deprecated

package
v0.0.0-...-d3da680 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 4, 2024 License: Apache-2.0 Imports: 20 Imported by: 1

Documentation

Overview

Package deprecated contains code that should not be used in new applications.

Index

Constants

View Source
const SettingsKey = "openid_auth"

SettingsKey is key for OpenID settings (described by Settings struct) in settings store. See go.chromium.org/luci/server/settings.

Variables

View Source
var (
	// ErrNotConfigured is returned by various functions if OpenID settings are
	// not properly configured.
	ErrNotConfigured = errors.New("openid: not configured")
)

Functions

This section is empty.

Types

type CookieAuthMethod

type CookieAuthMethod struct {
	// SessionStore keeps user sessions in some permanent storage. Must be set,
	// otherwise all methods return ErrNotConfigured.
	SessionStore SessionStore

	// Insecure is true to allow http:// URLs and non-https cookies. Useful for
	// local development.
	Insecure bool

	// IncompatibleCookies is a list of cookies to remove when setting or clearing
	// session cookie. It is useful to get rid of GAE cookies when OpenID cookies
	// are being used. Having both is very confusing.
	IncompatibleCookies []string
}

CookieAuthMethod implements auth.Method and auth.UsersAPI and can be used as one of authentication method in auth.Authenticator. It is using OpenID for login flow, stores session ID in cookies, and session itself in supplied SessionStore.

It requires some routes to be added to the router. Use exact same instance of CookieAuthMethod in auth.Authenticator and when adding routes via InstallHandlers.

DEPRECATED. Do not use.

func (*CookieAuthMethod) Authenticate

Authenticate extracts peer's identity from the incoming request. It is part of auth.Method interface.

func (*CookieAuthMethod) InstallHandlers

func (m *CookieAuthMethod) InstallHandlers(r *router.Router, base router.MiddlewareChain)

InstallHandlers installs HTTP handlers used in OpenID protocol. Must be installed in server HTTP router for OpenID authentication flow to work.

Implements auth.HasHandlers.

func (*CookieAuthMethod) LoginURL

func (m *CookieAuthMethod) LoginURL(ctx context.Context, dest string) (string, error)

LoginURL returns a URL that, when visited, prompts the user to sign in, then redirects the user to the URL specified by dest. It is part of auth.UsersAPI interface.

func (*CookieAuthMethod) LogoutURL

func (m *CookieAuthMethod) LogoutURL(ctx context.Context, dest string) (string, error)

LogoutURL returns a URL that, when visited, signs the user out, then redirects the user to the URL specified by dest. It is part of auth.UsersAPI interface.

func (*CookieAuthMethod) Warmup

func (m *CookieAuthMethod) Warmup(ctx context.Context) (err error)

Warmup prepares local caches. It's optional.

Implements auth.Warmable.

type MemorySessionStore

type MemorySessionStore struct {
	// contains filtered or unexported fields
}

MemorySessionStore implement SessionStore.

func (*MemorySessionStore) CloseSession

func (s *MemorySessionStore) CloseSession(ctx context.Context, sessionID string) error

CloseSession closes a session given its ID. Does nothing if session is already closed or doesn't exist. Returns only transient errors.

func (*MemorySessionStore) GetSession

func (s *MemorySessionStore) GetSession(ctx context.Context, sessionID string) (*Session, error)

GetSession returns existing non-expired session given its ID. Returns nil if session doesn't exist, closed or expired. Returns only transient errors.

func (*MemorySessionStore) OpenSession

func (s *MemorySessionStore) OpenSession(ctx context.Context, userID string, u *auth.User, exp time.Time) (string, error)

OpenSession create a new session for a user with given expiration time. It returns unique session ID.

type Session

type Session struct {
	SessionID string    // same as `sessionID` passed to GetSession()
	UserID    string    // authentication provider specific user id
	User      auth.User // user profile, including identity string
	Exp       time.Time // when the session expires
}

Session is returned by SessionStore.GetSession(...).

type SessionStore

type SessionStore interface {
	// OpenSession create a new session for a user with given expiration time.
	// It returns unique session ID.
	OpenSession(ctx context.Context, userID string, u *auth.User, exp time.Time) (string, error)

	// CloseSession closes a session given its ID. Does nothing if session is
	// already closed or doesn't exist. Returns only transient errors.
	CloseSession(ctx context.Context, sessionID string) error

	// GetSession returns existing non-expired session given its ID. Returns nil
	// if session doesn't exist, closed or expired. Returns only transient errors.
	GetSession(ctx context.Context, sessionID string) (*Session, error)
}

SessionStore keeps user sessions in some permanent storage. SessionStore is used by some authentication methods (e.g. openid.AuthMethod).

type Settings

type Settings struct {
	// DiscoveryURL is where to grab discovery document with provider's config.
	// Use `https://accounts.google.com/.well-known/openid-configuration` for
	// Google OpenID Connect provider.
	DiscoveryURL string `json:"discovery_url"`

	// ClientID identifies OAuth2 Web client representing the application. Create
	// one in Cloud Console if using Google OpenID Connect provider.
	ClientID string `json:"client_id"`

	// ClientSecret is a secret associated with ClientID.
	ClientSecret string `json:"client_secret"`

	// RedirectURI must be `https://<apphost>/auth/openid/callback`. It is stored
	// in config explicitly to remind admin that OAuth2 client in Cloud Console
	// must be configured accordingly.
	RedirectURI string `json:"redirect_uri"`
}

Settings contain parameters of OpenID protocol. They are stored in app settings store under SettingsKey key.

func FetchOpenIDSettings

func FetchOpenIDSettings(ctx context.Context) (*Settings, error)

FetchOpenIDSettings fetches OpenID configuration from the settings store.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL