Documentation ¶
Overview ¶
Package ssoauth implements macaroon based authentication with Canonical SSO.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrUnsupportedCaveat = errgo.New("unsupported caveat")
ErrUnsupportedCaveat is returned from the function created in CaveatChecker when the caveat is not understood by the checker.
Functions ¶
func AddThirdPartyCaveat ¶
func AddThirdPartyCaveat(m *macaroon.Macaroon, rootKey []byte, location string, pk *rsa.PublicKey) error
AddThirdPartyCaveat adds a third-party caveat to the given macaroon in the format understood by the SSO server.
func CaveatChecker ¶
CaveatChecker creates a function which verifies first-party caveats added by the SSO server at the given location. Account information returned from the SSO server will be stored in the given Account. The returned function is suitable for using asthe check parameter with the Verify method of macaroon.Macaroon. If any provided caveat is not supported by this checker then an ErrUnsupportedCaveat error will be returned.
Types ¶
type Account ¶
type Account struct { Provider string `json:"-"` OpenID string `json:"openid"` Username string `json:"username"` DisplayName string `json:"displayname"` Email string `json:"email"` IsVerified bool `json:"is_verified"` LastAuth time.Time `json:"-"` }
Account contains the details of the authenticated user that Ubuntu SSO added to the discharge macaroon.
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
An Authenticator is used to mint macaroons with a third-party caveat addressed to a canonical SSO provider and authenticate responses.
func (*Authenticator) Authenticate ¶
Authenticate checks that the given macaroon slice is a valid discharged SSO macaroon and returns the user details associated with the macaroon, if any. If given macaroons are not valid then an error with a cause of ErrUnauthorized is returned.
type Params ¶
type Params struct { // Oven contains the Oven instance that issues the macaroons. Oven *bakery.Oven // Location contains the Ubuntu SSO location that the macaroons // are addressed to. Location string // PublicKey contains the public key of the Ubuntu SSO server to // which the third-party caveat will be addressed. PublicKey *rsa.PublicKey }
Directories ¶
Path | Synopsis |
---|---|
Package ssoauthacl provides mechanisms to match accounts to identity lists.
|
Package ssoauthacl provides mechanisms to match accounts to identity lists. |
Package ssoauthtest contains test helpers for SSO authentication.
|
Package ssoauthtest contains test helpers for SSO authentication. |