auth

package
v10.221.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2019 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CallbackResponse

type CallbackResponse struct {
	Cookie    *http.Cookie
	Status    int
	OriginURL string
	Data      string
	Message   string
}

CallbackResponse captures all the response data of the call back processing.

type Processor

type Processor struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Processor holds all the local data of the authorization engine. A processor can handle authorization for multiple services. The goal is to authenticate a request based on both service and user credentials.

func NewProcessor

func NewProcessor(s secrets.Secrets, trustedCertificate *x509.Certificate) *Processor

NewProcessor creates an auth processor with PKI user tokens. The caller must provide a valid secrets structure and an optional list of trustedCertificates that can be used to validate tokens. If the list is empty, the CA from the secrets will be used for token validation.

func (*Processor) AddOrUpdateService

func (p *Processor) AddOrUpdateService(apis *urisearch.APICache, serviceType policy.UserAuthorizationTypeValues, handler usertokens.Verifier, mappings map[string]string)

AddOrUpdateService adds or replaces a service in the authorization db.

func (*Processor) Callback

func (p *Processor) Callback(ctx context.Context, u *url.URL) (*CallbackResponse, error)

Callback is function called by and IDP auth provider will exchange the provided authorization code with a JWT token. This closes the Oauth loop.

func (*Processor) Check

func (p *Processor) Check(method, uri string, claims []string) (bool, bool)

Check is the main method that will search API cache and validate whether the call should be allowed. It returns two values. If the access is allowed, and whether the access public or not. This allows callers to decide what to do when there is a failure, and potentially issue a redirect.

func (*Processor) DecodeAporetoClaims

func (p *Processor) DecodeAporetoClaims(aporetoToken string, publicKey string) (string, []string, error)

DecodeAporetoClaims decodes the Aporeto claims

func (*Processor) DecodeUserClaims

func (p *Processor) DecodeUserClaims(ctx context.Context, name, userToken string, certs []*x509.Certificate) ([]string, bool, string, error)

DecodeUserClaims decodes the user claims with the user authorization method.

func (*Processor) RedirectURI

func (p *Processor) RedirectURI(originURL string) string

RedirectURI returns the redirect URI in order to start the authentication dance.

func (*Processor) RetrieveServiceHandler

func (p *Processor) RetrieveServiceHandler() (usertokens.Verifier, error)

RetrieveServiceHandler will retrieve the service that is stored in the serviceMap

func (*Processor) UpdateRequestHeaders

func (p *Processor) UpdateRequestHeaders(h http.Header, claims []string)

UpdateRequestHeaders will update the request headers based on the user claims and the corresponding mappings.

func (*Processor) UpdateSecrets

func (p *Processor) UpdateSecrets(s secrets.Secrets, trustedCertificate *x509.Certificate)

UpdateSecrets will update the Aporeto secrets for the validation of the Aporeto tokens.

func (*Processor) UpdateServiceAPIs

func (p *Processor) UpdateServiceAPIs(apis *urisearch.APICache) error

UpdateServiceAPIs updates an existing service with a new API definition.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL