auth

package

v0.0.0-...-12fbc85 Latest Latest Go to latest Published: Dec 9, 2024 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/navikt/knorten

Documentation ¶

Index ¶

Constants
Variables
func JWTValidator(certificates map[string]CertificateList, audience string) jwt.Keyfunc
type Azure
- func NewAzureClient(dryRun bool, clientID, clientSecret, tenantID, redirectURL string, ...) (*Azure, error)
type AzureGroupWithID
type CertificateList
type EncodedCertificate
- func (c EncodedCertificate) Decode() (*x509.Certificate, error)
type Key
type KeyDiscovery
- func Discover(reader io.Reader) (*KeyDiscovery, error)
- func DiscoverURL(url string) (*KeyDiscovery, error)
- func (k *KeyDiscovery) Map() (result map[string]CertificateList, err error)
type Session
type TokenResponse
type User

Constants ¶

View Source

const (
	AzureUsersEndpoint  = "https://graph.microsoft.com/v1.0/users"
	AzureGroupsEndpoint = "https://graph.microsoft.com/v1.0/groups"
)

Variables ¶

View Source

var ErrAzureTokenExpired = fmt.Errorf("token expired")

Functions ¶

func JWTValidator ¶

func JWTValidator(certificates map[string]CertificateList, audience string) jwt.Keyfunc

Types ¶

type Azure ¶

type Azure struct {
	oauth2.Config
	// contains filtered or unexported fields
}

func NewAzureClient ¶

func NewAzureClient(dryRun bool, clientID, clientSecret, tenantID, redirectURL string, log *logrus.Entry) (*Azure, error)

func (*Azure) ConvertEmailsToIdents ¶

func (a *Azure) ConvertEmailsToIdents(emails []string) ([]string, error)

func (*Azure) FetchCertificates ¶

func (a *Azure) FetchCertificates() (map[string]CertificateList, error)

func (*Azure) KeyDiscoveryURL ¶

func (a *Azure) KeyDiscoveryURL() string

func (*Azure) UserExistsInAzureAD ¶

func (a *Azure) UserExistsInAzureAD(user string) error

func (*Azure) ValidateUser ¶

func (a *Azure) ValidateUser(certificates map[string]CertificateList, token string) (*User, error)

func (*Azure) Verify ¶

func (a *Azure) Verify(ctx context.Context, rawIDToken string) (*oidc.IDToken, error)

type AzureGroupWithID ¶

type AzureGroupWithID struct {
	DisplayName string `json:"displayName"`
	ID          string `json:"id"`
	Mail        string `json:"mail"`
}

type CertificateList ¶

type CertificateList []*x509.Certificate

type EncodedCertificate ¶

type EncodedCertificate string

func (EncodedCertificate) Decode ¶

func (c EncodedCertificate) Decode() (*x509.Certificate, error)

Decode a base64 encoded certificate into a X509 structure.

type Key ¶

type Key struct {
	Kid string               `json:"kid"`
	X5c []EncodedCertificate `json:"x5c"`
}

type KeyDiscovery ¶

type KeyDiscovery struct {
	Keys []Key `json:"keys"`
}

func Discover ¶

func Discover(reader io.Reader) (*KeyDiscovery, error)

func DiscoverURL ¶

func DiscoverURL(url string) (*KeyDiscovery, error)

func (*KeyDiscovery) Map ¶

func (k *KeyDiscovery) Map() (result map[string]CertificateList, err error)

Map transform a KeyDiscovery object into a dictionary with "kid" as key and lists of decoded X509 certificates as values.

Returns an error if any certificate does not decode.

type Session ¶

type Session struct {
	Email       string `json:"preferred_username"`
	Name        string `json:"name"`
	AccessToken string
	Token       string
	Expires     time.Time
	IsAdmin     bool
}

type TokenResponse ¶

type TokenResponse struct {
	AccessToken string `json:"access_token"`
}

type User ¶

type User struct {
	Name    string
	Email   string
	Expires time.Time
}

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL