continue(provider string, w http.ResponseWriter, req *http.Request, run func(w http.ResponseWriter, session *LoginSession) error)

	Finish(flow string, response http.ResponseWriter, request *http.Request, run func(w http.ResponseWriter, session *LoginSession) (string, error))

	Failure(response http.ResponseWriter, request *http.Request, session *LoginSession, err error)
}

func NewAuthenticationFlow ¶

func NewAuthenticationFlow(logger logging.Logger, jweService jwe.JWEService) AuthenticationFlow

type LoginSession ¶

type LoginSession struct {
	jwe.Claims

	// CSRF state token used during login
	State State `json:"st"`

	// Domain this was created under and only usable under.
	Origin string `json:"or"`

	// Flow this session was stated with and must end with
	Flow string `json:"fl"`

	// List of available providers for the tenantID
	Providers []string `json:"ps,omitempty"`

	// Provider that supplied the SubjectID
	Provider string `json:"pv,omitempty"`

	// Unique ID of the user under the external provider.
	SubjectID string `json:"si,omitempty"`

	// Set during logging in everytime and used to look up credentials
	Issuer *string `json:"pi"` // Issuer attribute of the login

	// IP Address of the login
	IP string `json:"ip"`

	// Scope of what this token is allow to do.
	Scopes []string `json:"scp"`

	// Login URL for the start of the flow
	LoginURL string `json:"lu"`

	// Store whatever we can get from the OIDC provider if the invite code isn't empty
	identity.Register
}

type Register ¶

type Register = client.Register

type SessionConfig ¶

type SessionConfig struct {
	Expiration time.Duration
}

type State ¶

type State string

func NewState ¶

func NewState() State

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL