Documentation ¶
Overview ¶
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
Index ¶
- Constants
- Variables
- func GetIDPCallbackURL() string
- func GetIDPCallbackURLDynamic() bool
- func GetIDPClientID() string
- func GetIDPSecret() string
- func GetIDPURL() string
- func GetIDPUserInfo() bool
- func GetRandomStateWithHMAC(length int) string
- func GetSTSEndpoint() string
- func IsIDPEnabled() bool
- type Config
- func (ac Config) AuthCodeURL(state string, opts ...xoauth2.AuthCodeOption) string
- func (ac Config) Client(ctx context.Context, t *xoauth2.Token) *http.Client
- func (ac Config) Exchange(ctx context.Context, code string, opts ...xoauth2.AuthCodeOption) (*xoauth2.Token, error)
- func (ac Config) PasswordCredentialsToken(ctx context.Context, username, password string) (*xoauth2.Token, error)
- func (ac Config) TokenSource(ctx context.Context, t *xoauth2.Token) xoauth2.TokenSource
- type Configuration
- type DiscoveryDoc
- type OpenIDPCfg
- type Provider
- type ProviderConfig
- type User
Constants ¶
const ( ConsoleMinIOServer = "CONSOLE_MINIO_SERVER" ConsoleIDPURL = "CONSOLE_IDP_URL" ConsoleIDPClientID = "CONSOLE_IDP_CLIENT_ID" ConsoleIDPSecret = "CONSOLE_IDP_SECRET" ConsoleIDPCallbackURL = "CONSOLE_IDP_CALLBACK" ConsoleIDPCallbackURLDynamic = "CONSOLE_IDP_CALLBACK_DYNAMIC" ConsoleIDPHmacPassphrase = "CONSOLE_IDP_HMAC_PASSPHRASE" ConsoleIDPHmacSalt = "CONSOLE_IDP_HMAC_SALT" ConsoleIDPScopes = "CONSOLE_IDP_SCOPES" ConsoleIDPUserInfo = "CONSOLE_IDP_USERINFO" ConsoleIDPTokenExpiration = "CONSOLE_IDP_TOKEN_EXPIRATION" )
Environment constants for console IDP/SSO configuration
Variables ¶
var DefaultIDPConfig = "_"
Functions ¶
func GetIDPCallbackURL ¶
func GetIDPCallbackURL() string
Public endpoint used by the identity oidcProvider when redirecting the user after identity verification
func GetIDPCallbackURLDynamic ¶
func GetIDPCallbackURLDynamic() bool
func GetIDPClientID ¶
func GetIDPClientID() string
func GetIDPSecret ¶
func GetIDPSecret() string
func GetIDPUserInfo ¶
func GetIDPUserInfo() bool
func GetRandomStateWithHMAC ¶
GetRandomStateWithHMAC computes message + hmac(message, pbkdf2(key, salt)) to be used as state during the oauth authorization
func GetSTSEndpoint ¶
func GetSTSEndpoint() string
func IsIDPEnabled ¶
func IsIDPEnabled() bool
Types ¶
type Config ¶
func (Config) AuthCodeURL ¶
func (ac Config) AuthCodeURL(state string, opts ...xoauth2.AuthCodeOption) string
func (Config) PasswordCredentialsToken ¶
func (Config) TokenSource ¶
type Configuration ¶
type Configuration interface { Exchange(ctx context.Context, code string, opts ...xoauth2.AuthCodeOption) (*xoauth2.Token, error) AuthCodeURL(state string, opts ...xoauth2.AuthCodeOption) string PasswordCredentialsToken(ctx context.Context, username, password string) (*xoauth2.Token, error) Client(ctx context.Context, t *xoauth2.Token) *http.Client TokenSource(ctx context.Context, t *xoauth2.Token) xoauth2.TokenSource }
type DiscoveryDoc ¶
type DiscoveryDoc struct { Issuer string `json:"issuer,omitempty"` AuthEndpoint string `json:"authorization_endpoint,omitempty"` TokenEndpoint string `json:"token_endpoint,omitempty"` UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"` RevocationEndpoint string `json:"revocation_endpoint,omitempty"` JwksURI string `json:"jwks_uri,omitempty"` ResponseTypesSupported []string `json:"response_types_supported,omitempty"` SubjectTypesSupported []string `json:"subject_types_supported,omitempty"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"` ScopesSupported []string `json:"scopes_supported,omitempty"` TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"` ClaimsSupported []string `json:"claims_supported,omitempty"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` }
DiscoveryDoc - parses the output from openid-configuration for example https://accounts.google.com/.well-known/openid-configuration
type OpenIDPCfg ¶
type OpenIDPCfg map[string]ProviderConfig
func (OpenIDPCfg) NewOauth2ProviderClient ¶
func (o OpenIDPCfg) NewOauth2ProviderClient(name string, scopes []string, r *http.Request, httpClient *http.Client) (*Provider, error)
NewOauth2ProviderClient instantiates a new oauth2 client using the `OpenIDPCfg` configuration struct. It returns a *Provider object that contains the necessary configuration to initiate an oauth2 authentication flow.
We only support Authentication with the Authorization Code Flow - spec: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
type Provider ¶
type Provider struct { // oauth2Config is an interface configuration that contains the following fields // Config{ // ClientID string // ClientSecret string // RedirectURL string // Endpoint oauth2.Endpoint // Scopes []string // } // - ClientID is the public identifier for this application // - ClientSecret is a shared secret between this application and the authorization server // - RedirectURL is the URL to redirect users going through // the OAuth flow, after the resource owner's URLs. // - Endpoint contains the resource server's token endpoint // URLs. These are constants specific to each server and are // often available via site-specific packages, such as // google.Endpoint or github.Endpoint. // - Scopes specifies optional requested permissions. ClientID string // if enabled means that we need extrace access_token as well UserInfo bool // contains filtered or unexported fields }
Provider is a wrapper of the oauth2 configuration and the oidc provider
func NewOauth2ProviderClient ¶
func NewOauth2ProviderClient(scopes []string, r *http.Request, httpClient *http.Client) (*Provider, error)
NewOauth2ProviderClient instantiates a new oauth2 client using the configured credentials it returns a *Provider object that contains the necessary configuration to initiate an oauth2 authentication flow.
We only support Authentication with the Authorization Code Flow - spec: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
func (*Provider) GenerateLoginURL ¶
GenerateLoginURL returns a new login URL based on the configured IDP
func (*Provider) VerifyIdentity ¶
func (client *Provider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)
VerifyIdentity will contact the configured IDP to the user identity based on the authorization code and state if the user is valid, then it will contact MinIO to get valid sts credentials based on the identity provided by the IDP
type ProviderConfig ¶
type ProviderConfig struct { URL string DisplayName string // user-provided - can be empty ClientID, ClientSecret string HMACSalt, HMACPassphrase string Scopes string Userinfo bool RedirectCallbackDynamic bool RedirectCallback string }
ProviderConfig - OpenID IDP Configuration for console.
type User ¶
type User struct { AppMetadata map[string]interface{} `json:"app_metadata"` Blocked bool `json:"blocked"` CreatedAt string `json:"created_at"` Email string `json:"email"` EmailVerified bool `json:"email_verified"` FamilyName string `json:"family_name"` GivenName string `json:"given_name"` Identities []interface{} `json:"identities"` LastIP string `json:"last_ip"` LastLogin string `json:"last_login"` LastPasswordReset string `json:"last_password_reset"` LoginsCount int `json:"logins_count"` MultiFactor string `json:"multifactor"` Name string `json:"name"` Nickname string `json:"nickname"` PhoneNumber string `json:"phone_number"` PhoneVerified bool `json:"phone_verified"` Picture string `json:"picture"` UpdatedAt string `json:"updated_at"` UserID string `json:"user_id"` UserMetadata map[string]interface{} `json:"user_metadata"` Username string `json:"username"` }