oidc

package
v0.0.0-...-8edb961 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2020 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthCodeURL

func AuthCodeURL(state string) (string, error)

AuthCodeURL returns the URL for OIDC provider's consent page. The state should be verified when user is redirected back to Harbor.

func SetHardcodeVerifierForTest

func SetHardcodeVerifierForTest(s string)

SetHardcodeVerifierForTest overwrite the default secret manager for testing. Be reminded this is for testing only.

func VerifyAndPersistToken

func VerifyAndPersistToken(ctx context.Context, user *models.OIDCUser) error

VerifyAndPersistToken calls the manager to verify token and persist it if it's refreshed.

func VerifySecret

func VerifySecret(ctx context.Context, userID int, secret string) error

VerifySecret calls the manager to verify the secret.

func VerifyToken

func VerifyToken(ctx context.Context, rawIDToken string) (*gooidc.IDToken, error)

VerifyToken verifies the ID token based on the OIDC settings

Types

type SecretManager

type SecretManager interface {
	// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
	// refreshed during the verification
	VerifySecret(ctx context.Context, userID int, secret string) error
	// VerifyToken verifies the token in the model from parm,
	// and refreshes the token in the DB if it's refreshed during the verification.
	VerifyToken(ctx context.Context, user *models.OIDCUser) error
}

SecretManager is the interface for store and verify the secret

type SecretVerifyError

type SecretVerifyError struct {
	// contains filtered or unexported fields
}

SecretVerifyError wraps the different errors happened when verifying a secret for OIDC user. When seeing this error, the caller should consider this an authentication error.

func (*SecretVerifyError) Error

func (se *SecretVerifyError) Error() string

type Token

type Token struct {
	oauth2.Token
	IDToken string `json:"id_token"`
}

Token wraps the attributes of a oauth2 token plus the attribute of ID token

func ExchangeToken

func ExchangeToken(ctx context.Context, code string) (*Token, error)

ExchangeToken get the token from token provider via the code

func RefreshToken

func RefreshToken(ctx context.Context, token *Token) (*Token, error)

RefreshToken refreshes the token passed in parameter, and return the new token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL