login

package
v0.0.0-...-0b19289 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultLocalServerSuccessHTML = `` /* 474-byte string literal not displayed */

DefaultLocalServerSuccessHTML is a default response body on authorization success.

Variables

This section is empty.

Functions

func AuthorizationCodeToken 

func AuthorizationCodeToken(ctx context.Context, c ServerConfig) (*oauth2.Token, error)

AuthorizationCodeToken performs the Authorization Code Grant Flow and returns a token received from the provider. See https://tools.ietf.org/html/rfc6749#section-4.1

This performs the following steps:

  1. Start a local server at the port.
  2. Open a browser and navigate it to the local server.
  3. Wait for the user authorization.
  4. Receive a code via an authorization response (HTTP redirect).
  5. Exchange the code and a token.
  6. Return the code.

func Login 

func Login(ctx context.Context, logger *zap.SugaredLogger, provider *oidc.Provider, l *LoginConfig, oidcTokenFile string, grantType string) (*oauth2.Token, error)

func LoginAndSave 

func LoginAndSave(ctx context.Context, logger *zap.SugaredLogger, l *LoginConfig, grantType, oidcLoginFile, oidcTokenFile string) error

func ReadLoginConfigs 

func ReadLoginConfigs(oidcLoginFile string) (map[string]LoginConfig, error)

func ReadTokens 

func ReadTokens(oidcTokenFile string) (map[string]*Token, error)

func Refresh 

func Refresh(ctx context.Context, provider *oidc.Provider, l *LoginConfig, oidcTokenFile string) (*oauth2.Token, error)

Types

type LoginConfig 

type LoginConfig struct {
	Issuer       string `json:"issuer"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
	Username     string `json:"username"`
}

type ServerConfig 

type ServerConfig struct {
	// OAuth2 config.
	// RedirectURL will be automatically set to the local server.
	OAuth2Config oauth2.Config
	// Hostname of the redirect URL.
	// You can set this if your provider does not accept localhost.
	// Default to localhost.
	RedirectURLHostname string
	// Options for an authorization request.
	// You can set oauth2.AccessTypeOffline and the PKCE options here.
	AuthCodeOptions []oauth2.AuthCodeOption
	// Options for a token request.
	// You can set the PKCE options here.
	TokenRequestOptions []oauth2.AuthCodeOption
	// State parameter in the authorization request.
	// Default to a string of random 32 bytes.
	State string

	// Candidates of hostname and port which the local server binds to.
	// You can set port number to 0 to allocate a free port.
	// If multiple addresses are given, it will try the ports in order.
	// If nil or an empty slice is given, it defaults to "127.0.0.1:0" i.e. a free port.
	LocalServerBindAddress []string

	// A PEM-encoded certificate, and possibly the complete certificate chain.
	// When set, the server will serve TLS traffic using the specified
	// certificates. It's recommended that the public key's SANs contain
	// the loopback addresses - 'localhost', '127.0.0.1' and '::1'
	LocalServerCertFile string
	// A PEM-encoded private key for the certificate.
	// This is required when LocalServerCertFile is set.
	LocalServerKeyFile string

	// Response HTML body on authorization completed.
	// Default to DefaultLocalServerSuccessHTML.
	LocalServerSuccessHTML string
	// Middleware for the local server. Default to none.
	LocalServerMiddleware func(h http.Handler) http.Handler
	// A channel to send its URL when the local server is ready. Default to none.
	LocalServerReadyChan chan<- string

	// Redirect URL upon successful login
	SuccessRedirectURL string
	// Redirect URL upon failed login
	FailureRedirectURL string

	// Logger function for debug.
	Logf func(format string, args ...interface{})
}

ServerConfig represents a config for AuthorizationCodeToken.

type SupportedGrants 

type SupportedGrants struct {
	Refresh           bool
	AuthorizationCode bool
	Password          bool
	// contains filtered or unexported fields
}

func GetSupportedGrants 

func GetSupportedGrants(provider *oidc.Provider) (SupportedGrants, error)

func (SupportedGrants) String 

func (g SupportedGrants) String() string

type Token 

type Token struct {
	TokenType     string    `json:"type"`
	AccessToken   string    `json:"access_token"`
	RefreshToken  string    `json:"refresh_token"`
	Expiry        time.Time `json:"expiry"`
	RawIDToken    string    `json:"id_token"`
	IDTokenExpiry time.Time `json:"id_token_expiry"`
	// contains filtered or unexported fields
}

Token implements grpc.credentials.PerRPCCredentials interface.

func ReadToken 

func ReadToken(issuer string, oidcTokenFile string) (*Token, error)

func (*Token) GetRequestMetadata 

func (t *Token) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)

func (*Token) RequireTransportSecurity 

func (t *Token) RequireTransportSecurity() bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.