Affected by 
Documentation
¶
Overview ¶
Package authenticate is a pomerium service that handles user authentication and refersh (AuthN).
Index ¶
- func ValidateOptions(o config.Options) error
- type Authenticate
- func (a *Authenticate) Handler() http.Handler
- func (a *Authenticate) Mount(r *mux.Router)
- func (a *Authenticate) OAuthCallback(w http.ResponseWriter, r *http.Request) error
- func (a *Authenticate) Refresh(w http.ResponseWriter, r *http.Request) error
- func (a *Authenticate) RefreshAPI(w http.ResponseWriter, r *http.Request) error
- func (a *Authenticate) RobotsTxt(w http.ResponseWriter, r *http.Request)
- func (a *Authenticate) SignIn(w http.ResponseWriter, r *http.Request) error
- func (a *Authenticate) SignOut(w http.ResponseWriter, r *http.Request) error
- func (a *Authenticate) VerifySession(next http.Handler) http.Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateOptions ¶ added in v0.0.5
ValidateOptions checks that configuration are complete and valid. Returns on first error found.
Types ¶
type Authenticate ¶ added in v0.0.2
type Authenticate struct {
// RedirectURL is the authenticate service's externally accessible
// url that the identity provider (IdP) will callback to following
// authentication flow
RedirectURL *url.URL
// contains filtered or unexported fields
}
Authenticate contains data required to run the authenticate service.
func New ¶ added in v0.0.2
func New(opts config.Options) (*Authenticate, error)
New validates and creates a new authenticate service from a set of Options.
func (*Authenticate) Handler ¶ added in v0.0.2
func (a *Authenticate) Handler() http.Handler
Handler returns the authenticate service's handler chain.
func (*Authenticate) Mount ¶ added in v0.9.0
func (a *Authenticate) Mount(r *mux.Router)
Mount mounts the authenticate routes to the given router.
func (*Authenticate) OAuthCallback ¶ added in v0.0.2
func (a *Authenticate) OAuthCallback(w http.ResponseWriter, r *http.Request) error
OAuthCallback handles the callback from the identity provider.
https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowSteps https://openid.net/specs/openid-connect-core-1_0.html#AuthResponse
func (*Authenticate) Refresh ¶ added in v0.0.2
func (a *Authenticate) Refresh(w http.ResponseWriter, r *http.Request) error
Refresh is called by the proxy service to handle backend session refresh.
NOTE: The actual refresh is handled as part of the "VerifySession" middleware. This handler is simply responsible for returning that jwt.
func (*Authenticate) RefreshAPI ¶ added in v0.5.0
func (a *Authenticate) RefreshAPI(w http.ResponseWriter, r *http.Request) error
RefreshAPI loads a global state, and attempts to refresh the session's access tokens and state with the identity provider. If successful, a new signed JWT and refresh token (`refresh_token`) are returned as JSON
func (*Authenticate) RobotsTxt ¶ added in v0.0.2
func (a *Authenticate) RobotsTxt(w http.ResponseWriter, r *http.Request)
RobotsTxt handles the /robots.txt route.
func (*Authenticate) SignIn ¶ added in v0.0.2
func (a *Authenticate) SignIn(w http.ResponseWriter, r *http.Request) error
SignIn handles authenticating a user.
func (*Authenticate) SignOut ¶ added in v0.0.2
func (a *Authenticate) SignOut(w http.ResponseWriter, r *http.Request) error
SignOut signs the user out and attempts to revoke the user's identity session Handles both GET and POST.
func (*Authenticate) VerifySession ¶ added in v0.4.0
func (a *Authenticate) VerifySession(next http.Handler) http.Handler
VerifySession is the middleware used to enforce a valid authentication session state is attached to the users's request context.
Source Files