authenticateflow

package

v0.27.2 Latest Latest Go to latest Published: Oct 22, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pomerium/pomerium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authenticateflow implements the core authentication flow. This includes creating and parsing sign-in redirect URLs, storing and retrieving session data, and handling authentication callback URLs.

Index ¶

func GetExternalAuthenticateRequest(r *http.Request, options *config.Options) *http.Request
type Stateful
- func NewStateful(cfg *config.Config, sessionStore sessions.SessionStore) (*Stateful, error)
type Stateless
- func NewStateless(cfg *config.Config, sessionStore sessions.SessionStore, ...) (*Stateless, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetExternalAuthenticateRequest ¶

func GetExternalAuthenticateRequest(r *http.Request, options *config.Options) *http.Request

GetExternalAuthenticateRequest canonicalizes an authenticate request URL based on the provided configuration options.

Types ¶

type Stateful ¶

type Stateful struct {
	// contains filtered or unexported fields
}

Stateful implements the stateful authentication flow. In this flow, the authenticate service has direct access to the databroker.

func NewStateful ¶

func NewStateful(cfg *config.Config, sessionStore sessions.SessionStore) (*Stateful, error)

NewStateful initializes the authentication flow for the given configuration and session store.

func (*Stateful) AuthenticateSignInURL ¶

func (s *Stateful) AuthenticateSignInURL(
	_ context.Context, queryParams url.Values, redirectURL *url.URL, idpID string,
) (string, error)

AuthenticateSignInURL returns a URL to redirect the user to the authenticate domain.

func (*Stateful) Callback ¶

func (s *Stateful) Callback(w http.ResponseWriter, r *http.Request) error

Callback handles a redirect to a route domain once signed in.

func (*Stateful) GetIdentityProviderIDForURLValues ¶

func (s *Stateful) GetIdentityProviderIDForURLValues(vs url.Values) string

GetIdentityProviderIDForURLValues returns the identity provider ID associated with the given URL values.

func (*Stateful) GetUserInfoData ¶

func (s *Stateful) GetUserInfoData(
	r *http.Request, sessionState *sessions.State,
) handlers.UserInfoData

GetUserInfoData returns user info data associated with the given request (if any).

func (*Stateful) LogAuthenticateEvent ¶

func (s *Stateful) LogAuthenticateEvent(*http.Request)

LogAuthenticateEvent is a no-op for the stateful authentication flow.

func (*Stateful) PersistSession ¶

func (s *Stateful) PersistSession(
	ctx context.Context,
	_ http.ResponseWriter,
	sessionState *sessions.State,
	claims identity.SessionClaims,
	accessToken *oauth2.Token,
) error

PersistSession stores session and user data in the databroker.

func (*Stateful) RevokeSession ¶

func (s *Stateful) RevokeSession(
	ctx context.Context,
	_ *http.Request,
	authenticator identity.Authenticator,
	sessionState *sessions.State,
) string

RevokeSession revokes the session associated with the provided request, returning the ID token from the revoked session.

func (s *Stateful) SignIn(
	w http.ResponseWriter,
	r *http.Request,
	sessionState *sessions.State,
) error

SignIn redirects to a route callback URL, if the provided request and session state are valid.

func (Stateful) VerifyAuthenticateSignature ¶

func (v Stateful) VerifyAuthenticateSignature(r *http.Request) error

VerifyAuthenticateSignature checks that the provided request has a valid signature (for the authenticate service).

func (*Stateful) VerifySession ¶

func (s *Stateful) VerifySession(
	ctx context.Context, _ *http.Request, sessionState *sessions.State,
) error

VerifySession checks that an existing session is still valid.

func (Stateful) VerifySignature ¶

func (v Stateful) VerifySignature(r *http.Request) error

VerifySignature checks that the provided request has a valid signature.

type Stateless ¶

type Stateless struct {
	// contains filtered or unexported fields
}

Stateless implements the stateless authentication flow. In this flow, the authenticate service has no direct access to the databroker and instead stores profile information in a cookie.

func NewStateless ¶

func NewStateless(
	cfg *config.Config,
	sessionStore sessions.SessionStore,
	getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error),
	profileTrimFn func(*identitypb.Profile),
	authEventFn events.AuthEventFn,
) (*Stateless, error)

NewStateless initializes the authentication flow for the given configuration, session store, and additional options.

func (*Stateless) AuthenticateSignInURL ¶

func (s *Stateless) AuthenticateSignInURL(
	ctx context.Context, queryParams url.Values, redirectURL *url.URL, idpID string,
) (string, error)