Documentation
¶
Overview ¶
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
package tap wraps a set of interfaces and object to provide a generic interface to a delegated authentication
proxy
Index ¶
Constants ¶
const ProfilesCollectionName = "profilesCollection"
I know it is not correct convention for table naming but it needs to be backward compatible :(
Variables ¶
This section is empty.
Functions ¶
func GenerateSSOKey ¶
GenerateSSOKey is a utility function that creates a temporary ID to identity a user from a delegated provider
Types ¶
type Action ¶
type Action string
An Action is a value that defines what a particular authentication profile will do, for example, create and log in a user to the dashboard, or to the portal. Alternatively, create a token or OAuth session
const ( // Pass through / redirect user-based actions GenerateOrLoginDeveloperProfile Action = "GenerateOrLoginDeveloperProfile" // Portal GenerateOrLoginUserProfile Action = "GenerateOrLoginUserProfile" // Dashboard GenerateOAuthTokenForClient Action = "GenerateOAuthTokenForClient" // OAuth token flow // Direct or redirect GenerateTemporaryAuthToken Action = "GenerateTemporaryAuthToken" // Tyk Access Token GenerateOAuthTokenForPassword Action = "GenerateOAuthTokenForClient" // OAuth PW flow )
type AuthRegisterBackend ¶
type AuthRegisterBackend interface {
Init(interface{}) error
SetKey(key string, orgId string, val interface{}) error
GetKey(key string, orgId string, val interface{}) error
GetAll(orgId string) []interface{}
DeleteKey(key string, orgId string) error
}
AuthRegisterBackend is an interface to provide storage for profiles loaded into TAP
type HttpError ¶ added in v1.1.0
func AddProfile ¶ added in v1.1.0
func AddProfile(profile Profile, AuthConfigStore AuthRegisterBackend, flush func(backend AuthRegisterBackend) error) *HttpError
func DeleteProfile ¶ added in v1.1.0
func DeleteProfile(key, orgID string, AuthConfigStore AuthRegisterBackend, flush func(backend AuthRegisterBackend) error) *HttpError
func UpdateProfile ¶ added in v1.1.0
func UpdateProfile(key string, profile Profile, AuthConfigStore AuthRegisterBackend, flush func(backend AuthRegisterBackend) error) *HttpError
type IdentityHandler ¶
type IdentityHandler interface {
Init(interface{}) error
CompleteIdentityAction(http.ResponseWriter, *http.Request, interface{}, Profile)
}
IdentityHandler provides an interface that provides a generic way to handle the creation / login of an SSO session for a specific provider, it should generate users, tokens and SSO sesisons for whatever target system is being used off the back of a delegated authentication provider such as GPlus.
type Profile ¶
type Profile struct {
ID string `bson:"ID" json:"ID" gorm:"primaryKey;column:ID"`
Name string `bson:"Name" json:"Name"`
OrgID string `bson:"OrgID" json:"OrgID"`
ActionType Action `bson:"ActionType" json:"ActionType"`
MatchedPolicyID string `bson:"MatchedPolicyID" json:"MatchedPolicyID"`
Type ProviderType `bson:"Type" json:"Type"`
ProviderName string `bson:"ProviderName" json:"ProviderName"`
CustomEmailField string `bson:"CustomEmailField" json:"CustomEmailField"`
CustomUserIDField string `bson:"CustomUserIDField" json:"CustomUserIDField"`
ProviderConfig interface{} `bson:"ProviderConfig" json:"ProviderConfig"`
IdentityHandlerConfig map[string]interface{} `bson:"IdentityHandlerConfig" json:"IdentityHandlerConfig"`
ProviderConstraints ProfileConstraint `bson:"ProviderConstraints" json:"ProviderConstraints"`
ReturnURL string `bson:"ReturnURL" json:"ReturnURL"`
DefaultUserGroupID string `bson:"DefaultUserGroupID" json:"DefaultUserGroupID"`
CustomUserGroupField string `bson:"CustomUserGroupField" json:"CustomUserGroupField"`
UserGroupMapping map[string]string `bson:"UserGroupMapping" json:"UserGroupMapping"`
UserGroupSeparator string `bson:"UserGroupSeparator" json:"UserGroupSeparator"`
SSOOnlyForRegisteredUsers bool `bson:"SSOOnlyForRegisteredUsers" json:"SSOOnlyForRegisteredUsers"`
}
Profile is the configuration object for an authentication session, it combines an Action (what to do with the identity once confirmed, this is delegated to an IdentityHandler) with a Provider (such as Social / GPlus)
func (Profile) GetObjectID ¶ added in v1.4.0
func (Profile) MarshalBinary ¶ added in v1.1.0
func (Profile) SetObjectID ¶ added in v1.4.0
func (Profile) UnmarshalBinary ¶ added in v1.1.0
type ProfileConstraint ¶
ProfileConstraint Certain providers can have constraints, this object sets out those constraints. E.g. Domain: "tyk.io" will limit social logins to only those with a tyk.io domain name
type ProviderType ¶
type ProviderType string
ProviderType is a way of identitying whether a provider passes through or redirects
const ( PASSTHROUGH_PROVIDER ProviderType = "passthrough" REDIRECT_PROVIDER ProviderType = "redirect" )
type TAProvider ¶
type TAProvider interface {
Init(IdentityHandler, Profile, []byte) error
Name() string
ProviderType() ProviderType
UseCallback() bool
Handle(http.ResponseWriter, *http.Request, map[string]string, Profile)
HandleCallback(http.ResponseWriter, *http.Request, func(tag string, errorMsg string, rawErr error, code int, w http.ResponseWriter, r *http.Request), Profile)
HandleMetadata(http.ResponseWriter, *http.Request)
}
TAProvider is an interface that defines an actual handler for a specific authentication provider. It can wrap largert libraries (such as Goth for social), or individual pass-throughs such as LDAP.
Source Files
Directories