Documentation
¶
Index ¶
- type AuthFlow
- type AuthFlowCallback
- type AuthFlowContinueFunc
- type AuthFlowCredentialsReceived
- type AuthFlowIdentityEnsured
- type AuthFlowStore
- type Authenticator
- func (auth *Authenticator) AuthFlowCompleted(ctx *gin.Context)
- func (auth *Authenticator) AuthFlowVerified(ctx *gin.Context, tokens map[string]interface{}, params map[string]interface{}, ...) (*Channel, *Identity)
- func (auth *Authenticator) EnsureAuthFlow(authFlowId string, callbackURL string) (authFlow *AuthFlow)
- func (auth *Authenticator) EnsureLogin(config *EnsureLoginConfig, wrapped RequestHandler) RequestHandler
- func (auth *Authenticator) HandleAuthFlowCredentials(ctx *gin.Context)
- func (auth *Authenticator) StartAuthFlow(ctx *gin.Context)
- type CallbackRequest
- type Channel
- type ChannelStore
- type EnsureLoginConfig
- type Identity
- type IdentityFromProfileFunc
- type IdentityInterface
- type IdentityStore
- type RequestHandler
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthFlow ¶
type AuthFlow struct {
dal.BaseEntity
// A unique Auth Session ID
Id string
// Kind of login being done
Provider string
// When this Auth session expires;
ExpiresIn time.Time // 300
// Handler that will continue the flow after a successful AuthFlow.
HandlerName string // "login"
// Parameters for the handler to continue with.
HandlerParams map[string]interface{}
}
type AuthFlowCallback ¶
type AuthFlowContinueFunc ¶
type AuthFlowIdentityEnsured ¶
type AuthFlowStore ¶
type Authenticator ¶
type Authenticator struct {
Provider string
ChannelStore ChannelStore
IdentityStore IdentityStore
AuthFlowStore AuthFlowStore
/**
* Step 1. This kicks off the actual auth where credentials can be
* extracted from the user.
*/
OnAuthFlowStarted AuthFlowCallback
/**
* Step 2. Once the auth flow is started (eg via a redirect to the provider),
* the provider can either redirect to the callback URL (or the user can submit
* credentials resulting in a post to this handler). This gives us a chance to
* verify the credentials (and the caller/provider) and redirect success or
* failure as necessary.
*/
OnAuthFlowCredentialsReceived AuthFlowCredentialsReceived
/**
* Step 3. If credential verification was a success then the provider returns
* valid tokens and profile information for us to use/extract. This method
* allows us to extract the channel and identity information from this payload.
* This channel ID could be just the user's identity ID too (email, phone etc).
*/
IdentityFromProfile IdentityFromProfileFunc
/**
* Step 4. In the previous step the channel and identity information that is
* extracted can be processed here by creating new User objects or associating
* with existing User objects as is fit within the logic of the application.
*/
OnIdentityEnsured AuthFlowIdentityEnsured
/**
* Step 5. Finally after all auth is complete and successful, the continueAuthFlow
* callback allows the user to resume the original purpose of the auth flow.
* If this method is not provided then a simple redirect to "/" is performed.
*/
ContinueAuthFlow AuthFlowContinueFunc
}
func (*Authenticator) AuthFlowCompleted ¶
func (auth *Authenticator) AuthFlowCompleted(ctx *gin.Context)
*
- Step 4. After auth is successful this method is called to resume the
- auth flow for the original purpose it was kicked off.
func (*Authenticator) AuthFlowVerified ¶
func (auth *Authenticator) AuthFlowVerified(ctx *gin.Context, tokens map[string]interface{}, params map[string]interface{}, profile map[string]interface{}) (*Channel, *Identity)
*
- Step 3 - Method called auth has been verified with us receiving the verified
- tokens etc. *
- Here a channel is created along from the succeeded auth flow and is an
- opportunity to extract identities and create users from this flow. *
- This method is called after authFlowCredentialsReceived by the entity
- verifying the auth flow credentials.
func (*Authenticator) EnsureAuthFlow ¶
func (auth *Authenticator) EnsureAuthFlow(authFlowId string, callbackURL string) (authFlow *AuthFlow)
*
- Ensures that an auth flow exists and that it matches that for this
- given provider.
func (*Authenticator) EnsureLogin ¶
func (auth *Authenticator) EnsureLogin(config *EnsureLoginConfig, wrapped RequestHandler) RequestHandler
*
- Redirects users to login screen of they are not logged in
- @param req Request object
- @param res Response object
- @param next next function
func (*Authenticator) HandleAuthFlowCredentials ¶
func (auth *Authenticator) HandleAuthFlowCredentials(ctx *gin.Context)
*
- Step 2. Called by the redirect/callback handler when credentials are provided
- either by the user or by the auth provider.
func (*Authenticator) StartAuthFlow ¶
func (auth *Authenticator) StartAuthFlow(ctx *gin.Context)
*
- Step 1 - Called to initiate the auth flow.
type CallbackRequest ¶
type CallbackRequest struct {
Hostname string
Path string
// Method to call the callback URL on
Method string
// Headers for this request
Headers map[string]interface{}
// contains filtered or unexported fields
}
func (*CallbackRequest) FullURL ¶
func (c *CallbackRequest) FullURL() string
type Channel ¶
type Channel struct {
dal.BaseEntity
Provider string
LoginId string
/**
* Credentials for this channel (like access tokens, passwords etc).
*/
Credentials map[string]interface{}
/**
* Profile as passed by the provider of the channel.
*/
Profile map[string]interface{}
/**
* When does this channel expire and needs another login/auth.
*/
ExpiresIn time.Time
// The identity that this channel is verifying.
IdentityKey string
}
*
- Channel's represented federated verification objects. For example a Google
- Signin would ensure that the user that goes through this flow will end up with
- a Google signin Channel - which would verify a particular identity type.
func (*Channel) HasIdentity ¶
type ChannelStore ¶
type EnsureLoginConfig ¶
func DefaultEnsureLoginConfig ¶
func DefaultEnsureLoginConfig() *EnsureLoginConfig
type Identity ¶
type Identity struct {
dal.BaseEntity
// Type of identity being verified (eg email, phone etc).
IdentityType string
// The key specific to the identity (eg an email address or a phone number etc).
//
// type + key should be unique through out the system.
IdentityKey string
// The primary user that this identity can be associated with.
// Identities do not need to be explicitly associted with a user especially
// in systems where a single Identity can be used to front several users
PrimaryUser string
}
*
- An identify is a unique global "address" corresponding to a user.
- For example the identify abc@example.com is a unique identify regardless
- of which Channel is verifying it. Multiple channels can verify the same
- entity, eg open auth by github, FB or Google can verify the same email
- address.
type IdentityFromProfileFunc ¶
type IdentityFromProfileFunc = func(profile map[string]interface{}) IdentityInterface
type IdentityInterface ¶
type IdentityStore ¶
type RequestHandler ¶
type User ¶
type User struct {
dal.BaseEntity
// A globally unique user ID. This User ID cannot be used as a login key.
// Login's need to happen via the Identiites above and a username could be
// one of the identities (which can be verified say via login/password mechanism)
// Alternatively an email can be used as an identity that can also map to
// a particular user.
Id string
ProfileData map[string]interface{}
}
*
- Once a channel has verified an Identity, the end result is a mapping to
- a local user object that is the entry for authenticated actions within
- the system. The User can also mean a user profile and can be extended
- to be customized by the user of this library in their own specific app.
Source Files
Click to show internal directories.
Click to hide internal directories.