auth

package

v1.26.1 Latest Latest Go to latest Published: Sep 9, 2023 License: GPL-3.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flipt-io/flipt

Links

Open Source Insights

Documentation ¶

Index ¶

func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context
func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp) grpc.UnaryServerInterceptor
func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication
func UnaryInterceptor(logger *zap.Logger, authenticator Authenticator, ...) grpc.UnaryServerInterceptor
func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]
type Actor
- func ActorFromContext(ctx context.Context) Actor
type Authenticator
type InterceptorOptions
type Middleware
- func NewHTTPMiddleware(config config.AuthenticationSession) *Middleware
- func (m Middleware) ErrorHandler(ctx context.Context, sm *runtime.ServeMux, ms runtime.Marshaler, ...)
- func (m Middleware) Handler(next http.Handler) http.Handler
type Option
- func WithAuditLoggingEnabled(enabled bool) Option
type Server
- func NewServer(logger *zap.Logger, store storageauth.Store, opts ...Option) *Server

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ContextWithAuthentication ¶ added in v1.21.0

func ContextWithAuthentication(ctx context.Context, a *authrpc.Authentication) context.Context

ContextWithAuthentication returns a context with the specified authentication

func EmailMatchingInterceptor ¶ added in v1.24.0

func EmailMatchingInterceptor(logger *zap.Logger, rgxs []*regexp.Regexp) grpc.UnaryServerInterceptor

EmailMatchingInterceptor is a grpc.UnaryServerInterceptor only used in the case where the user is using OIDC and wants to whitelist a group of users issuing operations against the Flipt server.

func GetAuthenticationFrom ¶

func GetAuthenticationFrom(ctx context.Context) *authrpc.Authentication

GetAuthenticationFrom is a utility for extracting an Authentication stored on a context.Context instance

func UnaryInterceptor ¶

func UnaryInterceptor(logger *zap.Logger, authenticator Authenticator, o ...containers.Option[InterceptorOptions]) grpc.UnaryServerInterceptor

UnaryInterceptor is a grpc.UnaryServerInterceptor which extracts a clientToken found within the authorization field on the incoming requests metadata. The fields value is expected to be in the form "Bearer <clientToken>".

func WithServerSkipsAuthentication ¶ added in v1.17.0

func WithServerSkipsAuthentication(server any) containers.Option[InterceptorOptions]

WithServerSkipsAuthentication can be used to configure an auth unary interceptor which skips authentication when the provided server instance matches the intercepted calls parent server instance. This allows the caller to registers servers which explicitly skip authentication (e.g. OIDC).

Types ¶

type Actor ¶ added in v1.21.0

type Actor map[string]string

Actor represents some metadata from the context for the audit event.

func ActorFromContext ¶ added in v1.21.0

func ActorFromContext(ctx context.Context) Actor

type Authenticator ¶

type Authenticator interface {
	GetAuthenticationByClientToken(ctx context.Context, clientToken string) (*authrpc.Authentication, error)
}

Authenticator is the minimum subset of an authentication provider required by the middleware to perform lookups for Authentication instances using a obtained clientToken.

type InterceptorOptions ¶ added in v1.17.0

type InterceptorOptions struct {
	// contains filtered or unexported fields
}

InterceptorOptions configure the UnaryInterceptor

type Middleware ¶ added in v1.18.0

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware contains various extensions for appropriate integration of the generic auth services behind gRPC gateway. This currently includes clearing the appropriate cookies on logout.

func NewHTTPMiddleware ¶ added in v1.18.0

func NewHTTPMiddleware(config config.AuthenticationSession) *Middleware

NewHTTPMiddleware constructs a new auth HTTP middleware.

func (Middleware) ErrorHandler ¶ added in v1.18.2

func (m Middleware) ErrorHandler(ctx context.Context, sm *runtime.ServeMux, ms runtime.Marshaler, w http.ResponseWriter, r *http.Request, err error)

ErrorHandler ensures cookies are cleared when cookie auth is attempted but leads to an unauthenticated response. This ensures well behaved user-agents won't attempt to supply the same token via a cookie again in a subsequent call.

func (Middleware) Handler ¶ added in v1.18.0

func (m Middleware) Handler(next http.Handler) http.Handler

Handler is a http middleware used to decorate the auth provider gateway handler. This is used to clear the appropriate cookies on logout.

type Option ¶ added in v1.21.0

type Option func(*Server)

func WithAuditLoggingEnabled ¶ added in v1.21.0

func WithAuditLoggingEnabled(enabled bool) Option

WithAuditLoggingEnabled sets the option for enabling audit logging for the auth server.

type Server ¶

type Server struct {
	auth.UnimplementedAuthenticationServiceServer
	// contains filtered or unexported fields
}

Server is the core AuthenticationServiceServer implementations.

It is the service which presents all Authentications created in the backing auth store.

func NewServer ¶

func NewServer(logger *zap.Logger, store storageauth.Store, opts ...Option) *Server

func (*Server) DeleteAuthentication ¶

func (s *Server) DeleteAuthentication(ctx context.Context, req *auth.DeleteAuthenticationRequest) (*emptypb.Empty, error)

DeleteAuthentication deletes the authentication with the supplied ID.

func (*Server) ExpireAuthenticationSelf ¶ added in v1.18.0

func (s *Server) ExpireAuthenticationSelf(ctx context.Context, req *auth.ExpireAuthenticationSelfRequest) (*emptypb.Empty, error)

ExpireAuthenticationSelf expires the Authentication which was derived from the request context. If no expire_at is provided, the current time is used. This is useful for logging out a user. If the expire_at is greater than the current expiry time, the expiry time is extended.

func (*Server) GetAuthentication ¶

func (s *Server) GetAuthentication(ctx context.Context, r *auth.GetAuthenticationRequest) (*auth.Authentication, error)

GetAuthentication returns the Authentication identified by the supplied id.

func (*Server) GetAuthenticationSelf ¶

func (s *Server) GetAuthenticationSelf(ctx context.Context, _ *emptypb.Empty) (*auth.Authentication, error)

GetAuthenticationSelf returns the Authentication which was derived from the request context.

func (*Server) ListAuthentications ¶

func (s *Server) ListAuthentications(ctx context.Context, r *auth.ListAuthenticationsRequest) (*auth.ListAuthenticationsResponse, error)

ListAuthentications produces a set of authentications for the provided method filter and pagination parameters.

func (*Server) RegisterGRPC ¶ added in v1.17.0

func (s *Server) RegisterGRPC(server *grpc.Server)

RegisterGRPC registers the server as an Server on the provided grpc server.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
method
github
kubernetes
kubernetes/testing
oidc
oidc/testing
token
public

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL