authentication

package
v0.131.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2023 License: Apache-2.0 Imports: 31 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCSRFMw 

func NewCSRFMw(config CSRFConfig) func(handler http.Handler) http.Handler

func NewLoadUserMw 

func NewLoadUserMw(config LoadUserConfig) func(handler http.Handler) http.Handler

func RedirectAlreadyAuthenticatedUsers 

func RedirectAlreadyAuthenticatedUsers(matchString, matchRegex []string) func(handler http.Handler) http.Handler

func RequiresAuthentication 

func RequiresAuthentication(handler http.Handler) http.Handler

func ValidateRedirectURIQueryParameter 

func ValidateRedirectURIQueryParameter(matchString, matchRegex []string) func(handler http.Handler) http.Handler

Types

type CSRFConfig 

type CSRFConfig struct {
	Path            string
	InsecureCookies bool
	Secret          []byte
}

type CSRFErrorHandler 

type CSRFErrorHandler struct {
	InsecureCookies bool
}

func (*CSRFErrorHandler) ServeHTTP 

func (u *CSRFErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type CSRFTokenHandler 

type CSRFTokenHandler struct{}

func (*CSRFTokenHandler) ServeHTTP 

func (_ *CSRFTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type Claims 

type Claims struct {
	Issuer            string                 `json:"iss"`
	Subject           string                 `json:"sub"`
	Name              string                 `json:"name"`
	GivenName         string                 `json:"given_name"`
	FamilyName        string                 `json:"family_name"`
	MiddleName        string                 `json:"middle_name"`
	NickName          string                 `json:"nickname"`
	PreferredUsername string                 `json:"preferred_username"`
	Profile           string                 `json:"profile"`
	Picture           string                 `json:"picture"`
	Website           string                 `json:"website"`
	Email             string                 `json:"email"`
	EmailVerified     bool                   `json:"email_verified"`
	Gender            string                 `json:"gender"`
	BirthDate         string                 `json:"birthdate"`
	ZoneInfo          string                 `json:"zoneinfo"`
	Locale            string                 `json:"locale"`
	Location          string                 `json:"location"`
	Raw               map[string]interface{} `json:"-"`
}

Claims decodes JWT claims. See https://www.iana.org/assignments/jwt/jwt.xhtml.

func (*Claims) Custom added in v0.131.0 

func (c *Claims) Custom() map[string]interface{}

Custom returns a non-nil map with claims from c.Raw that we do not parse explicitly

func (*Claims) ToUser added in v0.131.0 

func (c *Claims) ToUser() User

type ClaimsInfo 

type ClaimsInfo struct {
	ScopesSupported []string `json:"scopes_supported"`
	ClaimsSupported []string `json:"claims_supported"`
}

type GithubConfig 

type GithubConfig struct {
	ClientID           string
	ClientSecret       string
	ProviderID         string
	InsecureCookies    bool
	ForceRedirectHttps bool
	Cookie             *securecookie.SecureCookie
}

type GithubCookieHandler 

type GithubCookieHandler struct {
	// contains filtered or unexported fields
}

func NewGithubCookieHandler 

func NewGithubCookieHandler(log *zap.Logger) *GithubCookieHandler

func (*GithubCookieHandler) Register 

func (g *GithubCookieHandler) Register(authorizeRouter, callbackRouter *mux.Router, config GithubConfig, hooks Hooks)

type GithubUserEmail 

type GithubUserEmail struct {
	Email      string `json:"email"`
	Primary    bool   `json:"primary"`
	Verified   bool   `json:"verified"`
	Visibility string `json:"visibility"`
}

type GithubUserEmails 

type GithubUserEmails []GithubUserEmail

type GithubUserInfo 

type GithubUserInfo struct {
	AvatarURL string `json:"avatar_url"`
	ID        int64  `json:"id"`
	Location  string `json:"location"`
	Login     string `json:"login"`
	Name      string `json:"name"`
	NodeID    string `json:"node_id"`
}

type Hooks 

type Hooks struct {
	Client                     *hooks.Client
	Log                        *zap.Logger
	PostAuthentication         bool
	MutatingPostAuthentication bool
	PostLogout                 bool
}

type LoadUserConfig 

type LoadUserConfig struct {
	Log           *zap.Logger
	Cookie        *securecookie.SecureCookie
	JwksProviders []*wgpb.JwksAuthProvider
	Hooks         Hooks
}

type MutatingPostAuthenticationResponse 

type MutatingPostAuthenticationResponse struct {
	User    User   `json:"user"`
	Message string `json:"message"`
	Status  string `json:"status"`
}

type OpenIDConnectConfig 

type OpenIDConnectConfig struct {
	Issuer             string
	ClientID           string
	ClientSecret       string
	QueryParameters    []QueryParameter
	ProviderID         string
	InsecureCookies    bool
	ForceRedirectHttps bool
	Cookie             *securecookie.SecureCookie
}

type OpenIDConnectCookieHandler 

type OpenIDConnectCookieHandler struct {
	// contains filtered or unexported fields
}

func NewOpenIDConnectCookieHandler 

func NewOpenIDConnectCookieHandler(log *zap.Logger) *OpenIDConnectCookieHandler

func (*OpenIDConnectCookieHandler) Register 

func (h *OpenIDConnectCookieHandler) Register(authorizeRouter, callbackRouter *mux.Router, config OpenIDConnectConfig, hooks Hooks)

type OpenIDConnectFlavor added in v0.126.0 

type OpenIDConnectFlavor int
const (
	OpenIDConnectFlavorDefault OpenIDConnectFlavor = iota
	OpenIDConnectFlavorAuth0
)

type OpenIDConnectProvider added in v0.126.0 

type OpenIDConnectProvider struct {
	// contains filtered or unexported fields
}

func NewOpenIDConnectProvider added in v0.126.0 

func NewOpenIDConnectProvider(issuer string, clientID string, clientSecret string, opts *OpenIDConnectProviderOptions) (*OpenIDConnectProvider, error)

func (*OpenIDConnectProvider) Disconnect added in v0.126.0 

func (p *OpenIDConnectProvider) Disconnect(ctx context.Context, user *User) (*OpenIDDisconnectResult, error)

type OpenIDConnectProviderOptions added in v0.126.0 

type OpenIDConnectProviderOptions struct {
	Flavor     OpenIDConnectFlavor
	HTTPClient *http.Client
	Logger     *zap.Logger
}

type OpenIDConnectProviderSet added in v0.126.0 

type OpenIDConnectProviderSet struct {
	// contains filtered or unexported fields
}

func (*OpenIDConnectProviderSet) Add added in v0.126.0 

func (s *OpenIDConnectProviderSet) Add(id string, p *OpenIDConnectProvider) error

func (*OpenIDConnectProviderSet) ByID added in v0.126.0 

func (s *OpenIDConnectProviderSet) ByID(id string) (*OpenIDConnectProvider, error)

type OpenIDDisconnectResult added in v0.126.0 

type OpenIDDisconnectResult struct {
	// Redirect indicates an URL that must be visited by the client to complete the logout
	Redirect string `json:"redirect,omitempty"`
}

func (*OpenIDDisconnectResult) RequiresClientCooperation added in v0.126.0 

func (r *OpenIDDisconnectResult) RequiresClientCooperation() bool

type QueryParameter added in v0.108.0 

type QueryParameter struct {
	Name  string
	Value string
}

type RBACEnforcer 

type RBACEnforcer struct {
	// contains filtered or unexported fields
}

func NewRBACEnforcer 

func NewRBACEnforcer(operation *wgpb.Operation) *RBACEnforcer

func (*RBACEnforcer) Enforce 

func (e *RBACEnforcer) Enforce(r *http.Request) (proceed bool)

type RedirectURIValidator 

type RedirectURIValidator struct {
	// contains filtered or unexported fields
}

func NewRedirectValidator 

func NewRedirectValidator(matchString, matchRegex []string) *RedirectURIValidator

func (*RedirectURIValidator) GetValidatedRedirectURI 

func (v *RedirectURIValidator) GetValidatedRedirectURI(r *http.Request) (redirectURI string, authorized bool)

type User 

type User struct {
	ProviderName      string `json:"provider,omitempty"`
	ProviderID        string `json:"providerId,omitempty"`
	UserID            string `json:"userId,omitempty"`
	Name              string `json:"name,omitempty"`
	FirstName         string `json:"firstName,omitempty"`
	LastName          string `json:"lastName,omitempty"`
	MiddleName        string `json:"middleName,omitempty"`
	NickName          string `json:"nickName,omitempty"`
	PreferredUsername string `json:"preferredUsername,omitempty"`
	Profile           string `json:"profile,omitempty"`
	Picture           string `json:"picture,omitempty"`
	Website           string `json:"website,omitempty"`
	Email             string `json:"email,omitempty"`
	EmailVerified     bool   `json:"emailVerified,omitempty"`
	Gender            string `json:"gender,omitempty"`
	BirthDate         string `json:"birthDate,omitempty"`
	ZoneInfo          string `json:"zoneInfo,omitempty"`
	Locale            string `json:"locale,omitempty"`
	Location          string `json:"location,omitempty"`

	CustomClaims     map[string]interface{} `json:"customClaims,omitempty"`
	CustomAttributes []string               `json:"customAttributes,omitempty"`
	Roles            []string               `json:"roles"`
	ExpiresAt        time.Time              `json:"-"`
	ETag             string                 `json:"etag,omitempty"`
	FromCookie       bool                   `json:"fromCookie,omitempty"`
	AccessToken      json.RawMessage        `json:"accessToken,omitempty"`
	RawAccessToken   string                 `json:"rawAccessToken,omitempty"`
	IdToken          json.RawMessage        `json:"idToken,omitempty"`
	RawIDToken       string                 `json:"rawIdToken,omitempty"`
}

func UserFromContext 

func UserFromContext(ctx context.Context) *User

func (*User) Load 

func (u *User) Load(loader *UserLoader, r *http.Request) error

func (*User) RemoveInternalFields 

func (u *User) RemoveInternalFields()

RemoveInternalFields should be used before sending the user to the client to not expose internal fields

func (*User) Save 

func (u *User) Save(s *securecookie.SecureCookie, w http.ResponseWriter, r *http.Request, domain string, insecureCookies bool) error

type UserHandler added in v0.126.0 

type UserHandler struct {
	HasRevalidateHook bool
	MWClient          *hooks.Client
	Log               *zap.Logger
	Host              string
	InsecureCookies   bool
	Cookie            *securecookie.SecureCookie
}

func (*UserHandler) ServeHTTP added in v0.126.0 

func (u *UserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type UserLoadConfig 

type UserLoadConfig struct {
	// contains filtered or unexported fields
}

func (*UserLoadConfig) Keyfunc added in v0.128.0 

func (cfg *UserLoadConfig) Keyfunc() jwt.Keyfunc

Keyfunc returns a function for retrieving a token key from the UserLoadConfig's key set if there are any keys. Otherwise, it returns nil.

type UserLoader 

type UserLoader struct {
	// contains filtered or unexported fields
}

type UserLogoutHandler 

type UserLogoutHandler struct {
	InsecureCookies bool
	OpenIDProviders *OpenIDConnectProviderSet
	Hooks           Hooks
	Log             *zap.Logger
}

func (*UserLogoutHandler) ServeHTTP 

func (u *UserLogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.