Documentation
¶
Index ¶
- Constants
- Variables
- func CheckAAL(f *Flow, expected identity.AuthenticatorAssuranceLevel) error
- func PostHookExecutorNames(e []PostHookExecutor) []string
- type APIFlowResponse
- type ErrorHandler
- type ErrorHandlerProvider
- type Flow
- func (f *Flow) AppendTo(src *url.URL) *url.URL
- func (f *Flow) EnsureInternalContext()
- func (f Flow) GetID() uuid.UUID
- func (f Flow) GetNID() uuid.UUID
- func (f *Flow) GetRequestURL() string
- func (f *Flow) GetType() flow.Type
- func (f *Flow) IsForced() bool
- func (f Flow) MarshalJSON() ([]byte, error)
- func (f Flow) TableName(ctx context.Context) string
- func (f *Flow) Valid() error
- func (f Flow) WhereID(ctx context.Context, alias string) string
- type FlowPersistenceProvider
- type FlowPersister
- type Handler
- func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) (*Flow, error)
- func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type) (*Flow, error)
- func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)
- func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)
- type HandlerProvider
- type HookExecutor
- type HookExecutorProvider
- type HooksProvider
- type PostHookExecutor
- type PreHookExecutor
- type Strategies
- type Strategy
- type StrategyProvider
Constants ¶
View Source
const ( RouteInitBrowserFlow = "/self-service/login/browser" RouteInitAPIFlow = "/self-service/login/api" RouteGetFlow = "/self-service/login/flows" RouteSubmitFlow = "/self-service/login" )
Variables ¶
View Source
var ( ErrHookAbortFlow = errors.New("aborted login hook execution") ErrAlreadyLoggedIn = herodot.ErrBadRequest.WithID(text.ErrIDAlreadyLoggedIn).WithError("you are already logged in").WithReason("A valid session was detected and thus login is not possible. Did you forget to set `?refresh=true`?") ErrAddressNotVerified = herodot.ErrBadRequest.WithID(text.ErrIDAddressNotVerified).WithError("your email or phone address is not yet verified").WithReason("Your account's email or phone address are not verified yet. Please check your email or phone inbox or re-request verification.") // ErrSessionHasAALAlready is returned when one attempts to upgrade the AAL of an active session which already has that AAL. ErrSessionHasAALAlready = herodot.ErrUnauthorized.WithID(text.ErrIDSessionHasAALAlready).WithError("session has the requested authenticator assurance level already").WithReason("The session has the requested AAL already.") // ErrSessionRequiredForHigherAAL is returned when someone requests AAL2 or AAL3 even though no active session exists yet. ErrSessionRequiredForHigherAAL = herodot.ErrUnauthorized.WithID(text.ErrIDSessionRequiredForHigherAAL).WithError("aal2 and aal3 can only be requested if a session exists already").WithReason("You can not requested a higher AAL (AAL2/AAL3) without an active session.") )
Functions ¶
func PostHookExecutorNames ¶
func PostHookExecutorNames(e []PostHookExecutor) []string
Types ¶
type APIFlowResponse ¶
type APIFlowResponse struct {
// The Session Token
//
// A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization
// Header:
//
// Authorization: bearer ${session-token}
//
// The session token is only issued for API flows, not for Browser flows!
Token string `json:"session_token,omitempty"`
// The Session
//
// The session contains information about the user, the session device, and so on.
// This is only available for API flows, not for Browser flows!
//
// required: true
Session *session.Session `json:"session"`
}
The Response for Login Flows via API
swagger:model successfulSelfServiceLoginWithoutBrowser
type ErrorHandler ¶
type ErrorHandler struct {
// contains filtered or unexported fields
}
func NewFlowErrorHandler ¶
func NewFlowErrorHandler(d errorHandlerDependencies) *ErrorHandler
func (*ErrorHandler) PrepareReplacementForExpiredFlow ¶
func (s *ErrorHandler) PrepareReplacementForExpiredFlow(w http.ResponseWriter, r *http.Request, f *Flow, err error) (*flow.ExpiredError, error)
func (*ErrorHandler) WriteFlowError ¶
func (s *ErrorHandler) WriteFlowError(w http.ResponseWriter, r *http.Request, f *Flow, group node.Group, err error)
type ErrorHandlerProvider ¶
type ErrorHandlerProvider interface{ LoginFlowErrorHandler() *ErrorHandler }
type Flow ¶
type Flow struct {
// ID represents the flow's unique ID. When performing the login flow, this
// represents the id in the login UI's query parameter: http://<selfservice.flows.login.ui_url>/?flow=<flow_id>
//
// required: true
ID uuid.UUID `json:"id" faker:"-" db:"id" rw:"r"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
// Type represents the flow's type which can be either "api" or "browser", depending on the flow interaction.
//
// required: true
Type flow.Type `json:"type" db:"type" faker:"flow_type"`
// ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,
// a new flow has to be initiated.
//
// required: true
ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`
// IssuedAt is the time (UTC) when the flow started.
//
// required: true
IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
// InternalContext stores internal context used by internals - for example MFA keys.
InternalContext sqlxx.JSONRawMessage `db:"internal_context" json:"-" faker:"-"`
// RequestURL is the initial URL that was requested from Ory Kratos. It can be used
// to forward information contained in the URL's path or query for example.
//
// required: true
RequestURL string `json:"request_url" db:"request_url"`
// ReturnTo contains the requested return_to URL.
ReturnTo string `json:"return_to,omitempty" db:"-"`
// The active login method
//
// If set contains the login method used. If the flow is new, it is unset.
Active identity.CredentialsType `json:"active,omitempty" db:"active_method"`
// UI contains data which must be shown in the user interface.
//
// required: true
UI *container.Container `json:"ui" db:"ui"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"created_at" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
// CSRFToken contains the anti-csrf token associated with this flow. Only set for browser flows.
CSRFToken string `json:"-" db:"csrf_token"`
// Refresh stores whether this login flow should enforce re-authentication.
Refresh bool `json:"refresh" db:"forced"`
// RequestedAAL stores if the flow was requested to update the authenticator assurance level.
//
// This value can be one of "aal1", "aal2", "aal3".
RequestedAAL identity.AuthenticatorAssuranceLevel `json:"requested_aal" faker:"len=4" db:"requested_aal"`
}
Login Flow
This object represents a login flow. A login flow is initiated at the "Initiate Login API / Browser Flow" endpoint by a client.
Once a login flow is completed successfully, a session cookie or session token will be issued.
swagger:model selfServiceLoginFlow
func (*Flow) EnsureInternalContext ¶
func (f *Flow) EnsureInternalContext()
func (*Flow) GetRequestURL ¶
func (Flow) MarshalJSON ¶
type FlowPersistenceProvider ¶
type FlowPersistenceProvider interface {
LoginFlowPersister() FlowPersister
}
type FlowPersister ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler(d handlerDependencies) *Handler
func (*Handler) FromOldFlow ¶
func (*Handler) NewLoginFlow ¶
func (*Handler) RegisterAdminRoutes ¶
func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)
func (*Handler) RegisterPublicRoutes ¶
func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)
type HandlerProvider ¶
type HandlerProvider interface {
LoginHandler() *Handler
}
type HookExecutor ¶
type HookExecutor struct {
// contains filtered or unexported fields
}
func NewHookExecutor ¶
func NewHookExecutor(d executorDependencies) *HookExecutor
func (*HookExecutor) PostLoginHook ¶
func (*HookExecutor) PreLoginHook ¶
func (e *HookExecutor) PreLoginHook(w http.ResponseWriter, r *http.Request, a *Flow) error
type HookExecutorProvider ¶
type HookExecutorProvider interface {
LoginHookExecutor() *HookExecutor
}
type HooksProvider ¶
type HooksProvider interface {
PreLoginHooks(ctx context.Context) []PreHookExecutor
PostLoginHooks(ctx context.Context, credentialsType identity.CredentialsType) []PostHookExecutor
}
type PostHookExecutor ¶
type PreHookExecutor ¶
type Strategies ¶
type Strategies []Strategy
func (Strategies) MustStrategy ¶
func (s Strategies) MustStrategy(id identity.CredentialsType) Strategy
func (Strategies) RegisterPublicRoutes ¶
func (s Strategies) RegisterPublicRoutes(r *x.RouterPublic)
func (Strategies) Strategy ¶
func (s Strategies) Strategy(id identity.CredentialsType) (Strategy, error)
type Strategy ¶
type Strategy interface {
ID() identity.CredentialsType
NodeGroup() node.Group
RegisterLoginRoutes(*x.RouterPublic)
PopulateLoginMethod(r *http.Request, requestedAAL identity.AuthenticatorAssuranceLevel, sr *Flow) error
Login(w http.ResponseWriter, r *http.Request, f *Flow, ss *session.Session) (i *identity.Identity, err error)
CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod
}
type StrategyProvider ¶
type StrategyProvider interface {
AllLoginStrategies() Strategies
LoginStrategies(ctx context.Context) Strategies
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.