Documentation ¶
Index ¶
- Constants
- Variables
- func DerivePostLoginRedirectURIFromRequest(r *http.Request, clientResolver OAuthClientResolver, uiConfig *config.UIConfig) string
- func GetColorScheme(ctx context.Context) string
- func GetIdentificationOptions(f *authflow.FlowResponse) []declarative.IdentificationOption
- func GetMostAppropriateIdentification(f *authflow.FlowResponse, loginID string, loginIDInputType string) config.AuthenticationFlowIdentification
- func GetRedirectURI(r *http.Request, trustProxy bool, defaultURI string) string
- func GetVisitorID(ctx context.Context) string
- func IntlMiddleware(next http.Handler) http.Handler
- func MakeRelativeURL(path string, inQuery url.Values) *url.URL
- func MakeURL(u *url.URL, path string, inQuery url.Values) *url.URL
- func PreferredLanguageTagsFromRequest(r *http.Request) (out []string)
- func PreserveQuery(q url.Values) url.Values
- func ResolveClientURI(client *config.OAuthClientConfig, uiConfig *config.UIConfig) string
- func ResolvePostLogoutRedirectURI(client *config.OAuthClientConfig, givenPostLogoutRedirectURI string, ...) string
- func WithColorScheme(ctx context.Context, colorScheme string) context.Context
- func WithSession(ctx context.Context, session *Session) context.Context
- func WithVisitorID(ctx context.Context, visitorID string) context.Context
- type AllowFrameAncestors
- type AllowInlineScript
- type AnonymousIdentityProvider
- type AnonymousTokenInput
- type AnonymousUserPromotionService
- type Authflow
- type AuthflowDelayedUIScreenData
- type AuthflowFinishedUIScreenData
- type AuthflowNavigator
- func (n *AuthflowNavigator) Navigate(s *AuthflowScreenWithFlowResponse, r *http.Request, webSessionID string, ...)
- func (n *AuthflowNavigator) NavigateChangePasswordSuccessPage(s *AuthflowScreen, r *http.Request, webSessionID string) (result *Result)
- func (n *AuthflowNavigator) NavigateNonRecoverableError(r *http.Request, u *url.URL, e error)
- func (n *AuthflowNavigator) NavigateResetPasswordSuccessPage() string
- func (n *AuthflowNavigator) NavigateSelectAccount(result *Result)
- type AuthflowNavigatorEndpointsProvider
- type AuthflowOAuthState
- type AuthflowScreen
- type AuthflowScreenWithFlowResponse
- func (s *AuthflowScreenWithFlowResponse) Advance(p string, result *Result)
- func (s *AuthflowScreenWithFlowResponse) HasBranchToTake() bool
- func (s *AuthflowScreenWithFlowResponse) InheritTakenBranchState(from *AuthflowScreenWithFlowResponse)
- func (s *AuthflowScreenWithFlowResponse) Navigate(navigator Navigator, r *http.Request, webSessionID string, result *Result)
- func (s *AuthflowScreenWithFlowResponse) TakeBranch(index int, channel model.AuthenticatorOOBChannel, options *TakeBranchOptions) TakeBranchResult
- type AuthflowStateToken
- type AuthflowWechatCallbackData
- type CSRFCookieDef
- type CSRFMiddleware
- type ColorSchemeMiddleware
- type ContextHolderMiddleware
- type ContextHolderMiddlewareLogger
- type CookieManager
- type CookiesGetter
- type DynamicCSPMiddleware
- type ErrorCookie
- func (c *ErrorCookie) GetError(r *http.Request) (*ErrorState, bool)
- func (c *ErrorCookie) ResetRecoverableError() *http.Cookie
- func (c *ErrorCookie) SetNonRecoverableError(result *Result, value *apierrors.APIError) error
- func (c *ErrorCookie) SetRecoverableError(r *http.Request, value *apierrors.APIError) (*http.Cookie, error)
- type ErrorCookieDef
- type ErrorState
- type FlashMessageType
- type GraphService
- type Navigator
- type OAuthClientResolver
- type PublicOriginMiddleware
- type PublicOriginMiddlewareLogger
- type RequireAuthenticatedMiddleware
- type RequireAuthenticationEnabledMiddleware
- type RequireSettingsEnabledMiddleware
- type Result
- type Service2
- func (s *Service2) CreateSession(session *Session, redirectURI string) (*Result, error)
- func (s *Service2) DeleteSession(sessionID string) error
- func (s *Service2) Get(session *Session) (*interaction.Graph, error)
- func (s *Service2) GetSession(id string) (*Session, error)
- func (s *Service2) GetWithIntent(session *Session, intent interaction.Intent) (*interaction.Graph, error)
- func (s *Service2) PeekUncommittedChanges(session *Session, fn func(graph *interaction.Graph) error) error
- func (s *Service2) PostWithInput(session *Session, inputFn func() (interface{}, error)) (result *Result, err error)
- func (s *Service2) PostWithIntent(session *Session, intent interaction.Intent, ...) (result *Result, err error)
- func (s *Service2) UpdateSession(session *Session) error
- type ServiceLogger
- type Session
- type SessionCookieDef
- type SessionMiddleware
- type SessionMiddlewareOAuthSessionService
- type SessionMiddlewareSessionService
- type SessionMiddlewareStore
- type SessionMiddlewareUIInfoResolver
- type SessionOptions
- type SessionStep
- type SessionStepKind
- type SessionStore
- type SessionStoreRedis
- type SettingsSubRoutesMiddleware
- type SettingsSubRoutesMiddlewareIdentityService
- type SignedUpCookieDef
- type SuccessPageMiddleware
- type SuccessPageMiddlewareEndpointsProvider
- type TakeBranchOptions
- type TakeBranchResult
- type TakeBranchResultInput
- type TakeBranchResultInputRetryHandler
- type TakeBranchResultSimple
- type TutorialMiddleware
- type TutorialMiddlewareTutorialCookie
- type UIInfoResolver
- type UIParamMiddleware
- type VisitorIDMiddleware
- type WeChatRedirectURIMiddleware
Constants ¶
const ( AuthflowRouteLogin = "/login" AuthflowRouteSignup = "/signup" AuthflowRoutePromote = "/flows/promote_user" AuthflowRouteReauth = "/reauth" // AuthflowRouteSignupLogin is login because login page has passkey. AuthflowRouteSignupLogin = AuthflowRouteLogin AuthflowRouteTerminateOtherSessions = "/authflow/terminate_other_sessions" // nolint: gosec AuthflowRoutePromptCreatePasskey = "/authflow/prompt_create_passkey" AuthflowRouteViewRecoveryCode = "/authflow/view_recovery_code" // nolint: gosec AuthflowRouteCreatePassword = "/authflow/create_password" // nolint: gosec AuthflowRouteChangePassword = "/authflow/change_password" // nolint: gosec AuthflowRouteEnterPassword = "/authflow/enter_password" AuthflowRouteEnterRecoveryCode = "/authflow/enter_recovery_code" AuthflowRouteEnterOOBOTP = "/authflow/enter_oob_otp" AuthflowRouteWhatsappOTP = "/authflow/whatsapp_otp" AuthflowRouteOOBOTPLink = "/authflow/oob_otp_link" AuthflowRouteEnterTOTP = "/authflow/enter_totp" AuthflowRouteSetupTOTP = "/authflow/setup_totp" AuthflowRouteSetupOOBOTP = "/authflow/setup_oob_otp" // nolint: gosec AuthflowRouteUsePasskey = "/authflow/use_passkey" // nolint: gosec AuthflowRouteForgotPassword = "/authflow/forgot_password" // nolint: gosec AuthflowRouteForgotPasswordOTP = "/authflow/forgot_password/otp" // nolint: gosec AuthflowRouteForgotPasswordSuccess = "/authflow/forgot_password/success" // nolint: gosec AuthflowRouteResetPassword = "/authflow/reset_password" // nolint: gosec AuthflowRouteResetPasswordSuccess = "/authflow/reset_password/success" AuthflowRouteWechat = "/authflow/wechat" // The following routes are dead ends. AuthflowRouteAccountStatus = "/authflow/account_status" AuthflowRouteNoAuthenticator = "/authflow/no_authenticator" AuthflowRouteFinishFlow = "/authflow/finish" )
const AuthflowQueryKey = "x_step"
const CSRFFieldName = "gorilla.csrf.Token"
CSRFFieldName is the same as the default, but public.
const ErrorQueryKey = "q_error"
ErrorQueryKey is "q_error" so that it is not persisent across pages.
const SessionExpiryDuration = interaction.GraphLifetime
Variables ¶
var CSPNonceCookieDef = &httputil.CookieDef{ NameSuffix: "csp_nonce", Path: "/", SameSite: http.SameSiteNoneMode, }
CSPNonceCookieDef is a HTTP session cookie. The nonce has to be stable within a browsing session because Turbo uses XHR to load new pages. If nonce changes on every page load, the script in the new page cannot be run in the current page due to different nonce.
var ColorSchemeCookieDef = &httputil.CookieDef{ NameSuffix: "x_color_scheme", Path: "/", SameSite: http.SameSiteNoneMode, }
ColorSchemeCookieDef is a HTTP session cookie.
var DependencySet = wire.NewSet( wire.Struct(new(AnonymousUserPromotionService), "*"), NewCSRFCookieDef, NewSessionCookieDef, NewErrorCookieDef, NewSignedUpCookieDef, wire.Struct(new(ErrorCookie), "*"), wire.Struct(new(CSRFMiddleware), "*"), wire.Struct(new(SessionMiddleware), "*"), wire.Bind(new(SessionMiddlewareStore), new(*SessionStoreRedis)), wire.Bind(new(SessionMiddlewareSessionService), new(*Service2)), wire.Struct(new(ColorSchemeMiddleware), "*"), wire.Struct(new(WeChatRedirectURIMiddleware), "*"), wire.Struct(new(UIParamMiddleware), "*"), wire.Struct(new(VisitorIDMiddleware), "*"), wire.Struct(new(RequireAuthenticationEnabledMiddleware), "*"), wire.Struct(new(RequireSettingsEnabledMiddleware), "*"), wire.Struct(new(SettingsSubRoutesMiddleware), "*"), wire.Struct(new(SuccessPageMiddleware), "*"), wire.Struct(new(TutorialMiddleware), "*"), wire.Struct(new(DynamicCSPMiddleware), "*"), NewContextHolderMiddlewareLogger, wire.Struct(new(ContextHolderMiddleware), "*"), NewPublicOriginMiddlewareLogger, wire.Struct(new(PublicOriginMiddleware), "*"), NewServiceLogger, wire.Struct(new(SessionStoreRedis), "*"), wire.Bind(new(SessionStore), new(*SessionStoreRedis)), wire.Struct(new(Service2), "*"), )
var ErrInvalidSession = WebUIInvalidSession.New("session expired or invalid")
var ErrSessionNotFound = WebUIInvalidSession.New("session not found")
var ErrSessionStepMismatch = WebUIInvalidSession.New("session step does match request path")
var PlatformCookieDef = &httputil.CookieDef{ NameSuffix: "platform", Path: "/", SameSite: http.SameSiteNoneMode, }
PlatformCookieDef is a HTTP session cookie.
var UILocalesCookieDef = &httputil.CookieDef{ NameSuffix: "ui_locales", Path: "/", SameSite: http.SameSiteNoneMode, }
UILocalesCookieDef is a HTTP session cookie.
var VisitorIDCookieDef = &httputil.CookieDef{ NameSuffix: "visitor_id", Path: "/", AllowScriptAccess: false, SameSite: http.SameSiteNoneMode, MaxAge: &visitorIDCookieMaxAge, }
var WeChatRedirectURICookieDef = &httputil.CookieDef{ NameSuffix: "wechat_redirect_uri", Path: "/", SameSite: http.SameSiteNoneMode, }
WeChatRedirectURICookieDef is a HTTP session cookie.
var WebUIInvalidSession = apierrors.Invalid.WithReason("WebUIInvalidSession")
Functions ¶
func GetColorScheme ¶
func GetIdentificationOptions ¶
func GetIdentificationOptions(f *authflow.FlowResponse) []declarative.IdentificationOption
func GetMostAppropriateIdentification ¶
func GetMostAppropriateIdentification(f *authflow.FlowResponse, loginID string, loginIDInputType string) config.AuthenticationFlowIdentification
func GetRedirectURI ¶
func GetVisitorID ¶
func ResolveClientURI ¶
func ResolveClientURI(client *config.OAuthClientConfig, uiConfig *config.UIConfig) string
func WithColorScheme ¶
Types ¶
type AllowFrameAncestors ¶
type AllowFrameAncestors bool
type AllowInlineScript ¶
type AllowInlineScript bool
type AnonymousTokenInput ¶
func (*AnonymousTokenInput) GetAnonymousRequestToken ¶
func (i *AnonymousTokenInput) GetAnonymousRequestToken() string
func (*AnonymousTokenInput) GetPromotionCode ¶
func (i *AnonymousTokenInput) GetPromotionCode() string
func (*AnonymousTokenInput) SignUpAnonymousUserWithoutKey ¶
func (i *AnonymousTokenInput) SignUpAnonymousUserWithoutKey() bool
type AnonymousUserPromotionService ¶
type AnonymousUserPromotionService struct { Anonymous AnonymousIdentityProvider Clock clock.Clock }
func (*AnonymousUserPromotionService) ConvertLoginHintToInput ¶
func (r *AnonymousUserPromotionService) ConvertLoginHintToInput(loginHintString string) (*AnonymousTokenInput, error)
type Authflow ¶
type Authflow struct { // AllScreens is x_step => screen. AllScreens map[string]*AuthflowScreen `json:"all_screens,omitempty"` }
Authflow remembers all seen screens. The screens could come from more than 1 flow. We intentionally DO NOT clear screens when a different flow is created. As long as the browser has a reference to x_step, a screen can be retrieved. This design is important to ensure traversing browser history will not cause flow not found error. See https://github.com/authgear/authgear-server/issues/3452
type AuthflowDelayedUIScreenData ¶
type AuthflowDelayedUIScreenData struct {
TargetResult *Result `json:"target_result,omitempty"`
}
type AuthflowNavigator ¶
type AuthflowNavigator struct {}
func (*AuthflowNavigator) Navigate ¶
func (n *AuthflowNavigator) Navigate(s *AuthflowScreenWithFlowResponse, r *http.Request, webSessionID string, result *Result)
func (*AuthflowNavigator) NavigateChangePasswordSuccessPage ¶
func (n *AuthflowNavigator) NavigateChangePasswordSuccessPage(s *AuthflowScreen, r *http.Request, webSessionID string) (result *Result)
func (*AuthflowNavigator) NavigateNonRecoverableError ¶
func (*AuthflowNavigator) NavigateResetPasswordSuccessPage ¶
func (n *AuthflowNavigator) NavigateResetPasswordSuccessPage() string
func (*AuthflowNavigator) NavigateSelectAccount ¶
func (n *AuthflowNavigator) NavigateSelectAccount(result *Result)
type AuthflowNavigatorEndpointsProvider ¶
type AuthflowNavigatorEndpointsProvider interface {}
type AuthflowOAuthState ¶
type AuthflowOAuthState struct { WebSessionID string `json:"web_session_id"` XStep string `json:"x_step"` ErrorRedirectURI string `json:"error_redirect_uri"` }
func DecodeAuthflowOAuthState ¶
func DecodeAuthflowOAuthState(stateStr string) (*AuthflowOAuthState, error)
func (AuthflowOAuthState) Encode ¶
func (s AuthflowOAuthState) Encode() string
type AuthflowScreen ¶
type AuthflowScreen struct { // Store FinishedUIScreenData when the flow is finish FinishedUIScreenData *AuthflowFinishedUIScreenData `json:"finished_ui_screen_data,omitempty"` // Store DelayedUIScreenData when injecting screen between two steps DelayedUIScreenData *AuthflowDelayedUIScreenData `json:"delayed_ui_screen_data,omitempty"` // PreviousXStep is the x_step of the screen that leads to this screen. PreviousXStep string `json:"previous_x_step,omitempty"` // PreviousInput is the input that leads to this screen. // It can be nil. PreviousInput map[string]interface{} `json:"previous_input,omitempty"` // StateToken is always present. StateToken *AuthflowStateToken `json:"state_token,omitempty"` // BranchStateToken is only present when the underlying authflow step has branches. BranchStateToken *AuthflowStateToken `json:"branch_state_token,omitempty"` // TakenBranchIndex tracks the taken branch. TakenBranchIndex *int `json:"taken_branch_index,omitempty"` // TakenChannel tracks the taken channel. TakenChannel model.AuthenticatorOOBChannel `json:"taken_channel,omitempty"` // WechatCallbackData is only relevant for wechat login. WechatCallbackData *AuthflowWechatCallbackData `json:"wechat_callback_data,omitempty"` }
AuthflowScreen represents a screen in the webapp. A screen typically corresponds to a step in an authflow. Some steps in an authflow can have branches. In order to be able to switch between branches, we need to remember the state that has branches.
func NewAuthflowScreenWithResult ¶
func NewAuthflowScreenWithResult(previousXStep string, targetResult *Result) *AuthflowScreen
type AuthflowScreenWithFlowResponse ¶
type AuthflowScreenWithFlowResponse struct { Screen *AuthflowScreen StateTokenFlowResponse *authflow.FlowResponse BranchStateTokenFlowResponse *authflow.FlowResponse }
func NewAuthflowScreenWithFlowResponse ¶
func NewAuthflowScreenWithFlowResponse(flowResponse *authflow.FlowResponse, previousXStep string, previousInput map[string]interface{}) *AuthflowScreenWithFlowResponse
func UpdateAuthflowScreenWithFlowResponse ¶
func UpdateAuthflowScreenWithFlowResponse(screen *AuthflowScreenWithFlowResponse, flowResponse *authflow.FlowResponse) *AuthflowScreenWithFlowResponse
func (*AuthflowScreenWithFlowResponse) Advance ¶
func (s *AuthflowScreenWithFlowResponse) Advance(p string, result *Result)
func (*AuthflowScreenWithFlowResponse) HasBranchToTake ¶
func (s *AuthflowScreenWithFlowResponse) HasBranchToTake() bool
func (*AuthflowScreenWithFlowResponse) InheritTakenBranchState ¶
func (s *AuthflowScreenWithFlowResponse) InheritTakenBranchState(from *AuthflowScreenWithFlowResponse)
func (*AuthflowScreenWithFlowResponse) TakeBranch ¶
func (s *AuthflowScreenWithFlowResponse) TakeBranch(index int, channel model.AuthenticatorOOBChannel, options *TakeBranchOptions) TakeBranchResult
type AuthflowStateToken ¶
type AuthflowStateToken struct { XStep string `json:"x_step"` StateToken string `json:"state_token"` }
AuthflowStateToken pairs x_step with its underlying state_token.
func NewAuthflowStateToken ¶
func NewAuthflowStateToken(flowResponse *authflow.FlowResponse) *AuthflowStateToken
type CSRFCookieDef ¶
func NewCSRFCookieDef ¶
func NewCSRFCookieDef(cfg *config.HTTPConfig) CSRFCookieDef
type CSRFMiddleware ¶
type CSRFMiddleware struct { Secret *config.CSRFKeyMaterials CookieDef CSRFCookieDef TrustProxy config.TrustProxy }
type ColorSchemeMiddleware ¶
type ColorSchemeMiddleware struct {
Cookies CookieManager
}
type ContextHolderMiddleware ¶
type ContextHolderMiddleware struct {
Logger ContextHolderMiddlewareLogger
}
type ContextHolderMiddlewareLogger ¶
func NewContextHolderMiddlewareLogger ¶
func NewContextHolderMiddlewareLogger(lf *log.Factory) ContextHolderMiddlewareLogger
type CookieManager ¶
type CookiesGetter ¶
type DynamicCSPMiddleware ¶
type DynamicCSPMiddleware struct { Cookies CookieManager HTTPOrigin httputil.HTTPOrigin OAuthConfig *config.OAuthConfig WebAppCDNHost config.WebAppCDNHost AuthUISentryDSN config.AuthUISentryDSN AllowInlineScript AllowInlineScript AllowFrameAncestors AllowFrameAncestors }
type ErrorCookie ¶
type ErrorCookie struct { Cookie ErrorCookieDef Cookies CookieManager }
func (*ErrorCookie) GetError ¶
func (c *ErrorCookie) GetError(r *http.Request) (*ErrorState, bool)
func (*ErrorCookie) ResetRecoverableError ¶
func (c *ErrorCookie) ResetRecoverableError() *http.Cookie
func (*ErrorCookie) SetNonRecoverableError ¶
func (c *ErrorCookie) SetNonRecoverableError(result *Result, value *apierrors.APIError) error
SetNonRecoverableError does NOT retain form.
func (*ErrorCookie) SetRecoverableError ¶
func (c *ErrorCookie) SetRecoverableError(r *http.Request, value *apierrors.APIError) (*http.Cookie, error)
SetRecoverableError stores the error in cookie and retains the form.
type ErrorCookieDef ¶
func NewErrorCookieDef ¶
func NewErrorCookieDef() ErrorCookieDef
type FlashMessageType ¶
type FlashMessageType string
const ( FlashMessageTypeResendCodeSuccess FlashMessageType = "resend_code_success" FlashMessageTypeResendLoginLinkSuccess FlashMessageType = "resend_login_link_success" )
type GraphService ¶
type GraphService interface { NewGraph(ctx *interaction.Context, intent interaction.Intent) (*interaction.Graph, error) Get(instanceID string) (*interaction.Graph, error) DryRun(contextValues interaction.ContextValues, fn func(*interaction.Context) (*interaction.Graph, error)) error Run(contextValues interaction.ContextValues, graph *interaction.Graph) error Accept(ctx *interaction.Context, graph *interaction.Graph, input interface{}) (*interaction.Graph, []interaction.Edge, error) }
type OAuthClientResolver ¶
type OAuthClientResolver interface {
ResolveClient(clientID string) *config.OAuthClientConfig
}
type PublicOriginMiddleware ¶
type PublicOriginMiddleware struct { Config *config.HTTPConfig TrustProxy config.TrustProxy Logger PublicOriginMiddlewareLogger }
type PublicOriginMiddlewareLogger ¶
func NewPublicOriginMiddlewareLogger ¶
func NewPublicOriginMiddlewareLogger(lf *log.Factory) PublicOriginMiddlewareLogger
type RequireAuthenticatedMiddleware ¶
type RequireAuthenticatedMiddleware struct{}
type Result ¶
type Result struct { UILocales string `json:"ui_locales,omitempty"` ColorScheme string `json:"color_scheme,omitempty"` RedirectURI string `json:"redirect_uri,omitempty"` Cookies []*http.Cookie `json:"cookies,omitempty"` IsInteractionErr bool `json:"is_interaction_err,omitempty"` RemoveQueries setutil.Set[string] `json:"remove_queries,omitempty"` }
func (*Result) IsInternalError ¶
func (*Result) WriteResponse ¶
func (r *Result) WriteResponse(w http.ResponseWriter, req *http.Request)
type Service2 ¶
type Service2 struct { Logger ServiceLogger Request *http.Request Sessions SessionStore SessionCookie SessionCookieDef SignedUpCookie SignedUpCookieDef MFADeviceTokenCookie mfa.CookieDef ErrorCookie *ErrorCookie Cookies CookieManager OAuthConfig *config.OAuthConfig UIConfig *config.UIConfig TrustProxy config.TrustProxy UIInfoResolver UIInfoResolver OAuthClientResolver OAuthClientResolver Graph GraphService }
func (*Service2) CreateSession ¶
func (*Service2) DeleteSession ¶
func (*Service2) GetWithIntent ¶
func (s *Service2) GetWithIntent(session *Session, intent interaction.Intent) (*interaction.Graph, error)
func (*Service2) PeekUncommittedChanges ¶
func (s *Service2) PeekUncommittedChanges(session *Session, fn func(graph *interaction.Graph) error) error
PeekUncommittedChanges runs fn with the effects of the graph fully applied. This is useful if fn needs the effects of the graph visible to it.
func (*Service2) PostWithInput ¶
func (*Service2) PostWithIntent ¶
func (*Service2) UpdateSession ¶
type ServiceLogger ¶
func NewServiceLogger ¶
func NewServiceLogger(lf *log.Factory) ServiceLogger
type Session ¶
type Session struct { ID string `json:"id"` // Steps is a history stack of steps taken within this session. Steps []SessionStep `json:"steps,omitempty"` // Authflow keeps track of an authflow. Authflow *Authflow `json:"authflow,omitempty"` OAuthSessionID string `json:"oauth_session_id,omitempty"` // RedirectURI is the URI to redirect to after the completion of session. RedirectURI string `json:"redirect_uri,omitempty"` // KeepAfterFinish indicates the session would not be deleted after the // completion of interaction graph. KeepAfterFinish bool `json:"keep_after_finish,omitempty"` // Extra is used to store extra information for use of webapp. Extra map[string]interface{} `json:"extra"` // Prompt is used to indicate requested authentication behavior // which includes both supported and unsupported prompt Prompt []string `json:"prompt_list,omitempty"` // Page is used to indicate the preferred page to show. Page string `json:"page,omitempty"` // UpdatedAt indicate the session last updated time UpdatedAt time.Time `json:"updated_at,omitempty"` // UserIDHint is the intended user ID. // It is expected that the authenticated user is indicated by this user ID, // otherwise it is an error. UserIDHint string `json:"user_id_hint,omitempty"` // CanUseIntentReauthenticate indicates whether IntentReauthenticate can be used. CanUseIntentReauthenticate bool `json:"can_use_intent_reauthenticate,omitempty"` // SuppressIDPSessionCookie indicates whether IDP session cookie should neither be read or written. SuppressIDPSessionCookie bool `json:"suppress_idp_session_cookie,omitempty"` // OAuthProviderAlias is used to auto redirect user to the given oauth provider in the login page OAuthProviderAlias string `json:"oauth_provider_alias,omitempty"` // LoginHint is the OIDC login_hint parameter. LoginHint string `json:"login_hint,omitempty"` }
func GetSession ¶
func NewSession ¶
func NewSession(options SessionOptions) *Session
func (*Session) CurrentStep ¶
func (s *Session) CurrentStep() SessionStep
func (*Session) RememberScreen ¶
func (s *Session) RememberScreen(screen *AuthflowScreen)
type SessionCookieDef ¶
func NewSessionCookieDef ¶
func NewSessionCookieDef() SessionCookieDef
type SessionMiddleware ¶
type SessionMiddleware struct { Sessions SessionMiddlewareSessionService OAuthSessions SessionMiddlewareOAuthSessionService States SessionMiddlewareStore UIInfoResolver SessionMiddlewareUIInfoResolver CookieDef SessionCookieDef Cookies CookieManager }
type SessionMiddlewareOAuthSessionService ¶
type SessionMiddlewareOAuthSessionService interface {
Get(entryID string) (*oauthsession.Entry, error)
}
type SessionMiddlewareStore ¶
type SessionOptions ¶
type SessionOptions struct { OAuthSessionID string RedirectURI string KeepAfterFinish bool Prompt []string Extra map[string]interface{} Page string // TODO(authflow): UserIDHint is now handled natively by authflow. UserIDHint string UpdatedAt time.Time CanUseIntentReauthenticate bool // TODO(authflow): SuppressIDPSessionCookie is now handled natively by authflow. SuppressIDPSessionCookie bool OAuthProviderAlias string LoginHint string }
func NewSessionOptionsFromSession ¶
func NewSessionOptionsFromSession(s *Session) SessionOptions
type SessionStep ¶
type SessionStep struct { // Kind is the kind of the step. Kind SessionStepKind `json:"kind"` // GraphID is the graph ID of the step. GraphID string `json:"graph_id"` // FormData is the place to store shared form data across different user agents. // The only use case currently is verification email being opened in another user agent. // In that case, the form submitted by the other user agent will update FormData. // The original user agent will then read from it to fill in its form. FormData map[string]interface{} `json:"form_data"` }
func NewSessionStep ¶
func NewSessionStep(kind SessionStepKind, graphID string) SessionStep
func (SessionStep) URL ¶
func (s SessionStep) URL() *url.URL
type SessionStepKind ¶
type SessionStepKind string
const ( SessionStepOAuthRedirect SessionStepKind = "oauth-redirect" SessionStepPromoteUser SessionStepKind = "promote-user" SessionStepAuthenticate SessionStepKind = "authenticate" SessionStepCreateAuthenticator SessionStepKind = "create-authenticator" SessionStepEnterPassword SessionStepKind = "enter-password" SessionStepUsePasskey SessionStepKind = "use-passkey" SessionStepCreatePassword SessionStepKind = "create-password" SessionStepCreatePasskey SessionStepKind = "create-passkey" SessionStepPromptCreatePasskey SessionStepKind = "prompt-create-passkey" SessionStepChangePrimaryPassword SessionStepKind = "change-primary-password" SessionStepChangeSecondaryPassword SessionStepKind = "change-secondary-password" SessionStepEnterOOBOTPAuthnEmail SessionStepKind = "enter-oob-otp-authn-email" SessionStepEnterOOBOTPAuthnSMS SessionStepKind = "enter-oob-otp-authn-sms" SessionStepEnterOOBOTPSetupEmail SessionStepKind = "enter-oob-otp-setup-email" SessionStepEnterOOBOTPSetupSMS SessionStepKind = "enter-oob-otp-setup-sms" SessionStepSetupOOBOTPEmail SessionStepKind = "setup-oob-otp-email" SessionStepSetupOOBOTPSMS SessionStepKind = "setup-oob-otp-sms" SessionStepSetupWhatsappOTP SessionStepKind = "setup-whatsapp-otp" SessionStepSetupLoginLinkOTP SessionStepKind = "setup-login-link-otp" SessionStepVerifyWhatsappOTPAuthn SessionStepKind = "verify-whatsapp-otp-authn" SessionStepVerifyWhatsappOTPSetup SessionStepKind = "verify-whatsapp-otp-setup" SessionStepVerifyLoginLinkOTPAuthn SessionStepKind = "verify-login-link-otp-authn" SessionStepVerifyLoginLinkOTPSetup SessionStepKind = "verify-login-link-otp-setup" SessionStepEnterTOTP SessionStepKind = "enter-totp" SessionStepSetupTOTP SessionStepKind = "setup-totp" SessionStepEnterRecoveryCode SessionStepKind = "enter-recovery-code" SessionStepSetupRecoveryCode SessionStepKind = "setup-recovery-code" SessionStepVerifyIdentityBegin SessionStepKind = "verify-identity-begin" SessionStepVerifyIdentityViaOOBOTP SessionStepKind = "verify-identity" SessionStepVerifyIdentityViaWhatsapp SessionStepKind = "verify-identity-via-whatsapp" SessionStepAccountStatus SessionStepKind = "account-status" SessionStepConfirmTerminateOtherSessions SessionStepKind = "confirm-terminate-other-sessions" )
func (SessionStepKind) MatchPath ¶
func (k SessionStepKind) MatchPath(path string) bool
func (SessionStepKind) Path ¶
func (k SessionStepKind) Path() string
type SessionStore ¶
type SessionStoreRedis ¶
func (*SessionStoreRedis) Create ¶
func (s *SessionStoreRedis) Create(session *Session) (err error)
func (*SessionStoreRedis) Delete ¶
func (s *SessionStoreRedis) Delete(id string) error
func (*SessionStoreRedis) Get ¶
func (s *SessionStoreRedis) Get(id string) (session *Session, err error)
func (*SessionStoreRedis) Update ¶
func (s *SessionStoreRedis) Update(session *Session) (err error)
type SettingsSubRoutesMiddleware ¶
type SettingsSubRoutesMiddleware struct { Database *appdb.Handle Identities SettingsSubRoutesMiddlewareIdentityService }
SettingsSubRoutesMiddleware redirect all settings sub routes to /settings if the current user is anonymous user
type SignedUpCookieDef ¶
func NewSignedUpCookieDef ¶
func NewSignedUpCookieDef() SignedUpCookieDef
type SuccessPageMiddleware ¶
type SuccessPageMiddleware struct { Endpoints SuccessPageMiddlewareEndpointsProvider UIConfig *config.UIConfig Cookies CookieManager ErrorCookie *ErrorCookie }
func (*SuccessPageMiddleware) Handle ¶
func (m *SuccessPageMiddleware) Handle(next http.Handler) http.Handler
SuccessPageMiddleware check the success path cookie to determine whether it is valid to visit the success page the cookie should be set right before redirecting to the success page
func (*SuccessPageMiddleware) Pop ¶
func (m *SuccessPageMiddleware) Pop(r *http.Request, rw http.ResponseWriter) string
type SuccessPageMiddlewareEndpointsProvider ¶
type SuccessPageMiddlewareEndpointsProvider interface {
ErrorEndpointURL(uiImpl config.UIImplementation) *url.URL
}
type TakeBranchOptions ¶
type TakeBranchOptions struct {
DisableFallbackToSMS bool
}
type TakeBranchResult ¶
type TakeBranchResult interface {
// contains filtered or unexported methods
}
type TakeBranchResultInput ¶
type TakeBranchResultInput struct { Input interface{} NewAuthflowScreenFull func(flowResponse *authflow.FlowResponse, retriedForError error) *AuthflowScreenWithFlowResponse OnRetry *TakeBranchResultInputRetryHandler }
type TakeBranchResultInputRetryHandler ¶
type TakeBranchResultInputRetryHandler func(err error) (nextInput interface{})
type TakeBranchResultSimple ¶
type TakeBranchResultSimple struct {
Screen *AuthflowScreenWithFlowResponse
}
type TutorialMiddleware ¶
type TutorialMiddleware struct {
TutorialCookie TutorialMiddlewareTutorialCookie
}
type TutorialMiddlewareTutorialCookie ¶
type TutorialMiddlewareTutorialCookie interface {
SetAll(rw http.ResponseWriter)
}
type UIInfoResolver ¶
type UIInfoResolver interface {
SetAuthenticationInfoInQuery(redirectURI string, e *authenticationinfo.Entry) string
}
type UIParamMiddleware ¶
type UIParamMiddleware struct { UIInfoResolver SessionMiddlewareUIInfoResolver OAuthSessions SessionMiddlewareOAuthSessionService Cookies CookieManager }
type VisitorIDMiddleware ¶
type VisitorIDMiddleware struct {
Cookies CookieManager
}
type WeChatRedirectURIMiddleware ¶
type WeChatRedirectURIMiddleware struct { Cookies CookieManager IdentityConfig *config.IdentityConfig }
WeChatRedirectURIMiddleware validates x_wechat_redirect_uri and stores it in context. Ideally we should store x_wechat_redirect_uri in web app session. But we can link wechat in settings page so that is not possible at the moment.
Source Files ¶
- authflow.go
- authflow_routes.go
- context_holder_middleware.go
- cookie.go
- csrf.go
- csrf_middleware.go
- deps.go
- dynamic_csp_middleware.go
- error.go
- errors.go
- flash_message.go
- interaction.go
- intl_middleware.go
- login_hint.go
- public_origin_middleware.go
- redirect.go
- require_authenticated_middleware.go
- require_authentication_enabled_middleware.go
- require_settings_enabled_middleware.go
- result.go
- service2.go
- session.go
- session_authflow.go
- session_middleware.go
- session_step.go
- session_store.go
- settings_sub_routes_middleware.go
- success_page_middleware.go
- tutorial_middleware.go
- ui_param.go
- url.go
- visitor_id.go
- visitor_id_middleware.go
- wechat_redirect_uri_middleware.go
- x_color_scheme.go