sso

package
v1.120.0-rc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2025 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// Error is the default error class for the package.
	Error = errs.Class("sso")
	// ErrInvalidProvider is returned when the provider is invalid.
	ErrInvalidProvider = errs.Class("sso:invalid provider")
	// ErrInvalidCode is returned when the auth code is invalid.
	ErrInvalidCode = errs.Class("sso:invalid auth code")
	// ErrNoIdToken is returned when the ID token is missing.
	ErrNoIdToken = errs.Class("sso:missing ID token")
	// ErrTokenVerification is returned when the token verification fails.
	ErrTokenVerification = errs.Class("sso:failed token verification")
	// ErrInvalidState is returned when the state is invalid not what was expected.
	ErrInvalidState = errs.Class("sso:invalid state")
	// ErrInvalidEmail is returned when the email given by sso provider is invalid.
	ErrInvalidEmail = errs.Class("sso:invalid email")
	// ErrInvalidClaims is returned when the claims fail to be parsed.
	ErrInvalidClaims = errs.Class("sso:invalid claims")

	// MicrosoftEntraUrlHost is the host of the Microsoft Entra provider.
	MicrosoftEntraUrlHost = "microsoftonline.com"
)

Functions

This section is empty.

Types

type Config

type Config struct {
	Enabled               bool                  `help:"whether SSO is enabled." default:"false"`
	OidcProviderInfos     OidcProviderInfos     `help:"semicolon-separated provider:client-id,client-secret,provider-url." default:""`
	EmailProviderMappings EmailProviderMappings `help:"semicolon-separated provider:email-regex as provided in oidc-provider-infos." default:""`
	MockSso               bool                  `help:"whether to mock SSO for testing purposes. This should never be true in production." default:"false" hidden:"true"`
	MockEmail             string                `help:"mock email for successful SSO auth for testing purposes." default:"" hidden:"true"`
}

Config is a configuration struct for SSO.

type EmailProviderMappings

type EmailProviderMappings struct {
	Values map[string]regexp.Regexp
}

EmailProviderMappings is a map of sso provider to email regex.

func (*EmailProviderMappings) Set

func (epm *EmailProviderMappings) Set(s string) error

Set email provider mappings to a provided parsed string.

func (*EmailProviderMappings) String

func (epm *EmailProviderMappings) String() string

func (EmailProviderMappings) Type

Type returns the type of the pflag.Value.

type MockOidcConfiguration added in v1.118.4

type MockOidcConfiguration struct {
	RedirectURL string
}

MockOidcConfiguration is a fake OIDC configuration for testing purposes.

func (*MockOidcConfiguration) AuthCodeURL added in v1.118.4

func (c *MockOidcConfiguration) AuthCodeURL(state string, _ ...oauth2.AuthCodeOption) string

AuthCodeURL returns the redirect URL of the satellite with the code and state, simulating a successful authentication.

func (*MockOidcConfiguration) Client added in v1.118.4

Client returns a new http client.

func (*MockOidcConfiguration) Exchange added in v1.118.4

Exchange simulates the exchange of the code for a token.

func (*MockOidcConfiguration) PasswordCredentialsToken added in v1.118.4

func (c *MockOidcConfiguration) PasswordCredentialsToken(_ context.Context, _, _ string) (*oauth2.Token, error)

PasswordCredentialsToken simulates the exchange of the username and password for a token.

type MockVerifier added in v1.118.4

type MockVerifier struct{}

MockVerifier is a fake verifier for testing purposes.

func (*MockVerifier) Verify added in v1.118.4

func (v *MockVerifier) Verify(_ context.Context, _ string) (*goOIDC.IDToken, error)

Verify simulates the verification of an OIDC token.

type OidcConfiguration added in v1.118.4

type OidcConfiguration interface {
	AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
	PasswordCredentialsToken(ctx context.Context, username, password string) (*oauth2.Token, error)
	Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error)
	Client(ctx context.Context, t *oauth2.Token) *http.Client
}

OidcConfiguration is an interface for OIDC configuration.

type OidcProviderInfo

type OidcProviderInfo struct {
	ClientID     string
	ClientSecret string
	ProviderURL  url.URL
}

OidcProviderInfo contains the information needed to connect to an OIDC provider.

type OidcProviderInfos

type OidcProviderInfos struct {
	Values map[string]OidcProviderInfo
}

OidcProviderInfos is a map of SSO providers to OIDC provider infos.

func (*OidcProviderInfos) Set

func (si *OidcProviderInfos) Set(s string) error

Set OIDC provider infos to the parsed string.

func (*OidcProviderInfos) String

func (si *OidcProviderInfos) String() string

func (OidcProviderInfos) Type

func (OidcProviderInfos) Type() string

Type returns the type of the pflag.Value.

type OidcSetup

type OidcSetup struct {
	Config   OidcConfiguration
	Verifier OidcTokenVerifier
	Url      string
}

OidcSetup contains the configuration and Verifier for an OIDC provider.

type OidcSsoClaims

type OidcSsoClaims struct {
	Sub               string `json:"sub"`
	Oid               string `json:"oid"`
	PreferredUsername string `json:"preferred_username"`
	Email             string `json:"email"`
	Name              string `json:"name"`
}

OidcSsoClaims holds info for OIDC token claims.

type OidcTokenVerifier added in v1.118.4

type OidcTokenVerifier interface {
	Verify(ctx context.Context, rawIDToken string) (*goOIDC.IDToken, error)
}

OidcTokenVerifier is an interface for verifying OIDC tokens.

type Service

type Service struct {
	// contains filtered or unexported fields
}

Service is a Service for managing SSO.

func NewService

func NewService(satelliteAddress string, tokens *consoleauth.Service, config Config) *Service

NewService creates a new Service.

func (*Service) GetOidcSetupByProvider

func (s *Service) GetOidcSetupByProvider(ctx context.Context, provider string) *OidcSetup

GetOidcSetupByProvider returns the OIDC setup for the given provider.

func (*Service) GetProviderByEmail

func (s *Service) GetProviderByEmail(email string) string

GetProviderByEmail returns the provider for the given email.

func (*Service) GetSsoStateFromEmail added in v1.118.4

func (s *Service) GetSsoStateFromEmail(email string) (string, error)

GetSsoStateFromEmail returns a signed string derived from the email address.

func (*Service) Initialize

func (s *Service) Initialize(ctx context.Context) (err error)

Initialize initializes the OIDC providers.

func (*Service) VerifySso added in v1.118.4

func (s *Service) VerifySso(ctx context.Context, provider, state, code string) (_ *OidcSsoClaims, err error)

VerifySso verifies the SSO code as state against a provider.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL