providers

package
v0.0.0-...-262384c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2019 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AzureProvider 

type AzureProvider struct {
	*ProviderData
	Tenant          string
	PermittedGroups map[string]string
	ExemptedUsers   map[string]string
}

func NewAzureProvider 

func NewAzureProvider(p *ProviderData) *AzureProvider

func (*AzureProvider) Configure 

func (p *AzureProvider) Configure(tenant string)

func (*AzureProvider) GetAllGroupMemberships 

func (p *AzureProvider) GetAllGroupMemberships(s *SessionState, f string) (map[string]string, error)

Get group membership on behalf of user

func (*AzureProvider) GetGroups 

func (p *AzureProvider) GetGroups(s *SessionState, f string) (map[string]string, error)

Get list of groups user belong to. Filter the desired names of groups (in case of huge group set)

func (*AzureProvider) GetLoginURL 

func (p *AzureProvider) GetLoginURL(redirectURI, state string) string

func (*AzureProvider) GetUserDetails 

func (p *AzureProvider) GetUserDetails(s *SessionState) (map[string]string, error)

func (*AzureProvider) GroupPermitted 

func (p *AzureProvider) GroupPermitted(gName *string, gID *string) bool

func (*AzureProvider) HasGroupMembership 

func (p *AzureProvider) HasGroupMembership(s *SessionState, gName string, gID string) (bool, error)

Verify logged user is member of specific group

func (*AzureProvider) SetGroupRestriction 

func (p *AzureProvider) SetGroupRestriction(groups []string)

func (*AzureProvider) SetGroupsExemption 

func (p *AzureProvider) SetGroupsExemption(exemptions []string)

func (*AzureProvider) ValidateExemptions 

func (p *AzureProvider) ValidateExemptions(s *SessionState) (bool, string)

ValidateExemptions checks if we can allow user login dispite group membership returned failure

func (*AzureProvider) ValidateGroup 

func (p *AzureProvider) ValidateGroup(s *SessionState) bool

type FacebookProvider 

type FacebookProvider struct {
	*ProviderData
}

func NewFacebookProvider 

func NewFacebookProvider(p *ProviderData) *FacebookProvider

func (*FacebookProvider) GetEmailAddress 

func (p *FacebookProvider) GetEmailAddress(s *SessionState) (string, error)

func (*FacebookProvider) ValidateSessionState 

func (p *FacebookProvider) ValidateSessionState(s *SessionState) bool

type GitHubProvider 

type GitHubProvider struct {
	*ProviderData
	Org  string
	Team string
}

func NewGitHubProvider 

func NewGitHubProvider(p *ProviderData) *GitHubProvider

func (*GitHubProvider) GetEmailAddress 

func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error)

func (*GitHubProvider) GetUserName 

func (p *GitHubProvider) GetUserName(s *SessionState) (string, error)

func (*GitHubProvider) SetOrgTeam 

func (p *GitHubProvider) SetOrgTeam(org, team string)

type GitLabProvider 

type GitLabProvider struct {
	*ProviderData
}

func NewGitLabProvider 

func NewGitLabProvider(p *ProviderData) *GitLabProvider

func (*GitLabProvider) GetEmailAddress 

func (p *GitLabProvider) GetEmailAddress(s *SessionState) (string, error)

type GoogleProvider 

type GoogleProvider struct {
	*ProviderData
	RedeemRefreshURL *url.URL
	// GroupValidator is a function that determines if the passed email is in
	// the configured Google group.
	GroupValidator func(string) bool
}

func NewGoogleProvider 

func NewGoogleProvider(p *ProviderData) *GoogleProvider

func (*GoogleProvider) Redeem 

func (p *GoogleProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

func (*GoogleProvider) RefreshSessionIfNeeded 

func (p *GoogleProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

func (*GoogleProvider) SetGroupRestriction 

func (p *GoogleProvider) SetGroupRestriction(groups []string, adminEmail string, credentialsReader io.Reader)

SetGroupRestriction configures the GoogleProvider to restrict access to the specified group(s). AdminEmail has to be an administrative email on the domain that is checked. CredentialsFile is the path to a json file containing a Google service account credentials.

func (*GoogleProvider) ValidateGroup 

func (p *GoogleProvider) ValidateGroup(s *SessionState) bool

ValidateGroup validates that the provided email exists in the configured Google group(s).

type LinkedInProvider 

type LinkedInProvider struct {
	*ProviderData
}

func NewLinkedInProvider 

func NewLinkedInProvider(p *ProviderData) *LinkedInProvider

func (*LinkedInProvider) GetEmailAddress 

func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error)

func (*LinkedInProvider) ValidateSessionState 

func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool

type OIDCProvider 

type OIDCProvider struct {
	*ProviderData

	Verifier *oidc.IDTokenVerifier
}

func NewOIDCProvider 

func NewOIDCProvider(p *ProviderData) *OIDCProvider

func (*OIDCProvider) Redeem 

func (p *OIDCProvider) Redeem(redirectURL, code string) (s *SessionState, err error)

func (*OIDCProvider) RefreshSessionIfNeeded 

func (p *OIDCProvider) RefreshSessionIfNeeded(s *SessionState) (bool, error)

type Provider 

type Provider interface {
	Data() *ProviderData
	GetUserDetails(*SessionState) (map[string]string, error)
	GetUserName(*SessionState) (string, error)
	GetGroups(*SessionState, string) (map[string]string, error)
	Redeem(string, string) (*SessionState, error)
	ValidateGroup(*SessionState) bool
	ValidateExemptions(*SessionState) (bool, string)
	ValidateSessionState(*SessionState) bool
	GetLoginURL(redirectURI, finalRedirect string) string
	RefreshSessionIfNeeded(*SessionState) (bool, error)
	SessionFromCookie(string, *cookie.Cipher) (*SessionState, error)
	CookieForSession(*SessionState, *cookie.Cipher) (string, error)
}

func New 

func New(provider string, p *ProviderData) (Provider, error)

type ProviderData 

type ProviderData struct {
	ProviderName      string
	ClientID          string
	ClientSecret      string
	LoginURL          *url.URL
	RedeemURL         *url.URL
	ProfileURL        *url.URL
	ProtectedResource *url.URL
	ValidateURL       *url.URL
	Scope             string
	ApprovalPrompt    string
}

func (*ProviderData) CookieForSession 

func (p *ProviderData) CookieForSession(s *SessionState, c *cookie.Cipher) (string, error)

CookieForSession serializes a session state for storage in a cookie

func (*ProviderData) Data 

func (p *ProviderData) Data() *ProviderData

func (*ProviderData) GetGroups 

func (p *ProviderData) GetGroups(s *SessionState, f string) (map[string]string, error)

func (*ProviderData) GetLoginURL 

func (p *ProviderData) GetLoginURL(redirectURI, state string) string

GetLoginURL with typical oauth parameters

func (*ProviderData) GetUserDetails 

func (p *ProviderData) GetUserDetails(s *SessionState) (map[string]string, error)

func (*ProviderData) GetUserName 

func (p *ProviderData) GetUserName(s *SessionState) (string, error)

GetUserName returns the Account username

func (*ProviderData) Redeem 

func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error)

func (*ProviderData) RefreshSessionIfNeeded 

func (p *ProviderData) RefreshSessionIfNeeded(s *SessionState) (bool, error)

RefreshSessionIfNeeded

func (*ProviderData) SessionFromCookie 

func (p *ProviderData) SessionFromCookie(v string, c *cookie.Cipher) (s *SessionState, err error)

SessionFromCookie deserializes a session from a cookie value

func (*ProviderData) ValidateExemptions 

func (p *ProviderData) ValidateExemptions(s *SessionState) (bool, string)

ValidateExemptions checks if we can allow user login dispite group membership returned failure

func (*ProviderData) ValidateGroup 

func (p *ProviderData) ValidateGroup(s *SessionState) bool

ValidateGroup validates that the provided email exists in the configured provider email group(s).

func (*ProviderData) ValidateSessionState 

func (p *ProviderData) ValidateSessionState(s *SessionState) bool

type SessionState 

type SessionState struct {
	AccessToken  string
	IDToken      string
	ExpiresOn    time.Time
	RefreshToken string
	Email        string
	User         string
	ID           string
	Groups       string
}

func DecodeSessionState 

func DecodeSessionState(v string, c *cookie.Cipher) (s *SessionState, err error)

func (*SessionState) EncodeSessionState 

func (s *SessionState) EncodeSessionState(c *cookie.Cipher) (string, error)

func (*SessionState) EncryptedString 

func (s *SessionState) EncryptedString(c *cookie.Cipher) (string, error)

func (*SessionState) IsExpired 

func (s *SessionState) IsExpired() bool

func (*SessionState) String 

func (s *SessionState) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.