Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthFactor ¶ added in v2.7.0
type AuthResponse ¶ added in v2.7.0
type ErrorCauses ¶ added in v2.7.0
type ErrorCauses struct {
Summary string `json:"errorSummary"`
}
type ErrorResponse ¶ added in v2.7.0
type ErrorResponse struct {
Code string `json:"errorCode" validate:"required"`
Summary string `json:"errorSummary" validate:"required"`
Link string `json:"errorLink" validate:"required"`
Id string `json:"errorId" validate:"required"`
Causes []ErrorCauses `json:"errorCauses" validate:"required"`
}
type OktaAPIConfig ¶ added in v2.5.0
type OktaAPIConfig struct {
// Okta API server url, ie https://example.oktapreview.com
Url string
// Your (company's) Okta API token
Token string
// The suffix to be added to your users names:
// ie if UsernameSuffix = "example.com" and your user logs in with "dade.murphy"
// the validator will try to authenticate for "dade.murphy@example.com"
UsernameSuffix string
// A list of valid SSL public key fingerprint to validate the Okta API server certificate against
AssertPin []string
// Is MFA Required for all users. If yes and Okta authenticates the user without MFA (not configured)
// the validator will reject it.
MFARequired bool // default: false
// Do not require usernames to come from client-side SSL certificates
AllowUntrustedUsers bool // default: false
// Number of retries when waiting for MFA result
MFAPushMaxRetries int // default: 20
// Number of seconds to wait between MFA result retrieval tries
MFAPushDelaySeconds int // default: 3
// List (comma separated) of groups allowed to connect
AllowedGroups string
// If a passcode is provided and TOTP MFA fails, try Push MFA
TOTPFallbackToPush bool // default: false
}
Contains the configuration for the Okta API connection Those configuration options are read from api.ini
type OktaApiAuth ¶ added in v2.5.0
type OktaApiAuth struct {
ApiConfig *OktaAPIConfig
UserConfig *OktaUserConfig
// contains filtered or unexported fields
}
func (*OktaApiAuth) Auth ¶ added in v2.5.0
func (auth *OktaApiAuth) Auth() error
Do a full authentication transaction: preAuth, doAuth (when needed), cancelAuth (when needed) returns nil if has been validated by Okta API, an error otherwise
func (*OktaApiAuth) InitPool ¶ added in v2.5.0
func (auth *OktaApiAuth) InitPool() error
Prepare an http client with a safe TLS config validate the server public key against our list of pinned key fingerprint
func (*OktaApiAuth) Pool ¶ added in v2.5.0
func (auth *OktaApiAuth) Pool() *http.Client
only used by validator_test.go TODO: find a clean way to only export this for tests
type OktaGroup ¶ added in v2.7.0
type OktaGroup struct {
Id string `json:"id" validate:"required"`
Profile OktaGroupProfile `json:"profile" validate:"required"`
}
type OktaGroupProfile ¶ added in v2.7.0
type OktaGroupProfile struct {
Name string `json:"name" validate:"required"`
}
type OktaGroups ¶ added in v2.8.0
type OktaGroups struct {
Groups []OktaGroup `json:"groups" validate:"omitempty,dive"`
}
type OktaUserConfig ¶
User credentials and informations
type PreAuthEmbedded ¶ added in v2.7.0
type PreAuthEmbedded struct {
Factors []AuthFactor `json:"factors"`
}
type PreAuthResponse ¶ added in v2.7.0
type PreAuthResponse struct {
Status string `json:"status" validate:"required"`
Token string `json:"stateToken"`
Embedded PreAuthEmbedded `json:"_embedded"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.