auth

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2022 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNoSavedToken       = errors.New("no saved token")
	ErrNoLoadedToken      = errors.New("no loaded token")
	ErrTokenScopesChanged = errors.New("requested scopes have changed")
	ErrNoOIDCConfig       = errors.New("no oidc configuration was provided or cached")
	ErrNoIDToken          = errors.New("no id token")
	ErrRefreshFailed      = errors.New("failed to refresh the token")
)
View Source 
var ErrSettingNotFound = fmt.Errorf("setting not found")

Functions

func NewIDTransport added in v0.0.10 

func NewIDTransport(ctx context.Context, src oauth2.TokenSource, base http.RoundTripper) http.RoundTripper

NewIDTransport returns a RoundTripper that sets the Authorization header and automatically refreshes the token when it expires

func NotifyRefreshTokenSource 

func NotifyRefreshTokenSource(t *oauth2.Token, src oauth2.TokenSource, f TokenNotifyFunc) oauth2.TokenSource

Types

type EphemeralStorage added in v0.1.0 

type EphemeralStorage struct {
	// contains filtered or unexported fields
}

EphemeralStorage stores state in memory and it is lost when the process ends. However, refresh tokens are persisted through the duration of the process.

func (*EphemeralStorage) Delete added in v0.1.0 

func (p *EphemeralStorage) Delete(service, user string) error

Delete deletes a secret, identified by service & user, from the keyring.

func (*EphemeralStorage) Get added in v0.1.0 

func (p *EphemeralStorage) Get(service, user string) (string, error)

Get gets a secret from the keyring given a service name and a user.

func (*EphemeralStorage) Set added in v0.1.0 

func (p *EphemeralStorage) Set(service, user, pass string) error

Set stores user and pass in the keyring under the defined service name.

type KeyringStorage added in v0.1.0 

type KeyringStorage struct {
}

KeyringStorage stores in secure local storage system note: this requires the appropriate environment and tools be installed on the local machine and may not work properly in docker or headless

func (*KeyringStorage) Delete added in v0.1.0 

func (p *KeyringStorage) Delete(service, setting string) error

Delete secret from keyring.

func (*KeyringStorage) Get added in v0.1.0 

func (p *KeyringStorage) Get(service, setting string) (string, error)

Get password from keyring given service and user name.

func (*KeyringStorage) Set added in v0.1.0 

func (p *KeyringStorage) Set(service, setting, value string) error

Set password in keyring for user.

type Option 

type Option func(*TerminalAuth) error

func WithAutoFollowRedirectForTesting added in v0.0.13 

func WithAutoFollowRedirectForTesting() Option

WithAutoFollowRedirectForTesting will follow the redirect for automated testing purposes only

func WithBrowserPrompt 

func WithBrowserPrompt() Option

WithBrowserPrompt opens the authorization URL in the default browser

func WithClientID 

func WithClientID(clientID string) Option

WithClientID sets the OIDC client_id If this is not provided the currently saved client ID from a previous login will be used

func WithClientSecret 

func WithClientSecret(secret string) Option

WithClientSecret adds a client secret to the authorization request Note that this is required by some providers (e.g. Google) but not all.

func WithCustomPrompt added in v0.3.0 

func WithCustomPrompt(prompt func(authURL string) error) Option

WithCustomPrompt calls a custom function to handle the prompt

func WithIssuerURL 

func WithIssuerURL(issuerURL string) Option

WithIssuer sets the OIDC issuer base URL If this is not provided the currently saved issuer from a previous login will be used

func WithKeychainPrefix 

func WithKeychainPrefix(prefix string) Option

WithKeychainPrefix sets a prefix for naming the stored secret

func WithLogger 

func WithLogger(logger logrus.StdLogger) Option

WithLogger installs a custom logger instance

func WithRedirect 

func WithRedirect(redirect string) Option

WithRedirect customizes the local OAuth redirect port (default: 11123)

func WithRefreshToken 

func WithRefreshToken(refreshToken string) Option

WithRefreshToken will install an initial refresh token to be used and should be used in a provisioned setting where refresh tokens are known. NOTE: this assumes the scopes have not changed and does check the saved scope hash for invalidation. Use at your own risk.

func WithScopes 

func WithScopes(scopes ...string) Option

WithScopes adds additional scopes to the authentication request Note that some providers (e.g. Okta) require the "offline_access" scope to get a refresh token while Google will fail if the "offline_access" scope is requested

func WithStdoutPrompt 

func WithStdoutPrompt() Option

WithStdoutPrompt prints the authorization URL to stdout

func WithSuccessBody 

func WithSuccessBody(body string) Option

WithSuccessBody sets the content of the web response to users when a successful authentication flow has completed.

type Storage added in v0.1.0 

type Storage interface {
	// Set password in keyring for user.
	Set(service, setting, value string) error
	// Get password from keyring given service and user name.
	Get(service, setting string) (string, error)
	// Delete secret from keyring.
	Delete(service, setting string) error
}

Storage provides an interface for saving and loading values across runs

func NewEphemeralStorage added in v0.1.0 

func NewEphemeralStorage() Storage

func NewKeyringStorage added in v0.1.0 

func NewKeyringStorage() Storage

NewKeyringStorage creates a new instance of keyring persistence

func NewViperStorage added in v0.2.0 

func NewViperStorage(v *viper.Viper, prefix, delimiter string) Storage

type TerminalAuth 

type TerminalAuth struct {
	// contains filtered or unexported fields
}

func NewTerminalAuth 

func NewTerminalAuth(ctx context.Context, serviceIdentifier string, store Storage, options ...Option) (*TerminalAuth, error)

NewTerminalAuth returns an initialized TerminalAuth instance serviceIdentifier is an key for caching authentication values

func (*TerminalAuth) AccessClient 

func (ta *TerminalAuth) AccessClient(ctx context.Context) *http.Client

AccessClient returns an http client which uses the access token and will automatically refresh it when the token expires

func (*TerminalAuth) HasValidToken 

func (ta *TerminalAuth) HasValidToken(ctx context.Context) bool

HasValidToken returns "true" if a non-expired token has been loaded

func (*TerminalAuth) IDClient 

func (ta *TerminalAuth) IDClient(ctx context.Context) *http.Client

IDClient returns an http client which uses the ID token and will automatically refresh it when the token expires

func (*TerminalAuth) IDToken 

func (ta *TerminalAuth) IDToken(ctx context.Context) (*oidc.IDToken, error)

IDToken returns the OIDC token

func (*TerminalAuth) Login 

func (ta *TerminalAuth) Login(ctx context.Context) error

Login will present a URL to the terminal for the user to click and then follow the oauth2 flow to acquire token data

func (*TerminalAuth) Logout added in v0.0.13 

func (ta *TerminalAuth) Logout() error

func (*TerminalAuth) Token 

func (ta *TerminalAuth) Token(ctx context.Context) (*oauth2.Token, error)

func (*TerminalAuth) TokenSource 

func (ta *TerminalAuth) TokenSource(ctx context.Context) oauth2.TokenSource

func (*TerminalAuth) UserInfo 

func (ta *TerminalAuth) UserInfo(ctx context.Context) (*oidc.UserInfo, error)

type TokenNotifyFunc 

type TokenNotifyFunc func(*oauth2.Token) error

TokenNotifyFunc is a function that accepts an oauth2 Token upon refresh, and returns an error if it should not be used.

type Transport 

type Transport struct {
	// Source supplies the token to add to outgoing requests'
	// Authorization headers.
	Source oauth2.TokenSource

	// Base is the base RoundTripper used to make HTTP requests.
	// If nil, http.DefaultTransport is used.
	Base http.RoundTripper
}

Transport is an http.RoundTripper that makes OAuth 2.0 HTTP requests, wrapping a base RoundTripper and adding an Authorization header with a token from the supplied Sources.

Note: this differes from the Oauth2 Transport in that it sends an ID token rather than an access token

Transport is a low-level mechanism. Most code will use the higher-level Config.Client method instead.

func (*Transport) CancelRequest deprecated 

func (t *Transport) CancelRequest(req *http.Request)

CancelRequest does nothing. It used to be a legacy cancellation mechanism but now only it only logs on first use to warn that it's deprecated.

Deprecated: use contexts for cancellation instead.

func (*Transport) RoundTrip 

func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip authorizes and authenticates the request with an access token from Transport's Source.

type ViperStorage added in v0.2.0 

type ViperStorage struct {
	// contains filtered or unexported fields
}

ViperStorage state is stored in viper config and saved after each change

func (*ViperStorage) Delete added in v0.2.0 

func (p *ViperStorage) Delete(service, setting string) error

Delete setting

func (*ViperStorage) Get added in v0.2.0 

func (p *ViperStorage) Get(service, setting string) (string, error)

Get setting given service and setting name

func (*ViperStorage) Set added in v0.2.0 

func (p *ViperStorage) Set(service, setting, value string) error

Set password in keyring for user

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.