Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DynamicTLSCertProvider ¶
type DynamicTLSCertProvider interface {
SetIssuerHostToTLSCertMap(issuerToJWKSMap map[string]*tls.Certificate)
SetDefaultTLSCert(certificate *tls.Certificate)
GetTLSCert(lowercaseIssuerHostName string) *tls.Certificate
GetDefaultTLSCert() *tls.Certificate
}
func NewDynamicTLSCertProvider ¶
func NewDynamicTLSCertProvider() DynamicTLSCertProvider
type DynamicUpstreamIDPProvider ¶ added in v0.3.0
type DynamicUpstreamIDPProvider interface {
SetOIDCIdentityProviders(oidcIDPs []UpstreamOIDCIdentityProviderI)
GetOIDCIdentityProviders() []UpstreamOIDCIdentityProviderI
SetLDAPIdentityProviders(ldapIDPs []UpstreamLDAPIdentityProviderI)
GetLDAPIdentityProviders() []UpstreamLDAPIdentityProviderI
}
func NewDynamicUpstreamIDPProvider ¶ added in v0.3.0
func NewDynamicUpstreamIDPProvider() DynamicUpstreamIDPProvider
type FederationDomainIssuer ¶ added in v0.3.0
type FederationDomainIssuer struct {
// contains filtered or unexported fields
}
FederationDomainIssuer represents all of the settings and state for a downstream OIDC provider as defined by a FederationDomain.
func NewFederationDomainIssuer ¶ added in v0.3.0
func NewFederationDomainIssuer(issuer string) (*FederationDomainIssuer, error)
func (*FederationDomainIssuer) Issuer ¶ added in v0.3.0
func (p *FederationDomainIssuer) Issuer() string
func (*FederationDomainIssuer) IssuerHost ¶ added in v0.3.0
func (p *FederationDomainIssuer) IssuerHost() string
func (*FederationDomainIssuer) IssuerPath ¶ added in v0.3.0
func (p *FederationDomainIssuer) IssuerPath() string
type UpstreamLDAPIdentityProviderI ¶ added in v0.9.0
type UpstreamLDAPIdentityProviderI interface {
// A name for this upstream provider.
GetName() string
// Return a URL which uniquely identifies this LDAP provider, e.g. "ldaps://host.example.com:1234".
// This URL is not used for connecting to the provider, but rather is used for creating a globally unique user
// identifier by being combined with the user's UID, since user UIDs are only unique within one provider.
GetURL() *url.URL
// A method for performing user authentication against the upstream LDAP provider.
authenticators.UserAuthenticator
}
type UpstreamOIDCIdentityProviderI ¶ added in v0.3.0
type UpstreamOIDCIdentityProviderI interface {
// A name for this upstream provider, which will be used as a component of the path for the callback endpoint
// hosted by the Supervisor.
GetName() string
// The Oauth client ID registered with the upstream provider to be used in the authorization code flow.
GetClientID() string
// The Authorization Endpoint fetched from discovery.
GetAuthorizationURL() *url.URL
// Scopes to request in authorization flow.
GetScopes() []string
// ID Token username claim name. May return empty string, in which case we will use some reasonable defaults.
GetUsernameClaim() string
// ID Token groups claim name. May return empty string, in which case we won't try to read groups from the upstream provider.
GetGroupsClaim() string
// Performs upstream OIDC authorization code exchange and token validation.
// Returns the validated raw tokens as well as the parsed claims of the ID token.
ExchangeAuthcodeAndValidateTokens(
ctx context.Context,
authcode string,
pkceCodeVerifier pkce.Code,
expectedIDTokenNonce nonce.Nonce,
redirectURI string,
) (*oidctypes.Token, error)
ValidateToken(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce) (*oidctypes.Token, error)
}
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package formposthtml defines HTML templates used by the Supervisor.
|
Package formposthtml defines HTML templates used by the Supervisor. |
Click to show internal directories.
Click to hide internal directories.