Documentation ¶
Index ¶
Constants ¶
const ( IdentifierDuoMfa = "DUO WEB" IdentifierSmsMfa = "OKTA SMS" IdentifierEmailMfa = "OKTA EMAIL" IdentifierPushMfa = "OKTA PUSH" IdentifierTotpMfa = "GOOGLE TOKEN:SOFTWARE:TOTP" IdentifierOktaTotpMfa = "OKTA TOKEN:SOFTWARE:TOTP" IdentifierSymantecTotpMfa = "SYMANTEC TOKEN" IdentifierFIDOWebAuthn = "FIDO WEBAUTHN" IdentifierYubiMfa = "YUBICO TOKEN:HARDWARE" )
const ( MaxOpenRetries = 10 RetryDelayMS = 200 * time.Millisecond )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthRequest ¶
type AuthRequest struct { Username string `json:"username"` Password string `json:"password"` StateToken string `json:"stateToken,omitempty"` }
AuthRequest represents an mfa okta request
type Client ¶
type Client struct { provider.ValidateBase // contains filtered or unexported fields }
Client is a wrapper representing a Okta SAML client
func (*Client) Authenticate ¶
func (oc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error)
Authenticate logs into Okta and returns a SAML response
type DUOU2FClient ¶ added in v2.36.8
type DUOU2FClient struct { ChallengeNonce string AppID string Version string Device u2fhost.Device KeyHandle string StateToken string }
DUOU2fClient represents a challenge and the device used to respond
func NewDUOU2FClient ¶ added in v2.36.8
func NewDUOU2FClient(challengeNonce, appID, version, keyHandle, stateToken string, deviceFinder DeviceFinder) (*DUOU2FClient, error)
NewDUOU2FClient returns a new initialized DUOU2F-based WebAuthnClient, representing a single device
func (*DUOU2FClient) ChallengeU2F ¶ added in v2.36.8
func (d *DUOU2FClient) ChallengeU2F() (*ResponseData, error)
ChallengeU2F takes a FidoClient and returns a signed assertion to send to Okta
type DeviceFinder ¶
type DeviceFinder interface {
// contains filtered or unexported methods
}
DeviceFinder is used to mock out finding devices
type FidoClient ¶
type FidoClient struct { ChallengeNonce string AppID string Version string Device u2fhost.Device KeyHandle string StateToken string }
FidoClient represents a challenge and the device used to respond
func NewFidoClient ¶
func NewFidoClient(challengeNonce, appID, version, keyHandle, stateToken string, deviceFinder DeviceFinder) (FidoClient, error)
NewFidoClient returns a new initialized FIDO1-based WebAuthnClient, representing a single device
func (*FidoClient) ChallengeU2F ¶
func (d *FidoClient) ChallengeU2F() (*SignedAssertion, error)
ChallengeU2F takes a FidoClient and returns a signed assertion to send to Okta
type ResponseData ¶ added in v2.36.8
type ResponseData struct { SessionId string `json:"sessionId"` ClientData string `json:"clientData"` SignatureData string `json:"signatureData"` KeyHandle string `json:"keyHandle"` }
ResponseData is passed back to DUO as a response
type SessionRequst ¶ added in v2.31.0
type SessionRequst struct {
SessionToken string `json:"sessionToken"`
}
SessionRequst holds the SessionToken used to create an Okta Session
type SignedAssertion ¶
type SignedAssertion struct { StateToken string `json:"stateToken"` ClientData string `json:"clientData"` SignatureData string `json:"signatureData"` AuthenticatorData string `json:"authenticatorData"` }
SignedAssertion is passed back to Okta as response
func ChallengeSystemWebAuthn ¶ added in v2.36.14
func ChallengeSystemWebAuthn(challengeNonce, appID, stateToken string) (*SignedAssertion, error)
ChallengeSystemWebAuthn challenges the system level WebAuthn API (e.g. Windows Hello) and returns a SignedAssertion
type U2FDevice ¶
type U2FDevice interface { u2fhost.Device }
U2FDevice is used to support mocking this device with mockery https://github.com/vektra/mockery/issues/210#issuecomment-485026348
type VerifyRequest ¶
type VerifyRequest struct { StateToken string `json:"stateToken"` PassCode string `json:"passCode,omitempty"` RememberDevice string `json:"rememberDevice,omitempty"` // This is needed to remember Okta MFA device }
VerifyRequest represents an mfa verify request