Documentation ¶
Index ¶
- Constants
- Variables
- func ContextFromAccessToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)
- func ContextFromSessionToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)
- func IsActivatedContext(ctx context.Context) bool
- func IsAdminContext(ctx context.Context) bool
- func IsAuthenticatedContext(ctx context.Context) bool
- func NewOAuthAuthorizationHandler(cfg oauth2.Config, pubKey ed25519.PublicKey, graph *ent.Client, ...) http.Handler
- func NewOAuthLoginHandler(cfg oauth2.Config, privKey ed25519.PrivateKey) http.Handler
- func NewTokenRedirectHandler() http.HandlerFunc
- func UserFromContext(ctx context.Context) *ent.User
- type Identity
Constants ¶
const ( OAuthCookieName = "oauth-state" SessionCookieName = "auth-session" )
const HeaderAPIAccessToken = "X-Tavern-Access-Token"
HeaderAPIAccessToken is the name of the header clients should set to authenticate with personal access tokens.
const ParamTokenRedirPort = "redir_port"
ParamNameAuthRedirPort is the name of the query parameter PAT requests must set to indicate which local port the client should be redirected to.
const ParamTokenRedirToken = "access_token"
ParamTokenRedirToken is the name of the query parameter CLI OAuth http servers should parse to receive the Tavern API personal access token.
Variables ¶
var ( ErrOAuthNoStatePresented = fmt.Errorf("no OAuth state presented") ErrOAuthNoCookieFound = fmt.Errorf("no OAuth cookie found") ErrOAuthInvalidCookie = fmt.Errorf("invalid OAuth cookie provided") ErrOAuthInvalidState = fmt.Errorf("presented OAuth state is invalid") ErrOAuthExchangeFailed = fmt.Errorf("failed to exchange authorization code for an access token from identity provider") ErrOAuthFailedToObtainProfileInfo = fmt.Errorf("failed to obtain profile information from identity provider") ErrOAuthFailedToParseProfileInfo = fmt.Errorf("failed to parse profile information returned by identity provider") ErrOAuthInvalidProfileInfo = fmt.Errorf("failed to parse profile information returned by identity provider") ErrOAuthFailedUserLookup = fmt.Errorf("failed to lookup user account") )
var ( // ErrPermissionDenied indicates the identity did not have sufficient permissions to perform an action. ErrPermissionDenied = fmt.Errorf("permission denied") )
Functions ¶
func ContextFromAccessToken ¶ added in v0.0.6
func ContextFromAccessToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)
ContextFromAccessToken returns a copy of parent context with a user Identity associated with it (if it exists).
func ContextFromSessionToken ¶
func ContextFromSessionToken(ctx context.Context, graph *ent.Client, token string) (context.Context, error)
ContextFromSessionToken returns a copy of parent context with a user Identity associated with it (if it exists).
func IsActivatedContext ¶
IsActivatedContext returns true if the context is associated with an activated identity, false otherwise.
func IsAdminContext ¶
IsAdminContext returns true if the context is associated with an admin identity, false otherwise.
func IsAuthenticatedContext ¶
IsAuthenticatedContext returns true if the context is associated with an authenticated identity, false otherwise.
func NewOAuthAuthorizationHandler ¶
func NewOAuthAuthorizationHandler(cfg oauth2.Config, pubKey ed25519.PublicKey, graph *ent.Client, profileURL string) http.Handler
NewOAuthAuthorizationHandler returns an http endpoint that validates the request was redirected from the identity provider after a consent flow and initializes a user session
func NewOAuthLoginHandler ¶
NewOAuthLoginHandler returns an http endpoint that redirects the user to the configured OAuth consent flow It will set a JWT in a cookie that will later be used to verify the OAuth state
func NewTokenRedirectHandler ¶ added in v0.0.6
func NewTokenRedirectHandler() http.HandlerFunc
NewTokenRedirectHandler returns a new http endpoint that redirects the requestor to http://127.0.0.1 at the port specified in the query parameters. This method requires an authenticated session, and will set the user's personal access token in the redirected URL query parameters intended for use by CLI applications authenticating to Tavern.
Types ¶
type Identity ¶
type Identity interface { // String representation of the identity, used for logging String() string // IsAuthenticated should only return true if the identity has been authenticated. IsAuthenticated() bool // IsActivated should only return true if the identity is allowed to make sensitive API requests. IsActivated() bool // IsAdmin should only return true if the identity represents an administrator. IsAdmin() bool }
An Identity making a request.
func IdentityFromContext ¶
IdentityFromContext returns the identity associated with the provided context, or nil if no identity is associated.