Documentation ¶
Index ¶
- type Authenticator
- func (a *Authenticator) Annotator(ctx context.Context, r *http.Request) metadata.MD
- func (a *Authenticator) HTTPMiddleware(next http.Handler) http.Handler
- func (a *Authenticator) RegisterEndpoints(mux *http.ServeMux)
- func (a *Authenticator) StreamServerInterceptor() grpc.StreamServerInterceptor
- func (a *Authenticator) UnaryServerInterceptor() grpc.UnaryServerInterceptor
- type AuthenticatorOptions
- type Claims
- type DeviceCodeResponse
- type OwnerType
- type TokenRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
Authenticator wraps functionality for admin server auth. It provides endpoints for login/logout, creates users, issues cookie-based auth tokens, and provides middleware for authenticating requests. The implementation was derived from: https://auth0.com/docs/quickstart/webapp/golang/01-login.
func NewAuthenticator ¶
func NewAuthenticator(logger *zap.Logger, adm *admin.Service, cookieStore *cookies.Store, opts *AuthenticatorOptions) (*Authenticator, error)
NewAuthenticator creates an Authenticator.
func (*Authenticator) Annotator ¶
Annotator is a gRPC-gateway annotator that moves access tokens in HTTP cookies to the "authorization" gRPC metadata.
func (*Authenticator) HTTPMiddleware ¶
func (a *Authenticator) HTTPMiddleware(next http.Handler) http.Handler
HTTPMiddleware is a HTTP middleware variant of UnaryServerInterceptor. It additionally supports reading access tokens from cookies. It should be used for non-gRPC HTTP endpoints (CookieAuthAnnotator takes care of handling cookies in gRPC-gateway requests).
func (*Authenticator) RegisterEndpoints ¶
func (a *Authenticator) RegisterEndpoints(mux *http.ServeMux)
RegisterEndpoints adds HTTP endpoints for auth. The mux must be served on the ExternalURL of the Authenticator since the logic in these handlers relies on knowing the full external URIs. Note that these are not gRPC handlers, just regular HTTP endpoints that we mount on the gRPC-gateway mux.
func (*Authenticator) StreamServerInterceptor ¶
func (a *Authenticator) StreamServerInterceptor() grpc.StreamServerInterceptor
StreamServerInterceptor is the streaming variant of UnaryServerInterceptor.
func (*Authenticator) UnaryServerInterceptor ¶
func (a *Authenticator) UnaryServerInterceptor() grpc.UnaryServerInterceptor
UnaryServerInterceptor is a middleware for setting claims on runtime server requests. It authenticates the user and acquires the claims using the bearer token in the "authorization" request metadata field. If no bearer token is found, it will still succeed, setting anonClaims on the request. The assigned claims can be retrieved using GetClaims. If the interceptor succeeds, a Claims value is guaranteed to be set on the ctx.
type AuthenticatorOptions ¶
type AuthenticatorOptions struct { AuthDomain string AuthClientID string AuthClientSecret string ExternalURL string FrontendURL string }
AuthenticatorOptions provides options for Authenticator
type Claims ¶
type Claims interface { OwnerType() OwnerType OwnerID() string AuthTokenID() string OrganizationPermissions(ctx context.Context, orgID string) *adminv1.OrganizationPermissions ProjectPermissions(ctx context.Context, orgID, projectID string) *adminv1.ProjectPermissions Superuser(ctx context.Context) bool }
Claims resolves permissions for a requester.
type DeviceCodeResponse ¶
type DeviceCodeResponse struct { DeviceCode string `json:"device_code"` UserCode string `json:"user_code"` VerificationURI string `json:"verification_uri"` VerificationCompleteURI string `json:"verification_uri_complete"` ExpiresIn int `json:"expires_in"` PollingInterval int `json:"interval"` }
DeviceCodeResponse encapsulates the response for obtaining a device code.
type TokenRequest ¶
type TokenRequest struct { GrantType string `json:"grant_type"` DeviceCode string `json:"device_code"` ClientID string `json:"client_id"` }
TokenRequest encapsulates the request for obtaining an access token.