Documentation ¶
Index ¶
- func NewCSRFMw(config CSRFConfig) func(handler http.Handler) http.Handler
- func NewLoadUserMw(config LoadUserConfig) func(handler http.Handler) http.Handler
- func RedirectAlreadyAuthenticatedUsers(matchString, matchRegex []string) func(handler http.Handler) http.Handler
- func RequiresAuthentication(handler http.Handler) http.Handler
- func ValidateRedirectURIQueryParameter(matchString, matchRegex []string) func(handler http.Handler) http.Handler
- type CSRFConfig
- type CSRFErrorHandler
- type CSRFTokenHandler
- type Claims
- type ClaimsInfo
- type GithubConfig
- type GithubCookieHandler
- type GithubUserEmail
- type GithubUserEmails
- type GithubUserInfo
- type Hooks
- type LoadUserConfig
- type OpenIDConnectConfig
- type OpenIDConnectCookieHandler
- type OpenIDConnectFlavor
- type OpenIDConnectProvider
- type OpenIDConnectProviderOptions
- type OpenIDConnectProviderSet
- type OpenIDDisconnectResult
- type QueryParameter
- type RBACEnforcer
- type RedirectURIValidator
- type User
- type UserHandler
- type UserLoadConfig
- type UserLoader
- type UserLogoutHandler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewLoadUserMw ¶
func NewLoadUserMw(config LoadUserConfig) func(handler http.Handler) http.Handler
Types ¶
type CSRFConfig ¶
type CSRFErrorHandler ¶
type CSRFErrorHandler struct {
InsecureCookies bool
}
func (*CSRFErrorHandler) ServeHTTP ¶
func (u *CSRFErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type CSRFTokenHandler ¶
type CSRFTokenHandler struct{}
func (*CSRFTokenHandler) ServeHTTP ¶
func (*CSRFTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Claims ¶
type Claims struct { Issuer string `json:"iss"` Subject string `json:"sub"` Name string `json:"name"` GivenName string `json:"given_name"` FamilyName string `json:"family_name"` MiddleName string `json:"middle_name"` NickName string `json:"nickname"` PreferredUsername string `json:"preferred_username"` Profile string `json:"profile"` Picture string `json:"picture"` Website string `json:"website"` Email string `json:"email"` EmailVerified bool `json:"email_verified"` Gender string `json:"gender"` BirthDate string `json:"birthdate"` ZoneInfo string `json:"zoneinfo"` Locale string `json:"locale"` Location string `json:"location"` Raw map[string]interface{} `json:"-"` }
Claims decodes JWT claims. See https://www.iana.org/assignments/jwt/jwt.xhtml.
type ClaimsInfo ¶
type GithubConfig ¶
type GithubConfig struct { ClientID string ClientSecret string ProviderID string InsecureCookies bool ForceRedirectHttps bool Cookie *securecookie.SecureCookie }
type GithubCookieHandler ¶
type GithubCookieHandler struct {
// contains filtered or unexported fields
}
func NewGithubCookieHandler ¶
func NewGithubCookieHandler(log *zap.Logger) *GithubCookieHandler
func (*GithubCookieHandler) Register ¶
func (g *GithubCookieHandler) Register(authorizeRouter, callbackRouter *mux.Router, config GithubConfig, hooks Hooks)
type GithubUserEmail ¶
type GithubUserEmails ¶
type GithubUserEmails []GithubUserEmail
type GithubUserInfo ¶
type Hooks ¶
type Hooks interface { // PostAuthentication runs after authentication and doesn't mutate the user PostAuthentication(ctx context.Context, user *User) error // MutatingPostAuthentication runs after PostAuthentication and might mutate the user MutatingPostAuthentication(ctx context.Context, user *User) (*User, error) // PostLogout runs after logout and doesn't mutate the user PostLogout(ctx context.Context, user *User) error // RevalidateAuthentication is used when an API client request the // authenticated user to be revalidated. It might mutate the user RevalidateAuthentication(ctx context.Context, user *User) (*User, error) }
Hooks represents the interface for the available authentication hooks
type LoadUserConfig ¶
type LoadUserConfig struct { Log *zap.Logger Cookie *securecookie.SecureCookie JwksProviders []*wgpb.JwksAuthProvider Hooks Hooks }
type OpenIDConnectConfig ¶
type OpenIDConnectConfig struct { Issuer string ClientID string ClientSecret string QueryParameters []QueryParameter ProviderID string InsecureCookies bool ForceRedirectHttps bool Cookie *securecookie.SecureCookie }
type OpenIDConnectCookieHandler ¶
type OpenIDConnectCookieHandler struct {
// contains filtered or unexported fields
}
func NewOpenIDConnectCookieHandler ¶
func NewOpenIDConnectCookieHandler(log *zap.Logger) *OpenIDConnectCookieHandler
func (*OpenIDConnectCookieHandler) Register ¶
func (h *OpenIDConnectCookieHandler) Register(authorizeRouter, callbackRouter *mux.Router, config OpenIDConnectConfig, hooks Hooks)
type OpenIDConnectFlavor ¶ added in v0.126.0
type OpenIDConnectFlavor int
const ( OpenIDConnectFlavorDefault OpenIDConnectFlavor = iota OpenIDConnectFlavorAuth0 )
type OpenIDConnectProvider ¶ added in v0.126.0
type OpenIDConnectProvider struct {
// contains filtered or unexported fields
}
func NewOpenIDConnectProvider ¶ added in v0.126.0
func NewOpenIDConnectProvider(issuer string, clientID string, clientSecret string, opts *OpenIDConnectProviderOptions) (*OpenIDConnectProvider, error)
func (*OpenIDConnectProvider) Disconnect ¶ added in v0.126.0
func (p *OpenIDConnectProvider) Disconnect(ctx context.Context, user *User) (*OpenIDDisconnectResult, error)
type OpenIDConnectProviderOptions ¶ added in v0.126.0
type OpenIDConnectProviderOptions struct { Flavor OpenIDConnectFlavor HTTPClient *http.Client Logger *zap.Logger }
type OpenIDConnectProviderSet ¶ added in v0.126.0
type OpenIDConnectProviderSet struct {
// contains filtered or unexported fields
}
func (*OpenIDConnectProviderSet) Add ¶ added in v0.126.0
func (s *OpenIDConnectProviderSet) Add(id string, p *OpenIDConnectProvider) error
func (*OpenIDConnectProviderSet) ByID ¶ added in v0.126.0
func (s *OpenIDConnectProviderSet) ByID(id string) (*OpenIDConnectProvider, error)
type OpenIDDisconnectResult ¶ added in v0.126.0
type OpenIDDisconnectResult struct { // Redirect indicates an URL that must be visited by the client to complete the logout Redirect string `json:"redirect,omitempty"` }
func (*OpenIDDisconnectResult) RequiresClientCooperation ¶ added in v0.126.0
func (r *OpenIDDisconnectResult) RequiresClientCooperation() bool
type QueryParameter ¶ added in v0.108.0
type RBACEnforcer ¶
type RBACEnforcer struct {
// contains filtered or unexported fields
}
func NewRBACEnforcer ¶
func NewRBACEnforcer(operation *wgpb.Operation) *RBACEnforcer
type RedirectURIValidator ¶
type RedirectURIValidator struct {
// contains filtered or unexported fields
}
func NewRedirectValidator ¶
func NewRedirectValidator(matchString, matchRegex []string) *RedirectURIValidator
func (*RedirectURIValidator) GetValidatedRedirectURI ¶
func (v *RedirectURIValidator) GetValidatedRedirectURI(r *http.Request) (redirectURI string, authorized bool)
type User ¶
type User struct { ProviderName string `json:"provider,omitempty"` ProviderID string `json:"providerId,omitempty"` UserID string `json:"userId,omitempty"` Name string `json:"name,omitempty"` FirstName string `json:"firstName,omitempty"` LastName string `json:"lastName,omitempty"` MiddleName string `json:"middleName,omitempty"` NickName string `json:"nickName,omitempty"` PreferredUsername string `json:"preferredUsername,omitempty"` Profile string `json:"profile,omitempty"` Picture string `json:"picture,omitempty"` Website string `json:"website,omitempty"` Email string `json:"email,omitempty"` EmailVerified bool `json:"emailVerified,omitempty"` Gender string `json:"gender,omitempty"` BirthDate string `json:"birthDate,omitempty"` ZoneInfo string `json:"zoneInfo,omitempty"` Locale string `json:"locale,omitempty"` Location string `json:"location,omitempty"` CustomClaims map[string]interface{} `json:"customClaims,omitempty"` CustomAttributes []string `json:"customAttributes,omitempty"` Roles []string `json:"roles"` /* Internal fields */ ExpiresAt time.Time `json:"-"` ETag string `json:"etag,omitempty"` FromCookie bool `json:"fromCookie,omitempty"` AccessToken json.RawMessage `json:"accessToken,omitempty"` RawAccessToken string `json:"rawAccessToken,omitempty"` IdToken json.RawMessage `json:"idToken,omitempty"` RawIDToken string `json:"rawIdToken,omitempty"` }
User holds user data for non public APIs (backend and hooks). Before exposing a User publicly, always call User.ToPublic().
XXX: Keep in sync with the TS side (wellKnownClaimField, type User, type WunderGraphUser)
func UserFromContext ¶
func (*User) Save ¶
func (u *User) Save(s *securecookie.SecureCookie, w http.ResponseWriter, r *http.Request, domain string, insecureCookies bool) error
func (*User) ToPublic ¶ added in v0.132.0
ToPublic returns a copy of the User with fields non intended for public consumption erased. If publicClaims is non-empty, only fields listed in it are included. Each public claim must be either a well known claim (as in the WG_CLAIM enum) or a JSON path to a custom claim.
type UserHandler ¶ added in v0.126.0
type UserHandler struct { Log *zap.Logger Host string InsecureCookies bool Hooks Hooks Cookie *securecookie.SecureCookie PublicClaims []string }
func (*UserHandler) ServeHTTP ¶ added in v0.126.0
func (u *UserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type UserLoadConfig ¶
type UserLoadConfig struct {
// contains filtered or unexported fields
}
func (*UserLoadConfig) Keyfunc ¶ added in v0.128.0
func (cfg *UserLoadConfig) Keyfunc() jwt.Keyfunc
Keyfunc returns a function for retrieving a token key from the UserLoadConfig's key set if there are any keys. Otherwise, it returns nil.
type UserLoader ¶
type UserLoader struct {
// contains filtered or unexported fields
}
type UserLogoutHandler ¶
type UserLogoutHandler struct { InsecureCookies bool OpenIDProviders *OpenIDConnectProviderSet Hooks Hooks Log *zap.Logger }
func (*UserLogoutHandler) ServeHTTP ¶
func (u *UserLogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)