Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator interface {
AuthenticateToken(ctx context.Context, token string) (bool, error)
AuthenticateRequest(req *http.Request, rw http.ResponseWriter) (bool, error)
SetCallbackURL(url string)
}
Authenticator is the interface implemented by OIDCAuthenticator
type ImpersonationHeaders ¶
type ImpersonationHeaders struct {
User string `json:"preferred_username"`
Groups []string `json:"groups"`
}
ImpersonationHeaders returns the user and group impersonation headers from JWT tokens
func GetImpersonationHeadersFromRequest ¶
func GetImpersonationHeadersFromRequest(req *http.Request) (ImpersonationHeaders, error)
GetImpersonationHeadersFromRequest returns the user and group fields from the bearer token to be used as impersonation headers for the API server request
type OIDCAuthenticator ¶
type OIDCAuthenticator struct {
ExternalProvider *oidc.Provider
Log *zap.SugaredLogger
// contains filtered or unexported fields
}
OIDCAuthenticator authenticates incoming requests against the Identity Provider
func NewAuthenticator ¶
func NewAuthenticator(oidcConfig *OIDCConfiguration, log *zap.SugaredLogger, client k8sclient.Client) (*OIDCAuthenticator, error)
NewAuthenticator returns a new OIDC authenticator with an initialized verifier
func (*OIDCAuthenticator) AuthenticateRequest ¶
func (a *OIDCAuthenticator) AuthenticateRequest(req *http.Request, rw http.ResponseWriter) (bool, error)
AuthenticateRequest performs login redirect if the authorization header is not provided. If the header is provided, the bearer token is validated against the OIDC key
func (*OIDCAuthenticator) AuthenticateToken ¶
AuthenticateToken verifies a given bearer token against the OIDC key and verifies the issuer is correct
func (*OIDCAuthenticator) SetCallbackURL ¶
func (a *OIDCAuthenticator) SetCallbackURL(url string)
SetCallbackURL sets the OIDC Callback URL for redirects
Source Files