Documentation
¶
Index ¶
- Constants
- Variables
- type Authorizer
- func (authorizer *Authorizer) Apply(server *cachaca.Server) error
- func (authorizer *Authorizer) AuthorizeGrpc(ctx context.Context) (context.Context, error)
- func (authorizer *Authorizer) AuthorizeHTTP(ctx *gin.Context) error
- func (authorizer *Authorizer) RegisterRelyingParty(name string, relyingParty rp.RelyingParty)
- type Credentials
- type MemoryStorage
- type Option
- type RedisStorage
- type Session
- type SessionCallbackFunc
- type Storage
- type StorageOptions
- type TokenCallBackOptions
- type URLOptions
Constants ¶
const ( CookiePrefix = "cachaca" MaxSessionAge = time.Hour SessionKeyBitLength = 512 )
const ( MaxSessionKeyLength = 4096 StateKeyBitLength = 256 BitsPerByte = 8 )
Variables ¶
var ( ErrMissingAuthorizationHeader = errors.New("missing authorization header") ErrUnknownIssuer = errors.New("unknown issuer") ErrMissingSessionID = errors.New("missing session id") )
var ( ErrSessionTokenTooLong = errors.New("session token too long") ErrStateMismatch = errors.New("state mismatch") ErrAlgorithmValidationFailed = errors.New("algorithm validation failed") ErrTokenHeaderMissing = errors.New("token header missing") )
var ErrNotFound = errors.New("not found")
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer provides an OAuth/OIDC enabled mechanism for verifying the identity of a user through OAuth and OIDC. The authorizer handles the communication and authentication flow with the OAuth/OIDC provider and handles session management.
After authentication with the OAuth/OIDC provider and completing the authentication flow, the clients will have to provide a bearer token or session cookie which will be used to identify the users. This token/cookie is a short-lived JWT with configurable claims. By default, the access token, refresh token and other user information is not stored in the session JWT for security reasons. This behaviour can be overridden by providing a custom SessionCallback.
An `oidc.Credentials` object will be passed into the calling context. It provides the claims from the session JWT. The information received from the OAuth/OIDC provider (such as the access token) can optionally be stored in a pluggable storage interface - and can be lazy-loaded through the provided `oidc.Credentials` object.
func NewAuthorizer ¶
func NewAuthorizer(signingKey *jose.SigningKey, opts ...Option) *Authorizer
func (*Authorizer) AuthorizeGrpc ¶
AuthorizeGrpc implements the `auth.Authorizer` interface and injects the session information into the gRPC context.
func (*Authorizer) AuthorizeHTTP ¶
func (authorizer *Authorizer) AuthorizeHTTP(ctx *gin.Context) error
AuthorizeHTTP implements the `auth.Authorizer` interface and injects the session information into the GIN context.
func (*Authorizer) RegisterRelyingParty ¶
func (authorizer *Authorizer) RegisterRelyingParty(name string, relyingParty rp.RelyingParty)
RegisterRelyingParty registers an OAuth/OIDC relying party. The passed name will be used in the login path to identify which provider to use. Please note that the issuer string of the relying party must also be unique and will be used to validate sessions. Therefore all services consuming the session (JWT) token must have the same relying parties configured.
type Credentials ¶
Credentials represents the (validated) client credentials. It directly exposes the standard JWT claims that were provided by the client. Custom claims can be retrieved using the `GetCustomClaims` method. To reduce calls to the storage backend, credentials lazy loads the OAuth2/OIDC tokens/sessions if requested through the `GetSession` method.
func (*Credentials) GetCustomClaims ¶
func (c *Credentials) GetCustomClaims(claims ...interface{}) error
func (*Credentials) GetProvider ¶
func (c *Credentials) GetProvider() rp.RelyingParty
func (*Credentials) GetSession ¶
func (c *Credentials) GetSession(ctx context.Context) (*Session, error)
type MemoryStorage ¶
type MemoryStorage struct {
// contains filtered or unexported fields
}
func NewMemoryStorage ¶
func NewMemoryStorage() *MemoryStorage
func (*MemoryStorage) Delete ¶
func (s *MemoryStorage) Delete(_ context.Context, sessionID string) error
type Option ¶
type Option interface {
// contains filtered or unexported methods
}
func WithCallbackURL ¶
func WithErrorURL ¶
func WithLoginURL ¶
func WithLogoutURL ¶
func WithStorage ¶
func WithSuccessURL ¶
func WithTokenCallback ¶
func WithTokenCallback(tokenCallback SessionCallbackFunc) Option
type RedisStorage ¶
type RedisStorage struct {
// contains filtered or unexported fields
}
func NewRedisStorage ¶
func NewRedisStorage(client rueidis.Client, cacheTimeout time.Duration) *RedisStorage
func (*RedisStorage) Delete ¶
func (s *RedisStorage) Delete(ctx context.Context, sessionID string) error
type Session ¶
type Session struct {
*oidc.Tokens[*oidc.IDTokenClaims]
ID string `json:"id"`
UserInfo *oidc.UserInfo `json:"userInfo,omitempty"`
Issuer string `json:"issuer,omitempty"`
// contains filtered or unexported fields
}
type SessionCallbackFunc ¶
type StorageOptions ¶
type StorageOptions struct {
// contains filtered or unexported fields
}
type TokenCallBackOptions ¶
type TokenCallBackOptions struct {
// contains filtered or unexported fields
}
type URLOptions ¶
type URLOptions struct {
// contains filtered or unexported fields
}
Source Files