Documentation
¶
Index ¶
- Constants
- Variables
- func ManagerTests(deps Deps, m Manager, clientManager client.Manager, ...) func(t *testing.T)
- func MockAuthRequest(key string, authAt bool, network string) (c *flow.LoginRequest, h *flow.HandledLoginRequest, f *flow.Flow)
- func MockConsentRequest(key string, remember bool, rememberFor int, hasError bool, skip bool, ...) (c *flow.OAuth2ConsentRequest, h *flow.AcceptOAuth2ConsentRequest, f *flow.Flow)
- func MockLogoutRequest(key string, withClient bool, network string) (c *flow.LogoutRequest)
- func NewHandledConsentRequest(challenge string, hasError bool, requestedAt time.Time, ...) *flow.AcceptOAuth2ConsentRequest
- func NewHandledLoginRequest(challenge string, hasError bool, requestedAt time.Time, ...) *flow.HandledLoginRequest
- func SaneMockAuthRequest(t *testing.T, m Manager, ls *flow.LoginSession, cl *client.Client) (c *flow.LoginRequest)
- func SaneMockConsentRequest(t *testing.T, m Manager, f *flow.Flow, skip bool) (c *flow.OAuth2ConsentRequest)
- func SaneMockHandleConsentRequest(t *testing.T, m Manager, f *flow.Flow, c *flow.OAuth2ConsentRequest, ...) *flow.AcceptOAuth2ConsentRequest
- func TestHelperNID(r interface{ ... }, t1ValidNID Manager, t2InvalidNID Manager) func(t *testing.T)
- func ValidateCsrfSession(r *http.Request, conf x.CookieConfigProvider, store sessions.Store, ...) error
- type DefaultStrategy
- func (s *DefaultStrategy) HandleHeadlessLogout(ctx context.Context, _ http.ResponseWriter, r *http.Request, sid string) error
- func (s *DefaultStrategy) HandleOAuth2AuthorizationRequest(ctx context.Context, w http.ResponseWriter, r *http.Request, ...) (_ *flow.AcceptOAuth2ConsentRequest, _ *flow.Flow, err error)
- func (s *DefaultStrategy) HandleOpenIDConnectLogout(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error)
- func (s *DefaultStrategy) ObfuscateSubjectIdentifier(ctx context.Context, cl fosite.Client, subject, forcedIdentifier string) (string, error)
- type Deps
- type ForcedObfuscatedLoginSession
- type Handler
- type InternalRegistry
- type Manager
- type ManagerProvider
- type Registry
- type Strategy
- type SubjectIdentifierAlgorithm
- type SubjectIdentifierAlgorithmPairwise
- type SubjectIdentifierAlgorithmPublic
Constants ¶
View Source
const ( LoginPath = "/oauth2/auth/requests/login" ConsentPath = "/oauth2/auth/requests/consent" LogoutPath = "/oauth2/auth/requests/logout" SessionsPath = "/oauth2/auth/sessions" )
View Source
const (
CookieAuthenticationSIDName = "sid"
)
Variables ¶
View Source
var ErrAbortOAuth2Request = stderrs.New("the OAuth 2.0 Authorization request must be aborted")
View Source
var ErrHintDoesNotMatchAuthentication = stderrs.New("subject from hint does not match subject from session")
View Source
var ErrNoAuthenticationSessionFound = stderrs.New("no previous login session was found")
View Source
var ErrNoPreviousConsentFound = stderrs.New("no previous OAuth 2.0 Consent could be found for this access request")
Functions ¶
func ManagerTests ¶
func MockAuthRequest ¶
func MockAuthRequest(key string, authAt bool, network string) (c *flow.LoginRequest, h *flow.HandledLoginRequest, f *flow.Flow)
func MockConsentRequest ¶
func MockLogoutRequest ¶
func MockLogoutRequest(key string, withClient bool, network string) (c *flow.LogoutRequest)
func NewHandledLoginRequest ¶
func SaneMockAuthRequest ¶
func SaneMockAuthRequest(t *testing.T, m Manager, ls *flow.LoginSession, cl *client.Client) (c *flow.LoginRequest)
SaneMockAuthRequest does the same thing as MockAuthRequest but uses less insanity and implicit dependencies.
func SaneMockConsentRequest ¶
func SaneMockConsentRequest(t *testing.T, m Manager, f *flow.Flow, skip bool) (c *flow.OAuth2ConsentRequest)
SaneMockConsentRequest does the same thing as MockConsentRequest but uses less insanity and implicit dependencies.
func TestHelperNID ¶
func TestHelperNID(r interface {
client.ManagerProvider
FlowCipher() *aead.XChaCha20Poly1305
}, t1ValidNID Manager, t2InvalidNID Manager) func(t *testing.T)
Types ¶
type DefaultStrategy ¶
type DefaultStrategy struct {
// contains filtered or unexported fields
}
func NewStrategy ¶
func NewStrategy( r InternalRegistry, c *config.DefaultProvider, ) *DefaultStrategy
func (*DefaultStrategy) HandleHeadlessLogout ¶
func (s *DefaultStrategy) HandleHeadlessLogout(ctx context.Context, _ http.ResponseWriter, r *http.Request, sid string) error
func (*DefaultStrategy) HandleOAuth2AuthorizationRequest ¶
func (s *DefaultStrategy) HandleOAuth2AuthorizationRequest( ctx context.Context, w http.ResponseWriter, r *http.Request, req fosite.AuthorizeRequester, ) (_ *flow.AcceptOAuth2ConsentRequest, _ *flow.Flow, err error)
func (*DefaultStrategy) HandleOpenIDConnectLogout ¶
func (s *DefaultStrategy) HandleOpenIDConnectLogout(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error)
func (*DefaultStrategy) ObfuscateSubjectIdentifier ¶
type Deps ¶ added in v2.2.0
type Deps interface {
FlowCipher() *aead.XChaCha20Poly1305
contextx.Provider
}
type ForcedObfuscatedLoginSession ¶
type ForcedObfuscatedLoginSession struct {
ClientID string `db:"client_id"`
Subject string `db:"subject"`
SubjectObfuscated string `db:"subject_obfuscated"`
NID uuid.UUID `db:"nid"`
}
func (ForcedObfuscatedLoginSession) TableName ¶
func (ForcedObfuscatedLoginSession) TableName() string
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler( r InternalRegistry, c *config.DefaultProvider, ) *Handler
func (*Handler) SetRoutes ¶
func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin)
type InternalRegistry ¶
type InternalRegistry interface {
x.RegistryWriter
x.RegistryCookieStore
x.RegistryLogger
x.HTTPClientProvider
kratos.Provider
Registry
client.Registry
FlowCipher() *aead.XChaCha20Poly1305
OAuth2Storage() x.FositeStorer
OpenIDConnectRequestValidator() *openid.OpenIDConnectRequestValidator
}
type Manager ¶
type Manager interface {
CreateConsentRequest(ctx context.Context, f *flow.Flow, req *flow.OAuth2ConsentRequest) error
GetConsentRequest(ctx context.Context, challenge string) (*flow.OAuth2ConsentRequest, error)
HandleConsentRequest(ctx context.Context, f *flow.Flow, r *flow.AcceptOAuth2ConsentRequest) (*flow.OAuth2ConsentRequest, error)
RevokeSubjectConsentSession(ctx context.Context, user string) error
RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error
VerifyAndInvalidateConsentRequest(ctx context.Context, verifier string) (*flow.AcceptOAuth2ConsentRequest, error)
FindGrantedAndRememberedConsentRequests(ctx context.Context, client, user string) ([]flow.AcceptOAuth2ConsentRequest, error)
FindSubjectsGrantedConsentRequests(ctx context.Context, user string, limit, offset int) ([]flow.AcceptOAuth2ConsentRequest, error)
FindSubjectsSessionGrantedConsentRequests(ctx context.Context, user, sid string, limit, offset int) ([]flow.AcceptOAuth2ConsentRequest, error)
CountSubjectsGrantedConsentRequests(ctx context.Context, user string) (int, error)
// Cookie management
GetRememberedLoginSession(ctx context.Context, loginSessionFromCookie *flow.LoginSession, id string) (*flow.LoginSession, error)
CreateLoginSession(ctx context.Context, session *flow.LoginSession) error
DeleteLoginSession(ctx context.Context, id string) (deletedSession *flow.LoginSession, err error)
RevokeSubjectLoginSession(ctx context.Context, user string) error
ConfirmLoginSession(ctx context.Context, loginSession *flow.LoginSession) error
CreateLoginRequest(ctx context.Context, req *flow.LoginRequest) (*flow.Flow, error)
GetLoginRequest(ctx context.Context, challenge string) (*flow.LoginRequest, error)
HandleLoginRequest(ctx context.Context, f *flow.Flow, challenge string, r *flow.HandledLoginRequest) (*flow.LoginRequest, error)
VerifyAndInvalidateLoginRequest(ctx context.Context, verifier string) (*flow.HandledLoginRequest, error)
CreateForcedObfuscatedLoginSession(ctx context.Context, session *ForcedObfuscatedLoginSession) error
GetForcedObfuscatedLoginSession(ctx context.Context, client, obfuscated string) (*ForcedObfuscatedLoginSession, error)
ListUserAuthenticatedClientsWithFrontChannelLogout(ctx context.Context, subject, sid string) ([]client.Client, error)
ListUserAuthenticatedClientsWithBackChannelLogout(ctx context.Context, subject, sid string) ([]client.Client, error)
CreateLogoutRequest(ctx context.Context, request *flow.LogoutRequest) error
GetLogoutRequest(ctx context.Context, challenge string) (*flow.LogoutRequest, error)
AcceptLogoutRequest(ctx context.Context, challenge string) (*flow.LogoutRequest, error)
RejectLogoutRequest(ctx context.Context, challenge string) error
VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (*flow.LogoutRequest, error)
}
type ManagerProvider ¶ added in v2.2.0
type ManagerProvider interface {
ConsentManager() Manager
}
type Strategy ¶
type Strategy interface {
HandleOAuth2AuthorizationRequest(
ctx context.Context,
w http.ResponseWriter,
r *http.Request,
req fosite.AuthorizeRequester,
) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error)
HandleOpenIDConnectLogout(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error)
HandleHeadlessLogout(ctx context.Context, w http.ResponseWriter, r *http.Request, sid string) error
ObfuscateSubjectIdentifier(ctx context.Context, cl fosite.Client, subject, forcedIdentifier string) (string, error)
}
type SubjectIdentifierAlgorithmPairwise ¶
type SubjectIdentifierAlgorithmPairwise struct {
Salt []byte
}
func NewSubjectIdentifierAlgorithmPairwise ¶
func NewSubjectIdentifierAlgorithmPairwise(salt []byte) *SubjectIdentifierAlgorithmPairwise
type SubjectIdentifierAlgorithmPublic ¶
type SubjectIdentifierAlgorithmPublic struct{}
func NewSubjectIdentifierAlgorithmPublic ¶
func NewSubjectIdentifierAlgorithmPublic() *SubjectIdentifierAlgorithmPublic
Source Files
Click to show internal directories.
Click to hide internal directories.