authn

package
v0.0.0-...-9a5b211 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 1, 2023 License: MPL-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const AnonymousSubject = "system:anonymous"
View Source 
const Name = "datalift.service.authn"
View Source 
const StorageName = "datalift.service.authn.storage"

Variables

View Source 
var AlwaysAllowedMethods = []string{
	"/datalift.authn.v1.AuthnAPI/Callback",
	"/datalift.authn.v1.AuthnAPI/Login",
	"/datalift.healthcheck.v1.HealthcheckAPI/*",
}

AlwaysAllowedMethods is a list of method patterns that are always open and not blocked by authn or authz. TODO(maybe): convert this to an API annotation or make configurable on the middleware that use the list.

Functions

func ContextWithAnonymousClaims 

func ContextWithAnonymousClaims(ctx context.Context) context.Context

func ContextWithClaims 

func ContextWithClaims(ctx context.Context, claims *Claims) context.Context

func New 

func New(cfg *anypb.Any, logger *zap.Logger, scope tally.Scope) (service.Service, error)

func NewStorage 

func NewStorage(cfg *anypb.Any, logger *zap.Logger, scope tally.Scope) (service.Service, error)

Types

type Claims 

type Claims struct {
	*jwt.StandardClaims

	// Groups could be derived from the token or an external mapping.
	Groups []string `json:"grp,omitempty"`
}

Standardized representation of a user's claims.

func ClaimsFromContext 

func ClaimsFromContext(ctx context.Context) (*Claims, error)

func DefaultClaimsFromOIDCToken 

func DefaultClaimsFromOIDCToken(ctx context.Context, t *oidc.IDToken) (*Claims, error)

Extract claims from an OIDC token and return standard claims object. This could be configurable at a later date to support subjects with IDs other than email (e.g. GitHub ID).

type ClaimsConfig 

type ClaimsConfig struct {
	// contains filtered or unexported fields
}

func NewClaimsConfig 

func NewClaimsConfig(subjectClaimName string, groupsClaimName string) *ClaimsConfig

func (*ClaimsConfig) ClaimsFromOIDCToken 

func (cc *ClaimsConfig) ClaimsFromOIDCToken(ctx context.Context, t *oidc.IDToken) (*Claims, error)

type ClaimsContextKey 

type ClaimsContextKey struct{}

type ClaimsFromOIDCTokenFunc 

type ClaimsFromOIDCTokenFunc func(ctx context.Context, t *oidc.IDToken) (*Claims, error)

type Issuer 

type Issuer interface {
	// CreateToken creates a new OAuth2 for the provided subject with the provided expiration. If expiry is nil,
	// the token will never expire.
	CreateToken(ctx context.Context, subject string, tokenType authnmodulev1.CreateTokenRequest_TokenType, expiry *time.Duration) (token *oauth2.Token, err error)
	RefreshToken(ctx context.Context, token *oauth2.Token) (*oauth2.Token, error)
}

type OIDCProvider 

type OIDCProvider struct {
	// contains filtered or unexported fields
}

func WithClaimsFromOIDCTokenFunc 

func WithClaimsFromOIDCTokenFunc(p *OIDCProvider, fn ClaimsFromOIDCTokenFunc) *OIDCProvider

func (*OIDCProvider) CreateToken 

func (p *OIDCProvider) CreateToken(ctx context.Context, subject string, tokenType authnmodulev1.CreateTokenRequest_TokenType, expiry *time.Duration) (*oauth2.Token, error)

func (*OIDCProvider) Exchange 

func (p *OIDCProvider) Exchange(ctx context.Context, code string) (*oauth2.Token, error)

func (*OIDCProvider) GetAuthCodeURL 

func (p *OIDCProvider) GetAuthCodeURL(ctx context.Context, state string) (string, error)

func (*OIDCProvider) GetStateNonce 

func (p *OIDCProvider) GetStateNonce(redirectURL string) (string, error)

func (*OIDCProvider) Read 

func (p *OIDCProvider) Read(ctx context.Context, userID, provider string) (*oauth2.Token, error)

func (*OIDCProvider) RefreshToken 

func (p *OIDCProvider) RefreshToken(ctx context.Context, t *oauth2.Token) (*oauth2.Token, error)

Refresh the issuer token. If the provider token is not valid, refresh it. If any error occurs continue auth code flow.

func (*OIDCProvider) ValidateStateNonce 

func (p *OIDCProvider) ValidateStateNonce(state string) (string, error)

func (*OIDCProvider) Verify 

func (p *OIDCProvider) Verify(ctx context.Context, rawToken string) (*Claims, error)

type Provider 

type Provider interface {
	GetStateNonce(redirectURL string) (string, error)
	ValidateStateNonce(state string) (redirectURL string, err error)

	Verify(ctx context.Context, rawIDToken string) (*Claims, error)
	GetAuthCodeURL(ctx context.Context, state string) (string, error)
	Exchange(ctx context.Context, code string) (token *oauth2.Token, err error)
}

func NewOIDCProvider 

func NewOIDCProvider(ctx context.Context, config *authnv1.Config, tokenStorage Storage) (Provider, error)

type Service 

type Service interface {
	Issuer
	Provider
	TokenReader // Read calls are proxied through the IssuerProvider so the token can be refreshed if needed.
}

type Storage 

type Storage interface {
	TokenReader
	TokenStorer
}

type TokenReader 

type TokenReader interface {
	Read(ctx context.Context, userID, provider string) (*oauth2.Token, error)
}

type TokenStorer 

type TokenStorer interface {
	Store(ctx context.Context, userID, provider string, token *oauth2.Token) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.