Documentation ¶
Overview ¶
Package deprecated contains code that should not be used in new applications.
Index ¶
- Constants
- Variables
- type CookieAuthMethod
- func (m *CookieAuthMethod) Authenticate(ctx context.Context, r auth.RequestMetadata) (*auth.User, auth.Session, error)
- func (m *CookieAuthMethod) InstallHandlers(r *router.Router, base router.MiddlewareChain)
- func (m *CookieAuthMethod) LoginURL(ctx context.Context, dest string) (string, error)
- func (m *CookieAuthMethod) LogoutURL(ctx context.Context, dest string) (string, error)
- func (m *CookieAuthMethod) Warmup(ctx context.Context) (err error)
- type MemorySessionStore
- func (s *MemorySessionStore) CloseSession(ctx context.Context, sessionID string) error
- func (s *MemorySessionStore) GetSession(ctx context.Context, sessionID string) (*Session, error)
- func (s *MemorySessionStore) OpenSession(ctx context.Context, userID string, u *auth.User, exp time.Time) (string, error)
- type Session
- type SessionStore
- type Settings
Constants ¶
const SettingsKey = "openid_auth"
SettingsKey is key for OpenID settings (described by Settings struct) in settings store. See go.chromium.org/luci/server/settings.
Variables ¶
var ( // ErrNotConfigured is returned by various functions if OpenID settings are // not properly configured. ErrNotConfigured = errors.New("openid: not configured") )
Functions ¶
This section is empty.
Types ¶
type CookieAuthMethod ¶
type CookieAuthMethod struct { // SessionStore keeps user sessions in some permanent storage. Must be set, // otherwise all methods return ErrNotConfigured. SessionStore SessionStore // Insecure is true to allow http:// URLs and non-https cookies. Useful for // local development. Insecure bool // IncompatibleCookies is a list of cookies to remove when setting or clearing // session cookie. It is useful to get rid of GAE cookies when OpenID cookies // are being used. Having both is very confusing. IncompatibleCookies []string }
CookieAuthMethod implements auth.Method and auth.UsersAPI and can be used as one of authentication method in auth.Authenticator. It is using OpenID for login flow, stores session ID in cookies, and session itself in supplied SessionStore.
It requires some routes to be added to the router. Use exact same instance of CookieAuthMethod in auth.Authenticator and when adding routes via InstallHandlers.
DEPRECATED. Do not use.
func (*CookieAuthMethod) Authenticate ¶
func (m *CookieAuthMethod) Authenticate(ctx context.Context, r auth.RequestMetadata) (*auth.User, auth.Session, error)
Authenticate extracts peer's identity from the incoming request. It is part of auth.Method interface.
func (*CookieAuthMethod) InstallHandlers ¶
func (m *CookieAuthMethod) InstallHandlers(r *router.Router, base router.MiddlewareChain)
InstallHandlers installs HTTP handlers used in OpenID protocol. Must be installed in server HTTP router for OpenID authentication flow to work.
Implements auth.HasHandlers.
func (*CookieAuthMethod) LoginURL ¶
LoginURL returns a URL that, when visited, prompts the user to sign in, then redirects the user to the URL specified by dest. It is part of auth.UsersAPI interface.
type MemorySessionStore ¶
type MemorySessionStore struct {
// contains filtered or unexported fields
}
MemorySessionStore implement SessionStore.
func (*MemorySessionStore) CloseSession ¶
func (s *MemorySessionStore) CloseSession(ctx context.Context, sessionID string) error
CloseSession closes a session given its ID. Does nothing if session is already closed or doesn't exist. Returns only transient errors.
func (*MemorySessionStore) GetSession ¶
GetSession returns existing non-expired session given its ID. Returns nil if session doesn't exist, closed or expired. Returns only transient errors.
type Session ¶
type Session struct { SessionID string // same as `sessionID` passed to GetSession() UserID string // authentication provider specific user id User auth.User // user profile, including identity string Exp time.Time // when the session expires }
Session is returned by SessionStore.GetSession(...).
type SessionStore ¶
type SessionStore interface { // OpenSession create a new session for a user with given expiration time. // It returns unique session ID. OpenSession(ctx context.Context, userID string, u *auth.User, exp time.Time) (string, error) // CloseSession closes a session given its ID. Does nothing if session is // already closed or doesn't exist. Returns only transient errors. CloseSession(ctx context.Context, sessionID string) error // GetSession returns existing non-expired session given its ID. Returns nil // if session doesn't exist, closed or expired. Returns only transient errors. GetSession(ctx context.Context, sessionID string) (*Session, error) }
SessionStore keeps user sessions in some permanent storage. SessionStore is used by some authentication methods (e.g. openid.AuthMethod).
type Settings ¶
type Settings struct { // DiscoveryURL is where to grab discovery document with provider's config. // Use `https://accounts.google.com/.well-known/openid-configuration` for // Google OpenID Connect provider. DiscoveryURL string `json:"discovery_url"` // ClientID identifies OAuth2 Web client representing the application. Create // one in Cloud Console if using Google OpenID Connect provider. ClientID string `json:"client_id"` // ClientSecret is a secret associated with ClientID. ClientSecret string `json:"client_secret"` // RedirectURI must be `https://<apphost>/auth/openid/callback`. It is stored // in config explicitly to remind admin that OAuth2 client in Cloud Console // must be configured accordingly. RedirectURI string `json:"redirect_uri"` }
Settings contain parameters of OpenID protocol. They are stored in app settings store under SettingsKey key.