interfaces

package
v0.0.0-...-267b159 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthenticationContext

type AuthenticationContext interface {
	OAuth2Provider() OAuth2Provider
	OAuth2ResourceServer() OAuth2ResourceServer
	OAuth2ClientConfig(requestURL *url.URL) *oauth2.Config
	OidcProvider() *oidc.Provider
	CookieManager() CookieHandler
	Options() *config.Config
	GetOAuth2MetadataURL() *url.URL
	GetOIdCMetadataURL() *url.URL
	GetHTTPClient() *http.Client
	AuthMetadataService() service.AuthMetadataServiceServer
	IdentityService() service.IdentityServiceServer
}

AuthenticationContext is a convenience wrapper object that holds all the utilities necessary to run Nebula Admin behind authentication It is constructed at the root server layer, and passed around to the various auth handlers and utility functions/objects.

type CookieHandler

type CookieHandler interface {
	SetTokenCookies(ctx context.Context, writer http.ResponseWriter, token *oauth2.Token) error
	RetrieveTokenValues(ctx context.Context, request *http.Request) (idToken, accessToken, refreshToken string, err error)

	SetUserInfoCookie(ctx context.Context, writer http.ResponseWriter, userInfo *service.UserInfoResponse) error
	RetrieveUserInfo(ctx context.Context, request *http.Request) (*service.UserInfoResponse, error)

	// SetAuthCodeCookie stores, in a cookie, the /authorize request url initiated by an app before executing OIdC protocol.
	// This enables the service to recover it after the user completes the login process in an external OIdC provider.
	SetAuthCodeCookie(ctx context.Context, writer http.ResponseWriter, authRequestURL string) error

	// RetrieveAuthCodeRequest retrieves the /authorize request url from stored cookie to complete the OAuth2 app auth
	// flow.
	RetrieveAuthCodeRequest(ctx context.Context, request *http.Request) (authRequestURL string, err error)
	DeleteCookies(ctx context.Context, writer http.ResponseWriter)
}

type HandlerRegisterer

type HandlerRegisterer interface {
	HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
}

type IdentityContext

type IdentityContext interface {
	UserID() string
	Audience() string
	AppID() string
	UserInfo() *service.UserInfoResponse
	AuthenticatedAt() time.Time
	Scopes() sets.String
	// Returns the full set of claims in the JWT token provided by the IDP.
	Claims() map[string]interface{}

	IsEmpty() bool
	WithContext(ctx context.Context) context.Context
}

IdentityContext represents the authenticated identity and can be used to abstract the way the user/app authenticated to the platform.

type OAuth2Provider

type OAuth2Provider interface {
	fosite.OAuth2Provider
	OAuth2ResourceServer
	NewJWTSessionToken(subject, appID, issuer, audience string, userInfoClaims *service.UserInfoResponse) *fositeOAuth2.JWTSession
	KeySet() jwk.Set
}

OAuth2Provider represents an OAuth2 Provider that can be used to issue OAuth2 tokens.

type OAuth2ResourceServer

type OAuth2ResourceServer interface {
	ValidateAccessToken(ctx context.Context, expectedAudience, tokenStr string) (IdentityContext, error)
}

OAuth2ResourceServer represents a resource server that can be accessed through an access token.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL