Documentation ¶
Index ¶
- Variables
- type Config
- type EmailProviderMappings
- type MockOidcConfiguration
- func (c *MockOidcConfiguration) AuthCodeURL(state string, _ ...oauth2.AuthCodeOption) string
- func (c *MockOidcConfiguration) Client(_ context.Context, _ *oauth2.Token) *http.Client
- func (c *MockOidcConfiguration) Exchange(_ context.Context, _ string, _ ...oauth2.AuthCodeOption) (*oauth2.Token, error)
- func (c *MockOidcConfiguration) PasswordCredentialsToken(_ context.Context, _, _ string) (*oauth2.Token, error)
- type MockVerifier
- type OidcConfiguration
- type OidcProviderInfo
- type OidcProviderInfos
- type OidcSetup
- type OidcSsoClaims
- type OidcTokenVerifier
- type Service
- func (s *Service) GetOidcSetupByProvider(ctx context.Context, provider string) *OidcSetup
- func (s *Service) GetProviderByEmail(email string) string
- func (s *Service) GetSsoStateFromEmail(email string) (string, error)
- func (s *Service) Initialize(ctx context.Context) (err error)
- func (s *Service) VerifySso(ctx context.Context, provider, state, code string) (_ *OidcSsoClaims, err error)
Constants ¶
This section is empty.
Variables ¶
var ( // Error is the default error class for the package. Error = errs.Class("sso") // ErrInvalidProvider is returned when the provider is invalid. ErrInvalidProvider = errs.Class("sso:invalid provider") // ErrInvalidCode is returned when the auth code is invalid. ErrInvalidCode = errs.Class("sso:invalid auth code") // ErrNoIdToken is returned when the ID token is missing. ErrNoIdToken = errs.Class("sso:missing ID token") // ErrTokenVerification is returned when the token verification fails. ErrTokenVerification = errs.Class("sso:failed token verification") // ErrInvalidState is returned when the state is invalid not what was expected. ErrInvalidState = errs.Class("sso:invalid state") // ErrInvalidEmail is returned when the email given by sso provider is invalid. ErrInvalidEmail = errs.Class("sso:invalid email") // ErrInvalidClaims is returned when the claims fail to be parsed. ErrInvalidClaims = errs.Class("sso:invalid claims") // MicrosoftEntraUrlHost is the host of the Microsoft Entra provider. MicrosoftEntraUrlHost = "microsoftonline.com" )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Enabled bool `help:"whether SSO is enabled." default:"false"` OidcProviderInfos OidcProviderInfos `help:"semicolon-separated provider:client-id,client-secret,provider-url." default:""` EmailProviderMappings EmailProviderMappings `help:"semicolon-separated provider:email-regex as provided in oidc-provider-infos." default:""` MockSso bool `help:"whether to mock SSO for testing purposes. This should never be true in production." default:"false" hidden:"true"` MockEmail string `help:"mock email for successful SSO auth for testing purposes." default:"" hidden:"true"` }
Config is a configuration struct for SSO.
type EmailProviderMappings ¶
EmailProviderMappings is a map of sso provider to email regex.
func (*EmailProviderMappings) Set ¶
func (epm *EmailProviderMappings) Set(s string) error
Set email provider mappings to a provided parsed string.
func (*EmailProviderMappings) String ¶
func (epm *EmailProviderMappings) String() string
func (EmailProviderMappings) Type ¶
func (EmailProviderMappings) Type() string
Type returns the type of the pflag.Value.
type MockOidcConfiguration ¶ added in v1.118.4
type MockOidcConfiguration struct {
RedirectURL string
}
MockOidcConfiguration is a fake OIDC configuration for testing purposes.
func (*MockOidcConfiguration) AuthCodeURL ¶ added in v1.118.4
func (c *MockOidcConfiguration) AuthCodeURL(state string, _ ...oauth2.AuthCodeOption) string
AuthCodeURL returns the redirect URL of the satellite with the code and state, simulating a successful authentication.
func (*MockOidcConfiguration) Exchange ¶ added in v1.118.4
func (c *MockOidcConfiguration) Exchange(_ context.Context, _ string, _ ...oauth2.AuthCodeOption) (*oauth2.Token, error)
Exchange simulates the exchange of the code for a token.
func (*MockOidcConfiguration) PasswordCredentialsToken ¶ added in v1.118.4
func (c *MockOidcConfiguration) PasswordCredentialsToken(_ context.Context, _, _ string) (*oauth2.Token, error)
PasswordCredentialsToken simulates the exchange of the username and password for a token.
type MockVerifier ¶ added in v1.118.4
type MockVerifier struct{}
MockVerifier is a fake verifier for testing purposes.
type OidcConfiguration ¶ added in v1.118.4
type OidcConfiguration interface { AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string PasswordCredentialsToken(ctx context.Context, username, password string) (*oauth2.Token, error) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) Client(ctx context.Context, t *oauth2.Token) *http.Client }
OidcConfiguration is an interface for OIDC configuration.
type OidcProviderInfo ¶
OidcProviderInfo contains the information needed to connect to an OIDC provider.
type OidcProviderInfos ¶
type OidcProviderInfos struct {
Values map[string]OidcProviderInfo
}
OidcProviderInfos is a map of SSO providers to OIDC provider infos.
func (*OidcProviderInfos) Set ¶
func (si *OidcProviderInfos) Set(s string) error
Set OIDC provider infos to the parsed string.
func (*OidcProviderInfos) String ¶
func (si *OidcProviderInfos) String() string
func (OidcProviderInfos) Type ¶
func (OidcProviderInfos) Type() string
Type returns the type of the pflag.Value.
type OidcSetup ¶
type OidcSetup struct { Config OidcConfiguration Verifier OidcTokenVerifier Url string }
OidcSetup contains the configuration and Verifier for an OIDC provider.
type OidcSsoClaims ¶
type OidcSsoClaims struct { Sub string `json:"sub"` Oid string `json:"oid"` PreferredUsername string `json:"preferred_username"` Email string `json:"email"` Name string `json:"name"` }
OidcSsoClaims holds info for OIDC token claims.
type OidcTokenVerifier ¶ added in v1.118.4
type OidcTokenVerifier interface {
Verify(ctx context.Context, rawIDToken string) (*goOIDC.IDToken, error)
}
OidcTokenVerifier is an interface for verifying OIDC tokens.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service is a Service for managing SSO.
func NewService ¶
func NewService(satelliteAddress string, tokens *consoleauth.Service, config Config) *Service
NewService creates a new Service.
func (*Service) GetOidcSetupByProvider ¶
GetOidcSetupByProvider returns the OIDC setup for the given provider.
func (*Service) GetProviderByEmail ¶
GetProviderByEmail returns the provider for the given email.
func (*Service) GetSsoStateFromEmail ¶ added in v1.118.4
GetSsoStateFromEmail returns a signed string derived from the email address.
func (*Service) Initialize ¶
Initialize initializes the OIDC providers.