auth

package

v1.20.1 Latest Latest Go to latest Published: Apr 27, 2023 License: GPL-3.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flipt-io/flipt

Links

Open Source Insights

Documentation ¶

Index ¶

func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
func UnaryInterceptor(logger *zap.Logger, authenticator Authenticator, ...) grpc.UnaryServerInterceptor
func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
type Authenticator
type InterceptorOptions
type Middleware
- func NewHTTPMiddleware(config config.AuthenticationSession) *Middleware
- func (m Middleware) ErrorHandler(ctx context.Context, sm *runtime.ServeMux, ms runtime.Marshaler, ...)
- func (m Middleware) Handler(next http.Handler) http.Handler
type Server
- func NewServer(logger *zap.Logger, store storageauth.Store) *Server

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetAuthenticationFrom ¶

func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication

GetAuthenticationFrom is a utility for extracting an Authentication stored on a context.Context instance

func UnaryInterceptor ¶

func UnaryInterceptor(logger *zap.Logger, authenticator Authenticator, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

UnaryInterceptor is a grpc.UnaryServerInterceptor which extracts a clientToken found within the authorization field on the incoming requests metadata. The fields value is expected to be in the form "Bearer <clientToken>".

func WithServerSkipsAuthentication ¶ added in v1.17.0

func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]

WithServerSkipsAuthentication can be used to configure an auth unary interceptor which skips authentication when the provided server instance matches the intercepted calls parent server instance. This allows the caller to registers servers which explicitly skip authentication (e.g. OIDC).

Types ¶

type Authenticator ¶

type Authenticator interface {
	GetAuthenticationByClientToken(ctx context.Context, clientToken string) (*authrpc.Authentication, error)
}

Authenticator is the minimum subset of an authentication provider required by the middleware to perform lookups for Authentication instances using a obtained clientToken.

type InterceptorOptions ¶ added in v1.17.0

type InterceptorOptions struct {
	// contains filtered or unexported fields
}

InterceptorOptions configure the UnaryInterceptor

type Middleware ¶ added in v1.18.0

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware contains various extensions for appropriate integration of the generic auth services behind gRPC gateway. This currently includes clearing the appropriate cookies on logout.

func NewHTTPMiddleware ¶ added in v1.18.0

func NewHTTPMiddleware(config config.AuthenticationSession) *Middleware

NewHTTPMiddleware constructs a new auth HTTP middleware.

func (Middleware) ErrorHandler ¶ added in v1.18.2

func (m Middleware) ErrorHandler(ctx context.Context, sm *runtime.ServeMux, ms runtime.Marshaler, w http.ResponseWriter, r *http.Request, err error)

ErrorHandler ensures cookies are cleared when cookie auth is attempted but leads to an unauthenticated response. This ensures well behaved user-agents won't attempt to supply the same token via a cookie again in a subsequent call.

func (Middleware) Handler ¶ added in v1.18.0

func (m Middleware) Handler(next http.Handler) http.Handler

Handler is a http middleware used to decorate the auth provider gateway handler. This is used to clear the appropriate cookies on logout.

type Server ¶

type Server struct {
	auth.UnimplementedAuthenticationServiceServer
	// contains filtered or unexported fields
}

Server is the core AuthenticationServiceServer implementations.

It is the service which presents all Authentications created in the backing auth store.

func NewServer ¶

func NewServer(logger *zap.Logger, store storageauth.Store) *Server

func (*Server) DeleteAuthentication ¶

func (s *Server) DeleteAuthentication(ctx context.Context, req *auth.DeleteAuthenticationRequest) (*emptypb.Empty, error)

DeleteAuthentication deletes the authentication with the supplied ID.

func (*Server) ExpireAuthenticationSelf ¶ added in v1.18.0

func (s *Server) ExpireAuthenticationSelf(ctx context.Context, req *auth.ExpireAuthenticationSelfRequest) (*emptypb.Empty, error)

ExpireAuthenticationSelf expires the Authentication which was derived from the request context. If no expire_at is provided, the current time is used. This is useful for logging out a user. If the expire_at is greater than the current expiry time, the expiry time is extended.

func (*Server) GetAuthentication ¶

func (s *Server) GetAuthentication(ctx context.Context, r *auth.GetAuthenticationRequest) (*auth.Authentication, error)

GetAuthentication returns the Authentication identified by the supplied id.

func (*Server) GetAuthenticationSelf ¶

func (s *Server) GetAuthenticationSelf(ctx context.Context, _ *emptypb.Empty) (*auth.Authentication, error)

GetAuthenticationSelf returns the Authentication which was derived from the request context.

func (*Server) ListAuthentications ¶

func (s *Server) ListAuthentications(ctx context.Context, r *auth.ListAuthenticationsRequest) (*auth.ListAuthenticationsResponse, error)

ListAuthentications produces a set of authentications for the provided method filter and pagination parameters.

func (*Server) RegisterGRPC ¶ added in v1.17.0

func (s *Server) RegisterGRPC(server *grpc.Server)

RegisterGRPC registers the server as an Server on the provided grpc server.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
method
kubernetes
kubernetes/testing
oidc
oidc/testing
token
public

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL