Documentation ¶
Index ¶
- Constants
- type Config
- type Consent
- type ConsentRequest
- type HelloRequest
- type HelloResponse
- type IdentifiedUser
- func (u *IdentifiedUser) BackendName() string
- func (u *IdentifiedUser) Claims() jwt.MapClaims
- func (u *IdentifiedUser) Email() string
- func (u *IdentifiedUser) EmailVerified() bool
- func (u *IdentifiedUser) ExternalAuthorityID() *string
- func (u *IdentifiedUser) FamilyName() string
- func (u *IdentifiedUser) GivenName() string
- func (u *IdentifiedUser) ID() int64
- func (u *IdentifiedUser) LoggedOn() (bool, time.Time)
- func (u *IdentifiedUser) LogonRef() *string
- func (u *IdentifiedUser) Name() string
- func (u *IdentifiedUser) ScopedClaims(authorizedScopes map[string]bool) jwt.MapClaims
- func (u *IdentifiedUser) SessionRef() *string
- func (u *IdentifiedUser) Subject() string
- func (u *IdentifiedUser) UniqueID() string
- func (u *IdentifiedUser) Username() string
- type Identifier
- func (i *Identifier) AddRoutes(ctx context.Context, router *mux.Router)
- func (i *Identifier) EndSession(ctx context.Context, user *IdentifiedUser, rw http.ResponseWriter, ...) (*url.URL, error)
- func (i *Identifier) ErrorPage(rw http.ResponseWriter, code int, title string, message string)
- func (i *Identifier) GetConsentFromConsentCookie(ctx context.Context, rw http.ResponseWriter, req *http.Request, state string) (*Consent, error)
- func (i *Identifier) GetStateFromStateCookie(ctx context.Context, rw http.ResponseWriter, req *http.Request, scope string, ...) (*StateData, error)
- func (i *Identifier) GetUserFromID(ctx context.Context, userID string, sessionRef *string) (*IdentifiedUser, error)
- func (i *Identifier) GetUserFromLogonCookie(ctx context.Context, req *http.Request, maxAge time.Duration, ...) (*IdentifiedUser, error)
- func (i *Identifier) Name() string
- func (i *Identifier) OnSetLogon(cb func(ctx context.Context, rw http.ResponseWriter, user identity.User) error) error
- func (i *Identifier) OnUnsetLogon(cb func(ctx context.Context, rw http.ResponseWriter) error) error
- func (i *Identifier) RegisterManagers(mgrs *managers.Managers) error
- func (i *Identifier) ScopesSupported() []string
- func (i *Identifier) ServeHTTP(rw http.ResponseWriter, req *http.Request)
- func (i *Identifier) SetConsentToConsentCookie(ctx context.Context, rw http.ResponseWriter, cr *ConsentRequest, ...) error
- func (i *Identifier) SetKey(key []byte) error
- func (i *Identifier) SetStateToStateCookie(ctx context.Context, rw http.ResponseWriter, scope string, sd *StateData) error
- func (i *Identifier) SetUserToLogonCookie(ctx context.Context, rw http.ResponseWriter, user *IdentifiedUser) error
- func (i *Identifier) UnsetLogonCookie(ctx context.Context, user *IdentifiedUser, rw http.ResponseWriter) error
- type LogonRequest
- type LogonResponse
- type StateData
- type StateRequest
- type StateResponse
- type TrampolinData
Constants ¶
const ( SessionIDClaim = "sid" LogonRefClaim = "lref" ExternalAuthorityIDClaim = "eaid" )
Additional claims as used by the identifier in its own tokens.
const ( // FlowOIDC is the string value for the oidc flow. FlowOIDC = "oidc" // FlowOAuth is the string value for the oauth flow. FlowOAuth = "oauth" // FlowConsent is the string value for the consent flow. FlowConsent = "consent" )
const ( // ModeLogonUsernameEmptyPasswordCookie is the logon mode which requires a // username which matches the currently signed in user in the cookie and an // empty password. ModeLogonUsernameEmptyPasswordCookie = "0" // ModeLogonUsernamePassword is the logon mode which requires a username // and a password. ModeLogonUsernamePassword = "1" )
const ( // MustBeSignedIn is a authorize mode which tells the authorization code, // that it is expected to have a signed in user and everything else should // be treated as error. MustBeSignedIn = "must" )
const (
ObsoleteUserClaimsClaim = "claims"
)
History claims previously used by the identifier in its own tokens.
const ( // StateModeEndSession is a state mode which selects end session specific // actions when processing state requests. StateModeEndSession = "0" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Config *config.Config BaseURI *url.URL LogonCookieName string ScopesConf string PathPrefix string StaticFolder string WebAppDisabled bool AuthorizationEndpointURI *url.URL SignedOutEndpointURI *url.URL Backend backends.Backend }
Config defines a Server's configuration settings.
type Consent ¶
Consent is the data received and sent to allow or cancel consent flows.
type ConsentRequest ¶
type ConsentRequest struct { State string `json:"state"` Allow bool `json:"allow"` RawScope string `json:"scope"` ClientID string `json:"client_id"` RawRedirectURI string `json:"redirect_uri"` Ref string `json:"ref"` Nonce string `json:"flow_nonce"` }
A ConsentRequest is the request data as sent to the consent endpoint.
type HelloRequest ¶
type HelloRequest struct { State string `json:"state"` Flow string `json:"flow"` RawScope string `json:"scope"` RawPrompt string `json:"prompt"` ClientID string `json:"client_id"` RawRedirectURI string `json:"redirect_uri"` RawIDTokenHint string `json:"id_token_hint"` RawMaxAge string `json:"max_age"` Scopes map[string]bool `json:"-"` Prompts map[string]bool `json:"-"` RedirectURI *url.URL `json:"-"` IDTokenHint *jwt.Token `json:"-"` MaxAge time.Duration `json:"-"` }
A HelloRequest is the request data as send to the hello endpoint.
type HelloResponse ¶
type HelloResponse struct { State string `json:"state"` Flow string `json:"flow"` Success bool `json:"success"` Username string `json:"username,omitempty"` DisplayName string `json:"displayName,omitempty"` Next string `json:"next,omitempty"` ContinueURI string `json:"continue_uri,omitempty"` Scopes map[string]bool `json:"scopes,omitempty"` ClientDetails *clients.Details `json:"client,omitempty"` Meta *meta.Meta `json:"meta,omitempty"` }
A HelloResponse holds a response as sent by the hello endpoint.
type IdentifiedUser ¶
type IdentifiedUser struct {
// contains filtered or unexported fields
}
A IdentifiedUser is a user with meta data.
func (*IdentifiedUser) BackendName ¶
func (u *IdentifiedUser) BackendName() string
BackendName returns the accociated users underlaying backend name.
func (*IdentifiedUser) Claims ¶
func (u *IdentifiedUser) Claims() jwt.MapClaims
Claims returns extra claims of the accociated user.
func (*IdentifiedUser) Email ¶
func (u *IdentifiedUser) Email() string
Email returns the associated users email field.
func (*IdentifiedUser) EmailVerified ¶
func (u *IdentifiedUser) EmailVerified() bool
EmailVerified returns trye if the associated users email field was verified.
func (*IdentifiedUser) ExternalAuthorityID ¶ added in v0.32.0
func (u *IdentifiedUser) ExternalAuthorityID() *string
func (*IdentifiedUser) FamilyName ¶
func (u *IdentifiedUser) FamilyName() string
FamilyName returns the associated users family name field.
func (*IdentifiedUser) GivenName ¶
func (u *IdentifiedUser) GivenName() string
GivenName returns the associated users given name field.
func (*IdentifiedUser) ID ¶
func (u *IdentifiedUser) ID() int64
ID returns the associated users numeric user id. If it is 0, it means that this user does not have a numeric ID. Do not use this field to identify a user - always use the subject instead. The numeric ID is kept for compatibility with systems which require user identification to be numeric.
func (*IdentifiedUser) LoggedOn ¶
func (u *IdentifiedUser) LoggedOn() (bool, time.Time)
LoggedOn returns true if the accociated user has a logonAt time set.
func (*IdentifiedUser) LogonRef ¶ added in v0.32.0
func (u *IdentifiedUser) LogonRef() *string
UserRef returns the accociated users underlaying logon reference.
func (*IdentifiedUser) Name ¶
func (u *IdentifiedUser) Name() string
Name returns the associated users name field. This is the display name of the accociated user.
func (*IdentifiedUser) ScopedClaims ¶
func (u *IdentifiedUser) ScopedClaims(authorizedScopes map[string]bool) jwt.MapClaims
ScopedClaims returns scope bound extra claims of the accociated user.
func (*IdentifiedUser) SessionRef ¶
func (u *IdentifiedUser) SessionRef() *string
SessionRef returns the accociated users underlaying session reference.
func (*IdentifiedUser) Subject ¶
func (u *IdentifiedUser) Subject() string
Subject returns the associated users subject field. The subject is the main authentication identifier of the user.
func (*IdentifiedUser) UniqueID ¶
func (u *IdentifiedUser) UniqueID() string
UniqueID returns the accociated users unique user id. When empty, then this user does not have a unique ID. This field can be used for unique user mapping to external systems which use the same authentication source as Konnect. The value depends entirely on the identifier backend.
func (*IdentifiedUser) Username ¶
func (u *IdentifiedUser) Username() string
Username returns the accociated users username. This might be different or the same as the subject, depending on the backend in use. If can also be empty, which means that the accociated user does not have a username.
type Identifier ¶
type Identifier struct { Config *Config // contains filtered or unexported fields }
Identifier defines a identification login area with its endpoints using a Kopano Core server as backend logon provider.
func NewIdentifier ¶
func NewIdentifier(c *Config) (*Identifier, error)
NewIdentifier returns a new Identifier.
func (*Identifier) AddRoutes ¶
func (i *Identifier) AddRoutes(ctx context.Context, router *mux.Router)
AddRoutes adds the endpoint routes of the accociated Identifier to the provided router with the provided context.
func (*Identifier) EndSession ¶ added in v0.32.0
func (i *Identifier) EndSession(ctx context.Context, user *IdentifiedUser, rw http.ResponseWriter, postRedirectURI *url.URL, state string) (*url.URL, error)
EndSession begins the process to end the session either directly or indirectly based on the provided user. It optionally returns an uri which shall be used as redirection target or an error.
func (*Identifier) ErrorPage ¶
func (i *Identifier) ErrorPage(rw http.ResponseWriter, code int, title string, message string)
ErrorPage writes a HTML error page to the provided ResponseWriter.
func (*Identifier) GetConsentFromConsentCookie ¶
func (i *Identifier) GetConsentFromConsentCookie(ctx context.Context, rw http.ResponseWriter, req *http.Request, state string) (*Consent, error)
GetConsentFromConsentCookie extract consent information for the provided request and the provide state.
func (*Identifier) GetStateFromStateCookie ¶ added in v0.30.0
func (i *Identifier) GetStateFromStateCookie(ctx context.Context, rw http.ResponseWriter, req *http.Request, scope string, state string) (*StateData, error)
GetStateFromStateCookie extracts state information for the provided request using the provided scope and state.
func (*Identifier) GetUserFromID ¶
func (i *Identifier) GetUserFromID(ctx context.Context, userID string, sessionRef *string) (*IdentifiedUser, error)
GetUserFromID looks up the user identified by the provided userID by requesting the associated backend.
func (*Identifier) GetUserFromLogonCookie ¶
func (i *Identifier) GetUserFromLogonCookie(ctx context.Context, req *http.Request, maxAge time.Duration, refreshSession bool) (*IdentifiedUser, error)
GetUserFromLogonCookie looks up the associated cookie name from the provided request, parses it and returns the user containing the information found in the coookie payload data.
func (*Identifier) Name ¶
func (i *Identifier) Name() string
Name returns the active identifiers backend's name.
func (*Identifier) OnSetLogon ¶
func (i *Identifier) OnSetLogon(cb func(ctx context.Context, rw http.ResponseWriter, user identity.User) error) error
OnSetLogon implements a way to register hooks whenever logon information is set by the accociated Identifier.
func (*Identifier) OnUnsetLogon ¶
func (i *Identifier) OnUnsetLogon(cb func(ctx context.Context, rw http.ResponseWriter) error) error
OnUnsetLogon implements a way to register hooks whenever logon information is set by the accociated Identifier.
func (*Identifier) RegisterManagers ¶
func (i *Identifier) RegisterManagers(mgrs *managers.Managers) error
RegisterManagers registers the provided managers,
func (*Identifier) ScopesSupported ¶
func (i *Identifier) ScopesSupported() []string
ScopesSupported return the scopes supported by the accociated Identifier.
func (*Identifier) ServeHTTP ¶
func (i *Identifier) ServeHTTP(rw http.ResponseWriter, req *http.Request)
ServeHTTP implements the http.Handler interface.
func (*Identifier) SetConsentToConsentCookie ¶
func (i *Identifier) SetConsentToConsentCookie(ctx context.Context, rw http.ResponseWriter, cr *ConsentRequest, consent *Consent) error
SetConsentToConsentCookie serializses the provided Consent using the provided ConsentRequest and sets it as cookie on the provided ReponseWriter.
func (*Identifier) SetKey ¶
func (i *Identifier) SetKey(key []byte) error
SetKey sets the provided key for the accociated identifier.
func (*Identifier) SetStateToStateCookie ¶ added in v0.30.0
func (i *Identifier) SetStateToStateCookie(ctx context.Context, rw http.ResponseWriter, scope string, sd *StateData) error
SetStateToStateCookie serializses the provided StateRequest and sets it as cookie on the provided ReponseWriter.
func (*Identifier) SetUserToLogonCookie ¶
func (i *Identifier) SetUserToLogonCookie(ctx context.Context, rw http.ResponseWriter, user *IdentifiedUser) error
SetUserToLogonCookie serializes the provided user into an encrypted string and sets it as cookie on the provided http.ResponseWriter.
func (*Identifier) UnsetLogonCookie ¶
func (i *Identifier) UnsetLogonCookie(ctx context.Context, user *IdentifiedUser, rw http.ResponseWriter) error
UnsetLogonCookie adds cookie remove headers to the provided http.ResponseWriter effectively implementing logout.
type LogonRequest ¶
type LogonRequest struct { State string `json:"state"` Params []string `json:"params"` Hello *HelloRequest `json:"hello"` }
A LogonRequest is the request data as sent to the logon endpoint
type LogonResponse ¶
type LogonResponse struct { Success bool `json:"success"` State string `json:"state"` Hello *HelloResponse `json:"hello"` }
A LogonResponse holds a response as sent by the logon endpoint.
type StateData ¶
type StateData struct { State string `json:"state"` Mode string `json:"mode,omitempty"` RawQuery string `json:"raw_query,omitempty"` ClientID string `json:"client_id"` Ref string `json:"ref,omitempty"` Extra map[string]interface{} `json:"extra,omitempty"` Trampolin *TrampolinData `json:"trampolin,omitempty"` }
StateData contains data bound to a state.
type StateRequest ¶
type StateRequest struct {
State string
}
A StateRequest is a general request with a state.
type StateResponse ¶
A StateResponse hilds a response as reply to a StateRequest.