Documentation ¶
Index ¶
- Constants
- Variables
- func CheckAAL(f *Flow, expected identity.AuthenticatorAssuranceLevel) error
- func PostHookExecutorNames(e []PostHookExecutor) []string
- type APIFlowResponse
- type ErrorHandler
- type ErrorHandlerProvider
- type Flow
- func (f *Flow) AfterFind(*pop.Connection) error
- func (f *Flow) AfterSave(*pop.Connection) error
- func (f *Flow) AppendTo(src *url.URL) *url.URL
- func (f *Flow) EnsureInternalContext()
- func (f Flow) GetID() uuid.UUID
- func (f Flow) GetNID() uuid.UUID
- func (f *Flow) GetRequestURL() string
- func (f *Flow) GetType() flow.Type
- func (f *Flow) GetUI() *container.Container
- func (f *Flow) IsForced() bool
- func (f Flow) MarshalJSON() ([]byte, error)
- func (f *Flow) SecureRedirectToOpts(ctx context.Context, cfg config.Provider) (opts []x.SecureRedirectOption)
- func (f *Flow) SetReturnTo()
- func (f Flow) TableName(ctx context.Context) string
- func (f *Flow) Valid() error
- func (f Flow) WhereID(ctx context.Context, alias string) string
- type FlowOption
- type FlowPersistenceProvider
- type FlowPersister
- type Handler
- func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) (*Flow, error)
- func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type, opts ...FlowOption) (*Flow, *session.Session, error)
- func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)
- func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)
- type HandlerProvider
- type HookExecutor
- type HookExecutorProvider
- type HooksProvider
- type PostHookExecutor
- type PreHookExecutor
- type Strategies
- type Strategy
- type StrategyProvider
Constants ¶
View Source
const ( RouteInitBrowserFlow = "/self-service/login/browser" RouteInitAPIFlow = "/self-service/login/api" RouteGetFlow = "/self-service/login/flows" RouteSubmitFlow = "/self-service/login" )
Variables ¶
View Source
var ( ErrHookAbortFlow = errors.New("aborted login hook execution") ErrAlreadyLoggedIn = herodot.ErrBadRequest.WithID(text.ErrIDAlreadyLoggedIn).WithError("you are already logged in").WithReason("A valid session was detected and thus login is not possible. Did you forget to set `?refresh=true`?") ErrAddressNotVerified = herodot.ErrBadRequest.WithID(text.ErrIDAddressNotVerified).WithError("your email or phone address is not yet verified").WithReason("Your account's email or phone address are not verified yet. Please check your email or phone inbox or re-request verification.") // ErrSessionHasAALAlready is returned when one attempts to upgrade the AAL of an active session which already has that AAL. ErrSessionHasAALAlready = herodot.ErrUnauthorized.WithID(text.ErrIDSessionHasAALAlready).WithError("session has the requested authenticator assurance level already").WithReason("The session has the requested AAL already.") // ErrSessionRequiredForHigherAAL is returned when someone requests AAL2 or AAL3 even though no active session exists yet. ErrSessionRequiredForHigherAAL = herodot.ErrUnauthorized.WithID(text.ErrIDSessionRequiredForHigherAAL).WithError("aal2 and aal3 can only be requested if a session exists already").WithReason("You can not requested a higher AAL (AAL2/AAL3) without an active session.") )
Functions ¶
func PostHookExecutorNames ¶
func PostHookExecutorNames(e []PostHookExecutor) []string
Types ¶
type APIFlowResponse ¶
type APIFlowResponse struct { // The Session Token // // A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization // Header: // // Authorization: bearer ${session-token} // // The session token is only issued for API flows, not for Browser flows! Token string `json:"session_token,omitempty"` // The Session // // The session contains information about the user, the session device, and so on. // This is only available for API flows, not for Browser flows! // // required: true Session *session.Session `json:"session"` }
The Response for Login Flows via API
swagger:model successfulNativeLogin
type ErrorHandler ¶
type ErrorHandler struct {
// contains filtered or unexported fields
}
func NewFlowErrorHandler ¶
func NewFlowErrorHandler(d errorHandlerDependencies) *ErrorHandler
func (*ErrorHandler) PrepareReplacementForExpiredFlow ¶
func (s *ErrorHandler) PrepareReplacementForExpiredFlow(w http.ResponseWriter, r *http.Request, f *Flow, err error) (*flow.ExpiredError, error)
func (*ErrorHandler) WriteFlowError ¶
func (s *ErrorHandler) WriteFlowError(w http.ResponseWriter, r *http.Request, f *Flow, group node.UiNodeGroup, err error)
type ErrorHandlerProvider ¶
type ErrorHandlerProvider interface{ LoginFlowErrorHandler() *ErrorHandler }
type Flow ¶
type Flow struct { // ID represents the flow's unique ID. When performing the login flow, this // represents the id in the login UI's query parameter: http://<selfservice.flows.login.ui_url>/?flow=<flow_id> // // required: true ID uuid.UUID `json:"id" faker:"-" db:"id" rw:"r"` NID uuid.UUID `json:"-" faker:"-" db:"nid"` // Ory OAuth 2.0 Login Challenge. // // This value is set using the `login_challenge` query parameter of the registration and login endpoints. // If set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider. OAuth2LoginChallenge sqlxx.NullString `json:"oauth2_login_challenge,omitempty" faker:"-" db:"oauth2_login_challenge_data"` // HydraLoginRequest is an optional field whose presence indicates that Kratos // is being used as an identity provider in a Hydra OAuth2 flow. Kratos // populates this field by retrieving its value from Hydra and it is used by // the login and consent UIs. HydraLoginRequest *hydraclientgo.OAuth2LoginRequest `json:"oauth2_login_request,omitempty" faker:"-" db:"-"` // Type represents the flow's type which can be either "api" or "browser", depending on the flow interaction. // // required: true Type flow.Type `json:"type" db:"type" faker:"flow_type"` // ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in, // a new flow has to be initiated. // // required: true ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"` // IssuedAt is the time (UTC) when the flow started. // // required: true IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"` // InternalContext stores internal context used by internals - for example MFA keys. InternalContext sqlxx.JSONRawMessage `db:"internal_context" json:"-" faker:"-"` // RequestURL is the initial URL that was requested from Ory Kratos. It can be used // to forward information contained in the URL's path or query for example. // // required: true RequestURL string `json:"request_url" db:"request_url"` // ReturnTo contains the requested return_to URL. ReturnTo string `json:"return_to,omitempty" db:"-"` // The active login method // // If set contains the login method used. If the flow is new, it is unset. Active identity.CredentialsType `json:"active,omitempty" db:"active_method"` // UI contains data which must be shown in the user interface. // // required: true UI *container.Container `json:"ui" db:"ui"` // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt time.Time `json:"created_at" db:"created_at"` // UpdatedAt is a helper struct field for gobuffalo.pop. UpdatedAt time.Time `json:"updated_at" db:"updated_at"` // CSRFToken contains the anti-csrf token associated with this flow. Only set for browser flows. CSRFToken string `json:"-" db:"csrf_token"` // Refresh stores whether this login flow should enforce re-authentication. Refresh bool `json:"refresh" db:"forced"` // RequestedAAL stores if the flow was requested to update the authenticator assurance level. // // This value can be one of "aal1", "aal2", "aal3". RequestedAAL identity.AuthenticatorAssuranceLevel `json:"requested_aal" faker:"len=4" db:"requested_aal"` // SessionTokenExchangeCode holds the secret code that the client can use to retrieve a session token after the login flow has been completed. // This is only set if the client has requested a session token exchange code, and if the flow is of type "api", // and only on creating the login flow. SessionTokenExchangeCode string `json:"session_token_exchange_code,omitempty" faker:"-" db:"-"` }
Login Flow
This object represents a login flow. A login flow is initiated at the "Initiate Login API / Browser Flow" endpoint by a client.
Once a login flow is completed successfully, a session cookie or session token will be issued.
swagger:model loginFlow
func (*Flow) EnsureInternalContext ¶
func (f *Flow) EnsureInternalContext()
func (*Flow) GetRequestURL ¶
func (Flow) MarshalJSON ¶
func (*Flow) SecureRedirectToOpts ¶ added in v1.0.0
func (*Flow) SetReturnTo ¶
func (f *Flow) SetReturnTo()
type FlowOption ¶ added in v0.11.0
type FlowOption func(f *Flow)
func WithFlowReturnTo ¶ added in v0.11.0
func WithFlowReturnTo(returnTo string) FlowOption
func WithFormErrorMessage ¶ added in v0.13.0
func WithFormErrorMessage(messages []text.Message) FlowOption
type FlowPersistenceProvider ¶
type FlowPersistenceProvider interface {
LoginFlowPersister() FlowPersister
}
type FlowPersister ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler(d handlerDependencies) *Handler
func (*Handler) FromOldFlow ¶
func (*Handler) NewLoginFlow ¶
func (*Handler) RegisterAdminRoutes ¶
func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)
func (*Handler) RegisterPublicRoutes ¶
func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)
type HandlerProvider ¶
type HandlerProvider interface {
LoginHandler() *Handler
}
type HookExecutor ¶
type HookExecutor struct {
// contains filtered or unexported fields
}
func NewHookExecutor ¶
func NewHookExecutor(d executorDependencies) *HookExecutor
func (*HookExecutor) PostLoginHook ¶
func (e *HookExecutor) PostLoginHook( w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *Flow, i *identity.Identity, s *session.Session, provider string, ) (err error)
func (*HookExecutor) PreLoginHook ¶
func (e *HookExecutor) PreLoginHook(w http.ResponseWriter, r *http.Request, a *Flow) error
type HookExecutorProvider ¶
type HookExecutorProvider interface {
LoginHookExecutor() *HookExecutor
}
type HooksProvider ¶
type HooksProvider interface { PreLoginHooks(ctx context.Context) []PreHookExecutor PostLoginHooks(ctx context.Context, credentialsType identity.CredentialsType) []PostHookExecutor }
type PostHookExecutor ¶
type PostHookExecutor interface {
ExecuteLoginPostHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *Flow, s *session.Session) error
}
type PreHookExecutor ¶
type Strategies ¶
type Strategies []Strategy
func (Strategies) MustStrategy ¶
func (s Strategies) MustStrategy(id identity.CredentialsType) Strategy
func (Strategies) RegisterPublicRoutes ¶
func (s Strategies) RegisterPublicRoutes(r *x.RouterPublic)
func (Strategies) Strategy ¶
func (s Strategies) Strategy(id identity.CredentialsType) (Strategy, error)
type Strategy ¶
type Strategy interface { ID() identity.CredentialsType NodeGroup() node.UiNodeGroup RegisterLoginRoutes(*x.RouterPublic) PopulateLoginMethod(r *http.Request, requestedAAL identity.AuthenticatorAssuranceLevel, sr *Flow) error Login(w http.ResponseWriter, r *http.Request, f *Flow, identityID uuid.UUID) (i *identity.Identity, err error) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod }
type StrategyProvider ¶
type StrategyProvider interface { AllLoginStrategies() Strategies LoginStrategies(ctx context.Context) Strategies }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.