Documentation ¶
Index ¶
- Constants
- Variables
- type AccessAuthenticator
- type AuthenticationChallenger
- type AuthenticationErrorHandler
- type AuthenticationErrorHandlers
- type AuthenticationHandler
- type AuthenticationRedirector
- type AuthenticationSuccessHandler
- type AuthenticationSuccessHandlers
- type AuthorizeAuthenticator
- type EmptyAuth
- type EmptyError
- type EmptySuccess
- type GrantCheck
- type GrantChecker
- type GrantErrorHandler
- type GrantHandler
Constants ¶
const ( // WarningHeaderMiscCode is the code for "Miscellaneous warning", which may be displayed to human users WarningHeaderMiscCode = "199" // The name of the agent adding the warning header WarningHeaderOpenShiftSource = "OpenShift" )
Variables ¶
var Allow = &fixedAuthenticator{true}
Allow implements Password, Assertion, and Client authentication to allow all requests
var Deny = &fixedAuthenticator{false}
Deny implements Password, Assertion, and Client authentication to deny all requests
Functions ¶
This section is empty.
Types ¶
type AccessAuthenticator ¶
type AccessAuthenticator struct {
// contains filtered or unexported fields
}
AccessAuthenticator implements osinserver.AccessHandler to ensure non-token requests are authenticated
func NewAccessAuthenticator ¶
func NewAccessAuthenticator(password authenticator.Password, assertion authenticator.Assertion, client authenticator.Client) *AccessAuthenticator
NewAccessAuthenticator returns a new AccessAuthenticator
func NewDenyAccessAuthenticator ¶
func NewDenyAccessAuthenticator() *AccessAuthenticator
NewDenyAccessAuthenticator returns an AccessAuthenticator which rejects all non-token access requests
func (*AccessAuthenticator) HandleAccess ¶
func (h *AccessAuthenticator) HandleAccess(ar *osin.AccessRequest, w http.ResponseWriter) error
HandleAccess implements osinserver.AccessHandler
type AuthenticationChallenger ¶
type AuthenticationChallenger interface { // AuthenticationChallenge take a request and return whatever challenge headers are appropriate. If none are appropriate, it should return an empty map, not nil. AuthenticationChallenge(req *http.Request) (header http.Header, err error) }
AuthenticationChallenger reacts to unauthenticated requests with challenges
type AuthenticationErrorHandler ¶
type AuthenticationErrorHandler interface { // AuthenticationNeeded reacts to authentication errors, returns true if the response was written, // and returns any unhandled error (which should be the original error in most cases) AuthenticationError(error, http.ResponseWriter, *http.Request) (handled bool, err error) }
AuthenticationErrorHandler reacts to authentication errors
type AuthenticationErrorHandlers ¶ added in v0.4.4
type AuthenticationErrorHandlers []AuthenticationErrorHandler
AuthenticationErrorHandlers combines multiple AuthenticationErrorHandler objects into a chain. Each handler is called in turn. If any handler writes the response, the chain is aborted. Otherwise, the next handler is called with the error returned from the previous handler.
func (AuthenticationErrorHandlers) AuthenticationError ¶ added in v0.4.4
func (all AuthenticationErrorHandlers) AuthenticationError(err error, w http.ResponseWriter, req *http.Request) (bool, error)
type AuthenticationHandler ¶
type AuthenticationHandler interface { // AuthenticationNeeded reacts to unauthenticated requests, and returns true if the response was written, AuthenticationNeeded(client api.Client, w http.ResponseWriter, req *http.Request) (handled bool, err error) }
AuthenticationHandler reacts to unauthenticated requests
func NewUnionAuthenticationHandler ¶
func NewUnionAuthenticationHandler(passedChallengers map[string]AuthenticationChallenger, passedRedirectors map[string]AuthenticationRedirector, errorHandler AuthenticationErrorHandler) AuthenticationHandler
NewUnionAuthenticationHandler returns an oauth.AuthenticationHandler that muxes multiple challenge handlers and redirect handlers
type AuthenticationRedirector ¶
type AuthenticationRedirector interface { // AuthenticationRedirect is expected to write a redirect to the ResponseWriter or to return an error. AuthenticationRedirect(w http.ResponseWriter, req *http.Request) (err error) }
AuthenticationRedirector reacts to unauthenticated requests with redirects
type AuthenticationSuccessHandler ¶
type AuthenticationSuccessHandler interface { // AuthenticationSucceeded reacts to a user authenticating, returns true if the response was written, // and returns false if the response was not written. AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error) }
AuthenticationSuccessHandler reacts to a user authenticating
type AuthenticationSuccessHandlers ¶
type AuthenticationSuccessHandlers []AuthenticationSuccessHandler
AuthenticationSuccessHandlers combines multiple AuthenticationSuccessHandler objects into a chain. On success, each handler is called. If any handler writes the response or returns an error, the chain is aborted.
func (AuthenticationSuccessHandlers) AuthenticationSucceeded ¶
func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)
type AuthorizeAuthenticator ¶
type AuthorizeAuthenticator struct {
// contains filtered or unexported fields
}
AuthorizeAuthenticator implements osinserver.AuthorizeHandler to ensure requests are authenticated
func NewAuthorizeAuthenticator ¶
func NewAuthorizeAuthenticator(request authenticator.Request, handler AuthenticationHandler, errorHandler AuthenticationErrorHandler) *AuthorizeAuthenticator
NewAuthorizeAuthenticator returns a new Authenticator
func (*AuthorizeAuthenticator) HandleAuthorize ¶
func (h *AuthorizeAuthenticator) HandleAuthorize(ar *osin.AuthorizeRequest, w http.ResponseWriter) (bool, error)
HandleAuthorize implements osinserver.AuthorizeHandler to ensure the AuthorizeRequest is authenticated. If the request is authenticated, UserData and Authorized are set and false is returned. If the request is not authenticated, the auth handler is called and the request is not authorized
type EmptyError ¶
type EmptyError struct{}
func (EmptyError) AuthenticationError ¶
func (EmptyError) AuthenticationError(err error, w http.ResponseWriter, req *http.Request) (bool, error)
func (EmptyError) GrantError ¶
func (EmptyError) GrantError(err error, w http.ResponseWriter, req *http.Request) (bool, error)
type EmptySuccess ¶
type EmptySuccess struct{}
func (EmptySuccess) AuthenticationSucceeded ¶
func (EmptySuccess) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)
type GrantCheck ¶
type GrantCheck struct {
// contains filtered or unexported fields
}
GrantCheck implements osinserver.AuthorizeHandler to ensure requested scopes have been authorized
func NewGrantCheck ¶
func NewGrantCheck(check GrantChecker, handler GrantHandler, errorHandler GrantErrorHandler) *GrantCheck
NewGrantCheck returns a new GrantCheck
func (*GrantCheck) HandleAuthorize ¶
func (h *GrantCheck) HandleAuthorize(ar *osin.AuthorizeRequest, w http.ResponseWriter) (bool, error)
HandleAuthorize implements osinserver.AuthorizeHandler to ensure the requested scopes have been authorized. The AuthorizeRequest.Authorized field must already be set to true for the grant check to occur. If the requested scopes are authorized, the AuthorizeRequest is unchanged. If the requested scopes are not authorized, or an error occurs, AuthorizeRequest.Authorized is set to false. If the response is written, true is returned. If the response is not written, false is returned.
type GrantChecker ¶
type GrantChecker interface { // HasAuthorizedClient returns true if the user has authorized the client for the requested grant HasAuthorizedClient(user user.Info, grant *api.Grant) (bool, error) }
GrantChecker is responsible for determining if a user has authorized a client for a requested grant
type GrantErrorHandler ¶
type GrantErrorHandler interface { // AuthenticationNeeded reacts to grant errors, returns true if the response was written, // and returns any unhandled error (which could be the original error) GrantError(error, http.ResponseWriter, *http.Request) (handled bool, err error) }
GrantErrorHandler reacts to grant errors
type GrantHandler ¶
type GrantHandler interface { // GrantNeeded reacts when a client requests an unauthorized grant, and returns true if the response was written // granted is true if authorization was granted // handled is true if the response was already written GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (granted, handled bool, err error) }
GrantHandler handles errors during the grant process, or the client requests an unauthorized grant
func NewAutoGrant ¶
func NewAutoGrant() GrantHandler
NewAutoGrant returns a grant handler that automatically approves client authorizations
func NewRedirectGrant ¶
func NewRedirectGrant(url string) GrantHandler
NewRedirectGrant returns a grant handler that redirects to the given URL when a grant is needed. The following query parameters are added to the URL:
then - original request URL client_id - requesting client's ID scopes - grant scope requested redirect_uri - original authorize request redirect_uri