Documentation ¶
Overview ¶
Package external implements an OAuth flow with an external identity provider
Index ¶
- func NewExternalOAuthRedirector(provider Provider, state State, redirectURL string, ...) (handlers.AuthenticationRedirector, http.Handler, error)
- func NewOAuthPasswordAuthenticator(provider Provider, mapper authapi.UserIdentityMapper) (authenticator.Password, error)
- type Handler
- type Provider
- type RedirectorState
- type State
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewExternalOAuthRedirector ¶
func NewExternalOAuthRedirector(provider Provider, state State, redirectURL string, success handlers.AuthenticationSuccessHandler, errorHandler handlers.AuthenticationErrorHandler, mapper authapi.UserIdentityMapper) (handlers.AuthenticationRedirector, http.Handler, error)
func NewOAuthPasswordAuthenticator ¶ added in v1.3.0
func NewOAuthPasswordAuthenticator(provider Provider, mapper authapi.UserIdentityMapper) (authenticator.Password, error)
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler exposes an external oauth provider flow (including the call back) as an oauth.handlers.AuthenticationHandler to allow our internal oauth server to use an external oauth provider for authentication
func (*Handler) AuthenticatePassword ¶ added in v1.3.0
func (*Handler) AuthenticationRedirect ¶
AuthenticationRedirect implements oauth.handlers.RedirectAuthHandler
type Provider ¶
type Provider interface { // NewConfig returns a client information that allows a standard oauth client to communicate with external oauth NewConfig() (*osincli.ClientConfig, error) // GetTransport returns the transport to use for server-to-server calls. If nil is returned, http.DefaultTransport is used. GetTransport() (http.RoundTripper, error) // AddCustomParameters allows an external oauth provider to provide parameters that are extension to the spec. Some providers require this. AddCustomParameters(*osincli.AuthorizeRequest) // GetUserIdentity takes the external oauth token information this and returns the user identity, isAuthenticated, and error GetUserIdentity(*osincli.AccessData) (authapi.UserIdentityInfo, bool, error) }
Provider encapsulates the URLs, configuration, any custom authorize request parameters, and the method for transforming an access token into an identity, for an external OAuth provider.
type RedirectorState ¶
type RedirectorState interface { State handlers.AuthenticationSuccessHandler handlers.AuthenticationErrorHandler }
RedirectorState combines state generation/verification with redirections on authentication success and error
func CSRFRedirectingState ¶
func CSRFRedirectingState(csrf csrf.CSRF) RedirectorState
type State ¶
type State interface { Generate(w http.ResponseWriter, req *http.Request) (string, error) Check(state string, req *http.Request) (bool, error) }
State handles generating and verifying the state parameter round-tripped to an external OAuth flow. Examples: CSRF protection, post authentication redirection