method

package
v1.51.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2024 License: GPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const (
	StorageMetadataClaims  = "io.flipt.auth.claims"
	StorageMetadataEmail   = "io.flipt.auth.email"
	StorageMetadataName    = "io.flipt.auth.name"
	StorageMetadataPicture = "io.flipt.auth.picture"
)
View Source
const (
	ForwardedPrefixKey = "x-forwarded-prefix"
)

Variables

This section is empty.

Functions

func CallbackValidateState

func CallbackValidateState(ctx context.Context, state string) error

CallbackValidateState validates the state for the callback request on both OIDC and GitHub as an OAuth provider.

func ForwardCookies

func ForwardCookies(ctx context.Context, req *http.Request) metadata.MD

ForwardCookies parses particular http cookies (Flipts state and client token) and forwards them as grpc metadata entries. This allows us to abstract away http constructs from the internal gRPC implementation.

func ForwardPrefix added in v1.44.0

func ForwardPrefix(ctx context.Context, req *http.Request) metadata.MD

ForwardPrefix extracts the "X-Forwarded-Prefix" header from an HTTP request and forwards them as grpc metadata entries.

Types

type Middleware

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware contains various extensions for appropriate integration of the OIDC services behind gRPC gateway. This includes forwarding cookies as gRPC metadata, adapting callback responses to http cookies, and establishing appropriate state parameters for csrf provention during the oauth/oidc flow.

func NewHTTPMiddleware

func NewHTTPMiddleware(config config.AuthenticationSession) Middleware

NewHTTPMiddleware constructs and configures a new oidc HTTP middleware from the supplied authentication configuration struct.

func (Middleware) ForwardResponseOption

func (m Middleware) ForwardResponseOption(ctx context.Context, w http.ResponseWriter, resp proto.Message) error

ForwardResponseOption is a grpc gateway forward response option function implementation. The purpose of which is to intercept outgoing Callback operation responses. When intercepted the resulting clientToken is stripped from the response payload and instead added to a response header cookie (Set-Cookie). This ensures a secure browser session can be established. The user-agent is then redirected to the root of the domain.

func (Middleware) Handler

func (m Middleware) Handler(next http.Handler) http.Handler

Handler is a http middleware used to decorate the OIDC provider gateway handler. The middleware intercepts authorize attempts and automatically establishes an appropriate state parameter. It does so by wrapping any provided state parameter in a JSON object with an additional cryptographically-random generated security token. The payload is then encoded in base64 and added back to the state query param. The payload is then also encoded as a http cookie which is bound to the callback path.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL