Documentation
¶
Index ¶
- type Config
- type CookieSessionStore
- func (s *CookieSessionStore) Create(w http.ResponseWriter, data SessionData) error
- func (s *CookieSessionStore) Delete(w http.ResponseWriter, r *http.Request) error
- func (s *CookieSessionStore) Get(r *http.Request) (*SessionData, error)
- func (s *CookieSessionStore) RemoveCookie(rw http.ResponseWriter, r *http.Request)
- func (s *CookieSessionStore) Update(w http.ResponseWriter, _ *http.Request, data SessionData) error
- type Handler
- type IDTokenVerifier
- type OAuthProvider
- type Randr
- type Session
- type SessionData
- type SessionStore
- type StateCookie
- type StateData
- type TLS
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Issuer string `json:"issuer,omitempty"`
ClientID string `json:"clientId,omitempty"`
ClientSecret string `json:"clientSecret,omitempty"`
RedirectURL string `json:"redirectUrl,omitempty"`
LogoutURL string `json:"logoutUrl,omitempty"`
AuthParams map[string]string `json:"authParams,omitempty"`
Key string `json:"-"`
StateCookie StateCookie `json:"stateCookie,omitempty"`
Session Session `json:"session,omitempty"`
Scopes []string `json:"scopes,omitempty"`
ForwardHeaders map[string]string `json:"forwardHeaders,omitempty"`
Claims string `json:"claims,omitempty"`
}
Config holds the OIDC authentication configuration.
func (*Config) ApplyDefaultValues ¶
func (cfg *Config) ApplyDefaultValues()
ApplyDefaultValues applies default values on the given dynamic configuration.
type CookieSessionStore ¶
type CookieSessionStore struct {
// contains filtered or unexported fields
}
CookieSessionStore stores and retrieve session information in given request cookies.
func NewCookieSessionStore ¶
func NewCookieSessionStore(name string, block cipher.Block, cfg *Session, rand Randr, maxSize int) *CookieSessionStore
NewCookieSessionStore creates a cookie session store.
func (*CookieSessionStore) Create ¶
func (s *CookieSessionStore) Create(w http.ResponseWriter, data SessionData) error
Create stores the session data into the request cookies.
func (*CookieSessionStore) Delete ¶
func (s *CookieSessionStore) Delete(w http.ResponseWriter, r *http.Request) error
Delete sets the cookie on the HTTP response to be expired, effectively logging out its owner.
func (*CookieSessionStore) Get ¶
func (s *CookieSessionStore) Get(r *http.Request) (*SessionData, error)
Get retrieves the session from the request cookies.
func (*CookieSessionStore) RemoveCookie ¶
func (s *CookieSessionStore) RemoveCookie(rw http.ResponseWriter, r *http.Request)
RemoveCookie removes the session cookie from the request.
func (*CookieSessionStore) Update ¶
func (s *CookieSessionStore) Update(w http.ResponseWriter, _ *http.Request, data SessionData) error
Update is the same as Create and only exists to satisfy the SessionStore interface.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler performs OIDC authentication and authorisation on incoming requests.
func NewHandler ¶
NewHandler creates a new instance of a Handler from an auth source.
type IDTokenVerifier ¶
IDTokenVerifier represents a type that can verify an ID token.
type OAuthProvider ¶
type OAuthProvider interface {
AuthCodeURL(string, ...oauth2.AuthCodeOption) string
Exchange(context.Context, string, ...oauth2.AuthCodeOption) (*oauth2.Token, error)
TokenSource(ctx context.Context, t *oauth2.Token) oauth2.TokenSource
}
OAuthProvider represents a structure that can interface with an OAuth provider.
type Session ¶
type Session struct {
SameSite string `json:"sameSite,omitempty"`
Secure bool `json:"secure,omitempty"`
Domain string `json:"domain,omitempty"`
Path string `json:"path,omitempty"`
Refresh *bool `json:"refresh,omitempty"`
}
Session holds session configuration.
type SessionData ¶
type SessionData struct {
AccessToken string
TokenType string
RefreshToken string
IDToken string
// Expiry is the expiration time of the access token.
Expiry time.Time
}
SessionData is the state of the session.
func (SessionData) IsExpired ¶
func (d SessionData) IsExpired() bool
IsExpired determines if the current access token is expired.
func (SessionData) ToToken ¶
func (d SessionData) ToToken() *oauth2.Token
ToToken returns an OAuth2 Token from the session data.
type SessionStore ¶
type SessionStore interface {
Create(http.ResponseWriter, SessionData) error
Update(http.ResponseWriter, *http.Request, SessionData) error
Delete(http.ResponseWriter, *http.Request) error
Get(*http.Request) (*SessionData, error)
RemoveCookie(http.ResponseWriter, *http.Request)
}
SessionStore represents a type that can manage a session for a given request.
type StateCookie ¶
type StateCookie struct {
SameSite string `json:"sameSite,omitempty"`
Secure bool `json:"secure,omitempty"`
Domain string `json:"domain,omitempty"`
Path string `json:"path,omitempty"`
}
StateCookie holds state cookie configuration.
type StateData ¶
type StateData struct {
// RedirectID is used to prevent CSRF and XSRF attacks.
RedirectID string
// Nonce is used to mitigate replay attacks.
Nonce string
// OriginURL is the actual resource initially requested by the client.
OriginURL string
// CodeVerifier is used to generate code challenges when using PKCE.
// It is only set when using PKCE.
CodeVerifier string
}
StateData is the initial data captured at redirect time. See https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Source Files