Documentation ¶
Index ¶
- Constants
- type Module
- func (m *Module) AuthorizeGETHandler(c *gin.Context)
- func (m *Module) AuthorizePOSTHandler(c *gin.Context)
- func (m *Module) CallbackGETHandler(c *gin.Context)
- func (m *Module) FinalizePOSTHandler(c *gin.Context)
- func (m *Module) OobHandler(c *gin.Context)
- func (m *Module) RouteAuth(...)
- func (m *Module) RouteOauth(...)
- func (m *Module) SignInGETHandler(c *gin.Context)
- func (m *Module) SignInPOSTHandler(c *gin.Context)
- func (m *Module) TokenPOSTHandler(c *gin.Context)
- func (m *Module) ValidatePassword(ctx context.Context, email string, password string) (string, gtserror.WithCode)
Constants ¶
const ( // AuthSignInPath is the API path for users to sign in through AuthSignInPath = "/sign_in" // AuthCheckYourEmailPath users land here after registering a new account, instructs them to confirm their email AuthCheckYourEmailPath = "/check_your_email" // AuthWaitForApprovalPath users land here after confirming their email // but before an admin approves their account (if such is required) AuthWaitForApprovalPath = "/wait_for_approval" // AuthAccountDisabledPath users land here when their account is suspended by an admin AuthAccountDisabledPath = "/account_disabled" // AuthCallbackPath is the API path for receiving callback tokens from external OIDC providers AuthCallbackPath = "/callback" // OauthTokenPath is the API path to use for granting token requests to users with valid credentials OauthTokenPath = "/token" // #nosec G101 else we get a hardcoded credentials warning // OauthAuthorizePath is the API path for authorization requests (eg., authorize this app to act on my behalf as a user) OauthAuthorizePath = "/authorize" // OauthFinalizePath is the API path for completing user registration with additional user details OauthFinalizePath = "/finalize" // OauthOobTokenPath is the path for serving an html representation of an oob token page. OauthOobTokenPath = "/oob" // #nosec G101 else we get a hardcoded credentials warning )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Module ¶
type Module struct {
// contains filtered or unexported fields
}
func New ¶
New returns an Auth module which provides both 'oauth' and 'auth' endpoints.
It is safe to pass a nil idp if oidc is disabled.
func (*Module) AuthorizeGETHandler ¶
AuthorizeGETHandler should be served as GET at https://example.org/oauth/authorize The idea here is to present an oauth authorize page to the user, with a button that they have to click to accept.
func (*Module) AuthorizePOSTHandler ¶
AuthorizePOSTHandler should be served as POST at https://example.org/oauth/authorize At this point we assume that the user has A) logged in and B) accepted that the app should act for them, so we should proceed with the authentication flow and generate an oauth token for them if we can.
func (*Module) CallbackGETHandler ¶
CallbackGETHandler parses a token from an external auth provider.
func (*Module) FinalizePOSTHandler ¶
FinalizePOSTHandler registers the user after additional data has been provided
func (*Module) OobHandler ¶
func (*Module) RouteAuth ¶
func (m *Module) RouteAuth(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes)
RouteAuth routes all paths that should have an 'auth' prefix
func (*Module) RouteOauth ¶
func (m *Module) RouteOauth(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes)
RouteOauth routes all paths that should have an 'oauth' prefix
func (*Module) SignInGETHandler ¶
SignInGETHandler should be served at https://example.org/auth/sign_in. The idea is to present a sign in page to the user, where they can enter their username and password. The form will then POST to the sign in page, which will be handled by SignInPOSTHandler. If an idp provider is set, then the user will be redirected to that to do their sign in.
func (*Module) SignInPOSTHandler ¶
SignInPOSTHandler should be served at https://example.org/auth/sign_in. The idea is to present a sign in page to the user, where they can enter their username and password. The handler will then redirect to the auth handler served at /auth
func (*Module) TokenPOSTHandler ¶
TokenPOSTHandler should be served as a POST at https://example.org/oauth/token The idea here is to serve an oauth access token to a user, which can be used for authorizing against non-public APIs.
func (*Module) ValidatePassword ¶
func (m *Module) ValidatePassword(ctx context.Context, email string, password string) (string, gtserror.WithCode)
ValidatePassword takes an email address and a password. The goal is to authenticate the password against the one for that email address stored in the database. If OK, we return the userid (a ulid) for that user, so that it can be used in further Oauth flows to generate a token/retreieve an oauth client from the db.