infra-auth-lib

module

v0.0.2-rc.2 Latest Latest Go to latest Published: Apr 20, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stackrox/infra-auth-lib

README ¶

infra-auth-lib

Auth Library for infra&automation services for OIDC.

How to create the OIDC configuration file

Create an OIDC application on your identity provider. Remember client ID, client secret, issuer, and which endpoint(s) you configured.

Generate a session secret with:

python3 -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())'

Create the file. Your oidc.yaml config can look like this, if the IDP is reachable from your backend server.

issuer: https://idp.company.corp

If your IDP is not reachable from your backend server, you must provide the provider configuration offline. Your oidc.yaml may look like:

offlineProviderConfig: true
issuer: https://idp.company.corp
authUrl: https://idp.company.corp/oauth/authorize
tokenUrl: https://idp.company.corp/oauth/token
userInfoUrl: https://idp.company.corp/oauth/userinfo
jwksUrl: https://idp.company.corp/oauth/discovery/keys
algorithms:
  - RS256

In any case, add client and session information, endpoint, additional access token claims, allowed email suffix, and blocked email addresses to this file:

clientID: awesome-application-id
clientSecret: Y0xZeFNYVVNkLWJMRWJ0cXNzbmk4QUNna3o1dGUyOTZsUWRCcjFBak51Yz0K
sessionSecret: Tf12qmXZ5y3kWK5M9wmc_dXjN0GUwhtEcErixd07n1U=
endpoint: localhost:8443
accessTokenClaims:
  - value: https://idp.company.corp
    op: eq
    path: iss
  - value: authorized-users
    op: in
    path: realm_access.roles
allowedEmailSuffix: "@company.com"
emailBlockList:
  - donotreply@invalid.domain

Directories ¶

Path	Synopsis
auth Package auth facilitates an OAuth login/logout flow.	Package auth facilitates an OAuth login/logout flow.
claimrule
config Package config provides configurability for the entire application.	Package config provides configurability for the entire application.
generated
go/proto/api/v1 Package v1 is a reverse proxy.	Package v1 is a reverse proxy.
service
middleware Package middleware provides functionality for instrumenting and enriching grpc connections.	Package middleware provides functionality for instrumenting and enriching grpc connections.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL