Documentation
¶
Index ¶
- Constants
- func New(db db.DB, idp oidc.IDP, processor processing.Processor) api.ClientModule
- type Module
- func (m *Module) AuthorizeGETHandler(c *gin.Context)
- func (m *Module) AuthorizePOSTHandler(c *gin.Context)
- func (m *Module) CallbackGETHandler(c *gin.Context)
- func (m *Module) Route(s router.Router) error
- func (m *Module) SignInGETHandler(c *gin.Context)
- func (m *Module) SignInPOSTHandler(c *gin.Context)
- func (m *Module) TokenPOSTHandler(c *gin.Context)
- func (m *Module) ValidatePassword(ctx context.Context, email string, password string) (string, gtserror.WithCode)
Constants ¶
const ( // AuthSignInPath is the API path for users to sign in through AuthSignInPath = "/auth/sign_in" // CheckYourEmailPath users land here after registering a new account, instructs them to confirm thier email CheckYourEmailPath = "/check_your_email" // WaitForApprovalPath users land here after confirming thier email but before an admin approves thier account // (if such is required) WaitForApprovalPath = "/wait_for_approval" // AccountDisabledPath users land here when thier account is suspended by an admin AccountDisabledPath = "/account_disabled" // OauthTokenPath is the API path to use for granting token requests to users with valid credentials OauthTokenPath = "/oauth/token" // OauthAuthorizePath is the API path for authorization requests (eg., authorize this app to act on my behalf as a user) OauthAuthorizePath = "/oauth/authorize" // CallbackPath is the API path for receiving callback tokens from external OIDC providers CallbackPath = oidc.CallbackPath )
#nosec G101
Variables ¶
This section is empty.
Functions ¶
func New ¶
func New(db db.DB, idp oidc.IDP, processor processing.Processor) api.ClientModule
New returns a new auth module
Types ¶
type Module ¶
type Module struct {
// contains filtered or unexported fields
}
Module implements the ClientAPIModule interface for
func (*Module) AuthorizeGETHandler ¶
AuthorizeGETHandler should be served as GET at https://example.org/oauth/authorize The idea here is to present an oauth authorize page to the user, with a button that they have to click to accept.
func (*Module) AuthorizePOSTHandler ¶
AuthorizePOSTHandler should be served as POST at https://example.org/oauth/authorize At this point we assume that the user has A) logged in and B) accepted that the app should act for them, so we should proceed with the authentication flow and generate an oauth token for them if we can.
func (*Module) CallbackGETHandler ¶
CallbackGETHandler parses a token from an external auth provider.
func (*Module) SignInGETHandler ¶
SignInGETHandler should be served at https://example.org/auth/sign_in. The idea is to present a sign in page to the user, where they can enter their username and password. The form will then POST to the sign in page, which will be handled by SignInPOSTHandler. If an idp provider is set, then the user will be redirected to that to do their sign in.
func (*Module) SignInPOSTHandler ¶
SignInPOSTHandler should be served at https://example.org/auth/sign_in. The idea is to present a sign in page to the user, where they can enter their username and password. The handler will then redirect to the auth handler served at /auth
func (*Module) TokenPOSTHandler ¶
TokenPOSTHandler should be served as a POST at https://example.org/oauth/token The idea here is to serve an oauth access token to a user, which can be used for authorizing against non-public APIs.
func (*Module) ValidatePassword ¶
func (m *Module) ValidatePassword(ctx context.Context, email string, password string) (string, gtserror.WithCode)
ValidatePassword takes an email address and a password. The goal is to authenticate the password against the one for that email address stored in the database. If OK, we return the userid (a ulid) for that user, so that it can be used in further Oauth flows to generate a token/retreieve an oauth client from the db.
Source Files