Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationContext ¶
type AuthenticationContext interface { OAuth2Provider() OAuth2Provider OAuth2ResourceServer() OAuth2ResourceServer OAuth2ClientConfig(requestURL *url.URL) *oauth2.Config OidcProvider() *oidc.Provider CookieManager() CookieHandler Options() *config.Config GetOAuth2MetadataURL() *url.URL GetOIdCMetadataURL() *url.URL GetHTTPClient() *http.Client AuthMetadataService() service.AuthMetadataServiceServer IdentityService() service.IdentityServiceServer }
AuthenticationContext is a convenience wrapper object that holds all the utilities necessary to run Nebula Admin behind authentication It is constructed at the root server layer, and passed around to the various auth handlers and utility functions/objects.
type CookieHandler ¶
type CookieHandler interface { SetTokenCookies(ctx context.Context, writer http.ResponseWriter, token *oauth2.Token) error RetrieveTokenValues(ctx context.Context, request *http.Request) (idToken, accessToken, refreshToken string, err error) SetUserInfoCookie(ctx context.Context, writer http.ResponseWriter, userInfo *service.UserInfoResponse) error RetrieveUserInfo(ctx context.Context, request *http.Request) (*service.UserInfoResponse, error) // SetAuthCodeCookie stores, in a cookie, the /authorize request url initiated by an app before executing OIdC protocol. // This enables the service to recover it after the user completes the login process in an external OIdC provider. SetAuthCodeCookie(ctx context.Context, writer http.ResponseWriter, authRequestURL string) error // RetrieveAuthCodeRequest retrieves the /authorize request url from stored cookie to complete the OAuth2 app auth // flow. RetrieveAuthCodeRequest(ctx context.Context, request *http.Request) (authRequestURL string, err error) DeleteCookies(ctx context.Context, writer http.ResponseWriter) }
type HandlerRegisterer ¶
type HandlerRegisterer interface {
HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
}
type IdentityContext ¶
type IdentityContext interface { UserID() string Audience() string AppID() string UserInfo() *service.UserInfoResponse AuthenticatedAt() time.Time Scopes() sets.String // Returns the full set of claims in the JWT token provided by the IDP. Claims() map[string]interface{} IsEmpty() bool WithContext(ctx context.Context) context.Context }
IdentityContext represents the authenticated identity and can be used to abstract the way the user/app authenticated to the platform.
type OAuth2Provider ¶
type OAuth2Provider interface { fosite.OAuth2Provider OAuth2ResourceServer NewJWTSessionToken(subject, appID, issuer, audience string, userInfoClaims *service.UserInfoResponse) *fositeOAuth2.JWTSession KeySet() jwk.Set }
OAuth2Provider represents an OAuth2 Provider that can be used to issue OAuth2 tokens.
type OAuth2ResourceServer ¶
type OAuth2ResourceServer interface {
ValidateAccessToken(ctx context.Context, expectedAudience, tokenStr string) (IdentityContext, error)
}
OAuth2ResourceServer represents a resource server that can be accessed through an access token.
Click to show internal directories.
Click to hide internal directories.