Documentation ¶
Overview ¶
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
Index ¶
- Constants
- func GetIdpCallbackURL() string
- func GetIdpClientID() string
- func GetIdpSecret() string
- func GetIdpURL() string
- func GetRandomStateWithHMAC(length int) string
- func GetSTSEndpoint() string
- func IsIdpEnabled() bool
- type Config
- func (ac Config) AuthCodeURL(state string, opts ...xoauth2.AuthCodeOption) string
- func (ac Config) Client(ctx context.Context, t *xoauth2.Token) *http.Client
- func (ac Config) Exchange(ctx context.Context, code string, opts ...xoauth2.AuthCodeOption) (*xoauth2.Token, error)
- func (ac Config) PasswordCredentialsToken(ctx context.Context, username string, password string) (*xoauth2.Token, error)
- func (ac Config) TokenSource(ctx context.Context, t *xoauth2.Token) xoauth2.TokenSource
- type Configuration
- type Provider
- type User
Constants ¶
const ( // const for idp configuration ConsoleMinIOServer = "CONSOLE_MINIO_SERVER" ConsoleIdpURL = "CONSOLE_IDP_URL" ConsoleIdpClientID = "CONSOLE_IDP_CLIENT_ID" ConsoleIdpSecret = "CONSOLE_IDP_SECRET" ConsoleIdpCallbackURL = "CONSOLE_IDP_CALLBACK" ConsoleIdpHmacPassphrase = "CONSOLE_IDP_HMAC_PASSPHRASE" ConsoleIdpHmacSalt = "CONSOLE_IDP_HMAC_SALT" ConsoleIDPScopes = "CONSOLE_IDP_SCOPES" ConsoleIDPTokenExpiration = "CONSOLE_IDP_TOKEN_EXPIRATION" )
Variables ¶
This section is empty.
Functions ¶
func GetIdpCallbackURL ¶
func GetIdpCallbackURL() string
Public endpoint used by the identity oidcProvider when redirecting the user after identity verification
func GetIdpClientID ¶
func GetIdpClientID() string
func GetIdpSecret ¶
func GetIdpSecret() string
func GetRandomStateWithHMAC ¶
GetRandomStateWithHMAC computes message + hmac(message, pbkdf2(key, salt)) to be used as state during the oauth authorization
func GetSTSEndpoint ¶
func GetSTSEndpoint() string
func IsIdpEnabled ¶
func IsIdpEnabled() bool
Types ¶
type Config ¶
func (Config) AuthCodeURL ¶
func (ac Config) AuthCodeURL(state string, opts ...xoauth2.AuthCodeOption) string
func (Config) PasswordCredentialsToken ¶
func (Config) TokenSource ¶
type Configuration ¶
type Configuration interface { Exchange(ctx context.Context, code string, opts ...xoauth2.AuthCodeOption) (*xoauth2.Token, error) AuthCodeURL(state string, opts ...xoauth2.AuthCodeOption) string PasswordCredentialsToken(ctx context.Context, username string, password string) (*xoauth2.Token, error) Client(ctx context.Context, t *xoauth2.Token) *http.Client TokenSource(ctx context.Context, t *xoauth2.Token) xoauth2.TokenSource }
type Provider ¶
type Provider struct { // oauth2Config is an interface configuration that contains the following fields // Config{ // ClientID string // ClientSecret string // RedirectURL string // Endpoint oauth2.Endpoint // Scopes []string // } // - ClientID is the public identifier for this application // - ClientSecret is a shared secret between this application and the authorization server // - RedirectURL is the URL to redirect users going through // the OAuth flow, after the resource owner's URLs. // - Endpoint contains the resource server's token endpoint // URLs. These are constants specific to each server and are // often available via site-specific packages, such as // google.Endpoint or github.Endpoint. // - Scopes specifies optional requested permissions. ClientID string // contains filtered or unexported fields }
Provider is a wrapper of the oauth2 configuration and the oidc provider
func NewOauth2ProviderClient ¶
func NewOauth2ProviderClient(ctx context.Context, scopes []string, httpClient *http.Client) (*Provider, error)
NewOauth2ProviderClient instantiates a new oauth2 client using the configured credentials it returns a *Provider object that contains the necessary configuration to initiate an oauth2 authentication flow
func (*Provider) GenerateLoginURL ¶
GenerateLoginURL returns a new login URL based on the configured IDP
func (*Provider) VerifyIdentity ¶
func (client *Provider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)
VerifyIdentity will contact the configured IDP and validate the user identity based on the authorization code
type User ¶
type User struct { AppMetadata map[string]interface{} `json:"app_metadata"` Blocked bool `json:"blocked"` CreatedAt string `json:"created_at"` Email string `json:"email"` EmailVerified bool `json:"email_verified"` FamilyName string `json:"family_name"` GivenName string `json:"given_name"` Identities []interface{} `json:"identities"` LastIP string `json:"last_ip"` LastLogin string `json:"last_login"` LastPasswordReset string `json:"last_password_reset"` LoginsCount int `json:"logins_count"` MultiFactor string `json:"multifactor"` Name string `json:"name"` Nickname string `json:"nickname"` PhoneNumber string `json:"phone_number"` PhoneVerified bool `json:"phone_verified"` Picture string `json:"picture"` UpdatedAt string `json:"updated_at"` UserID string `json:"user_id"` UserMetadata map[string]interface{} `json:"user_metadata"` Username string `json:"username"` }