authenticationflow

package
v0.0.0-...-c4f7e29 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 51 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	JsonPointerTokenOneOf string = "one_of"
	JsonPointerTokenSteps string = "steps"
)
View Source 
const (
	AuthowAPIPerIP ratelimit.BucketName = "AuthflowAPIPerIP"
)
View Source 
const Lifetime = duration.UserInteraction
View Source 
const (
	WebsocketEndpointV1 = "/api/v1/authentication_flows/ws"
)

Variables

View Source 
var AllFlowTypes []FlowType = []FlowType{
	FlowTypeSignup,
	FlowTypePromote,
	FlowTypeLogin,
	FlowTypeSignupLogin,
	FlowTypeReauth,
	FlowTypeAccountRecovery,
}
View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(Dependencies), "*"),
	NewServiceLogger,
	wire.Struct(new(Service), "*"),
	wire.Struct(new(StoreImpl), "*"),
	wire.Bind(new(Store), new(*StoreImpl)),
	wire.Struct(new(IntlMiddleware), "*"),
	wire.Struct(new(RateLimitMiddleware), "*"),
	NewWebsocketEventStore,
)
View Source 
var ErrEOF = errors.New("eof")

ErrEOF means end of flow. This error originates from CanReactTo and will be propagated to public API.

View Source 
var ErrFlowNotAllowed = apierrors.Forbidden.WithReason("AuthenticationFlowNotAllowed").New("flow not allowed")
View Source 
var ErrFlowNotFound = apierrors.NotFound.WithReason("AuthenticationFlowNotFound").New("flow not found")
View Source 
var ErrIncompatibleInput = errors.New("incompatible input")

ErrIncompatibleInput means the input reactor cannot react to the input. This error can only be returned by ReactTo.

View Source 
var ErrInvalidJSONPointer = errors.New("invalid json pointer")
View Source 
var ErrNoChange = errors.New("no change")

ErrNoChange means the input does not cause the flow to change. This error originates from Accept and will be propagated to public API.

View Source 
var ErrNoEntries = errors.New("no entries")
View Source 
var ErrSameNode = errors.New("same node")

ErrSameNode means the input is reacted to, but no node is produced. This typically means the node has performed some immediate side effects. This error can only be returned by ReactTo.

View Source 
var ErrStepNotFound = apierrors.NotFound.WithReason("AuthenticationFlowStepNotFound").New("step not found")
View Source 
var ErrUnknownFlow = apierrors.BadRequest.WithReason("AuthenticationFlowUnknownFlow").New("unknown flow")
View Source 
var ErrUpdateNode = errors.New("update node")

ErrUpdateNode means the input is reacted to, but instead of producing a new node to be appended, the returned node should replace the node. This error can only be returned by ReactTo.

View Source 
var InputTakeAccountRecoveryCodeSchemaBuilder validation.SchemaBuilder

Functions

func Accept 

func Accept(ctx context.Context, deps *Dependencies, flows Flows, rawMessage json.RawMessage) (err error)

Accept executes the flow to the deepest using input. In addition to the errors caused by intents and nodes, ErrEOF and ErrNoChange can be returned.

func AcceptSyntheticInput 

func AcceptSyntheticInput(ctx context.Context, deps *Dependencies, flows Flows, syntheticInput Input) (err error)

func ApplyAllEffects 

func ApplyAllEffects(ctx context.Context, deps *Dependencies, flows Flows) error

func ApplyRunEffects 

func ApplyRunEffects(ctx context.Context, deps *Dependencies, flows Flows) error

func AsInput 

func AsInput(i Input, iface interface{}) bool

func CollectCookies 

func CollectCookies(ctx context.Context, deps *Dependencies, flows Flows) (cookies []*http.Cookie, err error)

func FindAllMilestones 

func FindAllMilestones[T Milestone](w *Flow) []T

func FindMilestone 

func FindMilestone[T Milestone](w *Flow) (T, bool)

func FlowObject 

func FlowObject(flowRootObject config.AuthenticationFlowObject, pointer jsonpointer.T) (config.AuthenticationFlowObject, error)

func FlowObjectGetName 

func FlowObjectGetName(o config.AuthenticationFlowObject) string

func FlowObjectGetOneOf 

func FlowObjectGetOneOf(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)

func FlowObjectGetSteps 

func FlowObjectGetSteps(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)

func GetAuthenticationInfoEntry 

func GetAuthenticationInfoEntry(ctx context.Context, deps *Dependencies, flows Flows) (*authenticationinfo.Entry, bool)

func GetCurrentObject 

func GetCurrentObject(entries []TraverseEntry) (config.AuthenticationFlowObject, error)

func GetFlowID 

func GetFlowID(ctx context.Context) string

func GetFlowRootObject 

func GetFlowRootObject(ctx context.Context) config.AuthenticationFlowObject

func GetIDToken 

func GetIDToken(ctx context.Context) string

func GetLoginHint 

func GetLoginHint(ctx context.Context) string

func GetOAuthSessionID 

func GetOAuthSessionID(ctx context.Context) string

func GetSuppressIDPSessionCookie 

func GetSuppressIDPSessionCookie(ctx context.Context) bool

func GetUserIDHint 

func GetUserIDHint(ctx context.Context) string

func JSONPointerForOneOf 

func JSONPointerForOneOf(p jsonpointer.T, index int) jsonpointer.T

func JSONPointerForStep 

func JSONPointerForStep(p jsonpointer.T, index int) jsonpointer.T

func JSONPointerSubtract 

func JSONPointerSubtract(p1 jsonpointer.T, p2 jsonpointer.T) jsonpointer.T

func JSONPointerToParent 

func JSONPointerToParent(p jsonpointer.T) jsonpointer.T

func NewWebsocketChannelName 

func NewWebsocketChannelName() string

func RegisterFlow 

func RegisterFlow(flow PublicFlow)

RegisterFlow is for registering a flow.

func RegisterIntent 

func RegisterIntent(intent Intent)

func RegisterNode 

func RegisterNode(node NodeSimple)

func TraverseFlow 

func TraverseFlow(t Traverser, w *Flow) error

func TraverseNode 

func TraverseNode(t Traverser, w *Flow, n *Node) error

func WebsocketChannelName 

func WebsocketChannelName(r *http.Request) string

func WebsocketURL 

func WebsocketURL(origin string, channel string) (websocketURL string, err error)

Types

type AccountMigrationService 

type AccountMigrationService interface {
	Run(migrationTokenString string) (*accountmigration.HookResponse, error)
}

type AnonymousIdentityService 

type AnonymousIdentityService interface {
	Get(userID string, id string) (*identity.Anonymous, error)
	ParseRequestUnverified(requestJWT string) (*anonymous.Request, error)
	GetByKeyID(keyID string) (*identity.Anonymous, error)
	ParseRequest(requestJWT string, identity *identity.Anonymous) (*anonymous.Request, error)
}

type AnonymousUserPromotionCodeStore 

type AnonymousUserPromotionCodeStore interface {
	GetPromotionCode(codeHash string) (*anonymous.PromotionCode, error)
	DeletePromotionCode(code *anonymous.PromotionCode) error
}

type AuthenticationInfoEntryGetter 

type AuthenticationInfoEntryGetter interface {
	GetAuthenticationInfoEntry(ctx context.Context, deps *Dependencies, flows Flows) *authenticationinfo.Entry
}

type AuthenticationInfoService 

type AuthenticationInfoService interface {
	Save(entry *authenticationinfo.Entry) error
}

type AuthenticatorService 

type AuthenticatorService interface {
	NewWithAuthenticatorID(authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error)
	Get(authenticatorID string) (*authenticator.Info, error)
	Create(authenticatorInfo *authenticator.Info, markVerified bool) error
	Update(authenticatorInfo *authenticator.Info) error
	List(userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error)
	WithSpec(authenticatorInfo *authenticator.Info, spec *authenticator.Spec) (changed bool, info *authenticator.Info, err error)
	VerifyWithSpec(info *authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (verifyResult *service.VerifyResult, err error)
	VerifyOneWithSpec(userID string, authenticatorType model.AuthenticatorType, infos []*authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (info *authenticator.Info, verifyResult *service.VerifyResult, err error)
	ClearLockoutAttempts(userID string, usedMethods []config.AuthenticationLockoutMethod) error
}

type CaptchaService 

type CaptchaService interface {
	VerifyToken(token string) error
}

type ChallengeService 

type ChallengeService interface {
	Consume(token string) (*challenge.Purpose, error)
	Get(token string) (*challenge.Challenge, error)
}

type CookieGetter 

type CookieGetter interface {
	GetCookies(ctx context.Context, deps *Dependencies, flows Flows) ([]*http.Cookie, error)
}

type CookieManager 

type CookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
	ValueCookie(def *httputil.CookieDef, value string) *http.Cookie
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type CustomAttrsService 

type CustomAttrsService interface {
	UpdateCustomAttributesWithList(role accesscontrol.Role, userID string, attrs attrs.List) error
}

type Data 

type Data interface {
	Data()
}

Data is a marker. Ensure all data is a struct, not an ad-hoc map.

type DataFinishRedirectURI 

type DataFinishRedirectURI struct {
	FinishRedirectURI string `json:"finish_redirect_uri,omitempty"`
}

func (*DataFinishRedirectURI) Data 

func (*DataFinishRedirectURI) Data()

type DataOutputer 

type DataOutputer interface {
	InputReactor
	OutputData(ctx context.Context, deps *Dependencies, flows Flows) (Data, error)
}

DataOutputer is an InputReactor. The data it outputs allow the caller to proceed.

type Dependencies 

type Dependencies struct {
	Config        *config.AppConfig
	FeatureConfig *config.FeatureConfig

	Clock      clock.Clock
	RemoteIP   httputil.RemoteIP
	HTTPOrigin httputil.HTTPOrigin

	HTTPRequest *http.Request

	Users                           UserService
	Identities                      IdentityService
	AnonymousIdentities             AnonymousIdentityService
	AnonymousUserPromotionCodeStore AnonymousUserPromotionCodeStore
	Authenticators                  AuthenticatorService
	MFA                             MFAService
	StdAttrsService                 StdAttrsService
	CustomAttrsService              CustomAttrsService
	OTPCodes                        OTPCodeService
	OTPSender                       OTPSender
	Verification                    VerificationService
	ForgotPassword                  ForgotPasswordService
	ResetPassword                   ResetPasswordService
	AccountMigrations               AccountMigrationService
	Challenges                      ChallengeService
	Captcha                         CaptchaService
	OAuthProviderFactory            OAuthProviderFactory
	PasskeyRequestOptionsService    PasskeyRequestOptionsService
	PasskeyCreationOptionsService   PasskeyCreationOptionsService
	PasskeyService                  PasskeyService

	IDPSessions          IDPSessionService
	Sessions             SessionService
	AuthenticationInfos  AuthenticationInfoService
	SessionCookie        session.CookieDef
	MFADeviceTokenCookie mfa.CookieDef

	Cookies CookieManager

	Events      EventService
	RateLimiter RateLimiter

	OfflineGrants OfflineGrantStore
	IDTokens      IDTokenService
}

type Effect 

type Effect interface {
	// contains filtered or unexported methods
}

type EffectGetter 

type EffectGetter interface {
	GetEffects(ctx context.Context, deps *Dependencies, flows Flows) (effs []Effect, err error)
}

type EndOfFlowDataOutputer 

type EndOfFlowDataOutputer interface {
	PublicFlow
	OutputEndOfFlowData(ctx context.Context, deps *Dependencies, flows Flows, baseData *DataFinishRedirectURI) (Data, error)
}

EndOfFlowDataOutputer is an optional interface to be implemented by PublicFlow. The implementation MUST return a Data that contains baseData.

type ErrorSwitchFlow 

type ErrorSwitchFlow struct {
	// FlowReference indicates the flow to switch to.
	FlowReference FlowReference
	// SyntheticInput advance the switched flow at the current state.
	// It MUST include the input that triggers this error.
	SyntheticInput Input
}

ErrorSwitchFlow is a special error for switching flow.

func (*ErrorSwitchFlow) Error 

func (e *ErrorSwitchFlow) Error() string

type Event 

type Event interface {
	// contains filtered or unexported methods
}

type EventKind 

type EventKind string
const (
	// EventKindRefresh indicates client should re-fetch current state of flow for updated state.
	EventKindRefresh EventKind = "refresh"
)

type EventRefresh 

type EventRefresh struct {
	Kind EventKind `json:"kind"`
}

func NewEventRefresh 

func NewEventRefresh() *EventRefresh

type EventService 

type EventService interface {
	DispatchEventOnCommit(payload event.Payload) error
	DispatchEventImmediately(payload event.NonBlockingPayload) error
}

type FindInputReactorResult 

type FindInputReactorResult struct {
	Flows        Flows
	InputReactor InputReactor
	InputSchema  InputSchema
}

func FindInputReactor 

func FindInputReactor(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)

func FindInputReactorForFlow 

func FindInputReactorForFlow(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)

func FindInputReactorForNode 

func FindInputReactorForNode(ctx context.Context, deps *Dependencies, flows Flows, n *Node) (*FindInputReactorResult, error)

type Flow 

type Flow struct {
	FlowID     string
	StateToken string
	Intent     Intent
	Nodes      []Node
}

func CloneFlow 

func CloneFlow(w *Flow) *Flow

func FindTargetStep 

func FindTargetStep(w *Flow, name string) (out *Flow, err error)

func NewFlow 

func NewFlow(flowID string, intent Intent) *Flow

func (*Flow) MarshalJSON 

func (w *Flow) MarshalJSON() ([]byte, error)

func (*Flow) UnmarshalJSON 

func (w *Flow) UnmarshalJSON(d []byte) (err error)

type FlowAction 

type FlowAction struct {
	Type           FlowActionType                          `json:"type"`
	Identification config.AuthenticationFlowIdentification `json:"identification,omitempty"`
	Authentication config.AuthenticationFlowAuthentication `json:"authentication,omitempty"`
	Data           Data                                    `json:"data,omitempty"`
}

FlowAction is an API object.

func GetFlowAction 

func GetFlowAction(flowRootObject config.AuthenticationFlowObject, pointer jsonpointer.T) *FlowAction

type FlowActionType 

type FlowActionType string
const (
	FlowActionTypeFinished FlowActionType = "finished"
)

func FlowActionTypeFromStepType 

func FlowActionTypeFromStepType(t config.AuthenticationFlowStepType) FlowActionType

type FlowAllowlist 

type FlowAllowlist struct {
	DefinedGroups []*config.UIAuthenticationFlowGroup
	AllowedGroups []*config.AuthenticationFlowAllowlistGroup
	AllowedFlows  []*config.AuthenticationFlowAllowlistFlow
}

FlowAllowlist contains union of flow group and flow allowlist.

func NewFlowAllowlist 

func NewFlowAllowlist(allowlist *config.AuthenticationFlowAllowlist, definedGroups []*config.UIAuthenticationFlowGroup) FlowAllowlist

func (FlowAllowlist) CanCreateFlow 

func (a FlowAllowlist) CanCreateFlow(flowReference FlowReference) bool

func (FlowAllowlist) DeriveFlowNameForDefaultUI 

func (a FlowAllowlist) DeriveFlowNameForDefaultUI(flowType FlowType, flowGroup string) (string, error)

type FlowReference 

type FlowReference struct {
	Type FlowType `json:"type"`
	Name string   `json:"name"`
}

FlowReference is an API object.

func GetFlowReference 

func GetFlowReference(ctx context.Context) FlowReference

type FlowResponse 

type FlowResponse struct {
	StateToken string      `json:"state_token"`
	Type       FlowType    `json:"type,omitempty"`
	Name       string      `json:"name,omitempty"`
	Action     *FlowAction `json:"action,omitempty"`
}

FlowResponse is an API object.

type FlowType 

type FlowType string

FlowType denotes the type of the intents. 

const (
	FlowTypeSignup          FlowType = "signup"
	FlowTypePromote         FlowType = "promote"
	FlowTypeLogin           FlowType = "login"
	FlowTypeSignupLogin     FlowType = "signup_login"
	FlowTypeReauth          FlowType = "reauth"
	FlowTypeAccountRecovery FlowType = "account_recovery"
)

type Flows 

type Flows struct {
	Root    *Flow
	Nearest *Flow
}

func NewFlows 

func NewFlows(root *Flow) Flows

func (Flows) Replace 

func (w Flows) Replace(nearest *Flow) Flows

type ForgotPasswordService 

type ForgotPasswordService interface {
	SendCode(loginID string, options *forgotpassword.CodeOptions) error
	IsRateLimitError(err error, target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) bool
	CodeLength(target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) int
	InspectState(target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) (*otp.State, error)
}

type IDPSessionService 

type IDPSessionService interface {
	MakeSession(*session.Attrs) (*idpsession.IDPSession, string)
	Create(*idpsession.IDPSession) error
	Reauthenticate(idpSessionID string, amr []string) error
}

type IDTokenService 

type IDTokenService interface {
	VerifyIDTokenHintWithoutClient(idTokenHint string) (jwt.Token, error)
}

type IdentityService 

type IdentityService interface {
	Get(id string) (*identity.Info, error)
	SearchBySpec(spec *identity.Spec) (exactMatch *identity.Info, otherMatches []*identity.Info, err error)
	ListByClaim(name string, value string) ([]*identity.Info, error)
	ListByUser(userID string) ([]*identity.Info, error)
	New(userID string, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)
	UpdateWithSpec(is *identity.Info, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)
	CheckDuplicated(info *identity.Info) (*identity.Info, error)
	Create(is *identity.Info) error
	Update(oldIs *identity.Info, newIs *identity.Info) error
	Delete(is *identity.Info) error
}

type Input 

type Input interface {
	Input()
}

Input is a marker to signify some struct is an Input.

type InputReactor 

type InputReactor interface {
	CanReactTo(ctx context.Context, deps *Dependencies, flows Flows) (InputSchema, error)
	ReactTo(ctx context.Context, deps *Dependencies, flows Flows, input Input) (*Node, error)
}

InputReactor, if can react to some input, must return an InputSchema. It must react to the Input produced by its InputSchema. As a special case, CanReactTo can return a nil InputSchema, which means the InputReactor can react to a nil Input.

type InputSchema 

type InputSchema interface {
	GetJSONPointer() jsonpointer.T
	SchemaBuilder() validation.SchemaBuilder
	// MakeInput MUST return *validation.AggregateError if rawMessage does not validate against the JSON schema.
	MakeInput(rawMessage json.RawMessage) (Input, error)
}

InputSchema validates and parses the input. It is associated with a json pointer which points to the a step, or a branch of a step.

type InputTakeAccountRecoveryCode 

type InputTakeAccountRecoveryCode struct {
	AccountRecoveryCode string `json:"account_recovery_code"`
}

func MakeInputTakeAccountRecoveryCode 

func MakeInputTakeAccountRecoveryCode(rawMessage json.RawMessage) (*InputTakeAccountRecoveryCode, bool)

type InputUnwrapper 

type InputUnwrapper interface {
	Unwrap() Input
}

InputUnwrapper is for advanced usage. This usage is not used at the moment.

type Intent 

type Intent interface {
	Kinder
	InputReactor
}

func InstantiateIntent 

func InstantiateIntent(kind string) (Intent, error)

type IntlMiddleware 

type IntlMiddleware struct{}

func (*IntlMiddleware) Handle 

func (m *IntlMiddleware) Handle(next http.Handler) http.Handler

type JSONResponseWriter 

type JSONResponseWriter interface {
	WriteResponse(rw http.ResponseWriter, resp *api.Response)
}

type Kinder 

type Kinder interface {
	Kind() string
}

type MFAService 

type MFAService interface {
	GenerateRecoveryCodes() []string
	ListRecoveryCodes(userID string) ([]*mfa.RecoveryCode, error)
	ReplaceRecoveryCodes(userID string, codes []string) ([]*mfa.RecoveryCode, error)
	VerifyRecoveryCode(userID string, code string) (*mfa.RecoveryCode, error)
	ConsumeRecoveryCode(c *mfa.RecoveryCode) error

	GenerateDeviceToken() string
	CreateDeviceToken(userID string, token string) (*mfa.DeviceToken, error)
	VerifyDeviceToken(userID string, deviceToken string) error
}

type Milestone 

type Milestone interface {
	Milestone()
}

Milestone is a marker. The designed use case is to find out whether a particular milestone exists in the flow, or any of its subflows.

type Node 

type Node struct {
	Type    NodeType   `json:"type"`
	Simple  NodeSimple `json:"simple,omitempty"`
	SubFlow *Flow      `json:"flow,omitempty"`
}

func CloneNode 

func CloneNode(n *Node) *Node

func NewNodeSimple 

func NewNodeSimple(simple NodeSimple) *Node

func NewSubFlow 

func NewSubFlow(intent Intent) *Node

func (*Node) MarshalJSON 

func (n *Node) MarshalJSON() ([]byte, error)

func (*Node) UnmarshalJSON 

func (n *Node) UnmarshalJSON(d []byte) (err error)

type NodeSimple 

type NodeSimple interface {
	Kinder
}

func InstantiateNode 

func InstantiateNode(kind string) (NodeSimple, error)

type NodeType 

type NodeType string
const (
	NodeTypeSimple  NodeType = "SIMPLE"
	NodeTypeSubFlow NodeType = "SUB_FLOW"
)

type OAuthClientResolver 

type OAuthClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type OAuthProviderFactory 

type OAuthProviderFactory interface {
	NewOAuthProvider(alias string) sso.OAuthProvider
}

type OTPCodeService 

type OTPCodeService interface {
	GenerateOTP(kind otp.Kind, target string, form otp.Form, opt *otp.GenerateOptions) (string, error)
	VerifyOTP(kind otp.Kind, target string, otp string, opts *otp.VerifyOptions) error
	InspectState(kind otp.Kind, target string) (*otp.State, error)

	LookupCode(purpose otp.Purpose, code string) (target string, err error)
	SetSubmittedCode(kind otp.Kind, target string, code string) (*otp.State, error)
}

type OTPSender 

type OTPSender interface {
	Prepare(channel model.AuthenticatorOOBChannel, target string, form otp.Form, typ otp.MessageType) (*otp.PreparedMessage, error)
	Send(msg *otp.PreparedMessage, opts otp.SendOptions) error
}

type OfflineGrantStore 

type OfflineGrantStore interface {
	ListClientOfflineGrants(clientID string, userID string) ([]*oauth.OfflineGrant, error)
}

type OnCommitEffect 

type OnCommitEffect func(ctx context.Context, deps *Dependencies) error

type PasskeyCreationOptionsService 

type PasskeyCreationOptionsService interface {
	MakeCreationOptions(userID string) (*model.WebAuthnCreationOptions, error)
}

type PasskeyRequestOptionsService 

type PasskeyRequestOptionsService interface {
	MakeModalRequestOptions() (*model.WebAuthnRequestOptions, error)
	MakeModalRequestOptionsWithUser(userID string) (*model.WebAuthnRequestOptions, error)
}

type PasskeyService 

type PasskeyService interface {
	ConsumeAttestationResponse(attestationResponse []byte) (err error)
	ConsumeAssertionResponse(assertionResponse []byte) (err error)
}

type PublicFlow 

type PublicFlow interface {
	Intent
	FlowType() FlowType
	FlowInit(r FlowReference, startFrom jsonpointer.T)
	FlowFlowReference() FlowReference
	FlowRootObject(deps *Dependencies) (config.AuthenticationFlowObject, error)
}

PublicFlow is a instantiable intent by the public.

func InstantiateFlow 

func InstantiateFlow(f FlowReference, startFrom jsonpointer.T) (PublicFlow, error)

InstantiateFlow is used by the HTTP layer to instantiate a Flow.

type RateLimitMiddleware 

type RateLimitMiddleware struct {
	RateLimiter RateLimiter
	RemoteIP    httputil.RemoteIP
	JSON        JSONResponseWriter
	Config      *config.AppConfig
}

func (*RateLimitMiddleware) Handle 

func (m *RateLimitMiddleware) Handle(next http.Handler) http.Handler

type RateLimiter 

type RateLimiter interface {
	Allow(spec ratelimit.BucketSpec) error
	Reserve(spec ratelimit.BucketSpec) *ratelimit.Reservation
	Cancel(r *ratelimit.Reservation)
}

type ResetPasswordService 

type ResetPasswordService interface {
	VerifyCode(code string) (state *otp.State, err error)
	VerifyCodeWithTarget(target string, code string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) (state *otp.State, err error)
	ResetPassword(code string, newPassword string) error
	ResetPasswordWithTarget(target string, code string, newPassword string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) error
}

type RunEffect 

type RunEffect func(ctx context.Context, deps *Dependencies) error

type Service 

type Service struct {
	ContextDoNotUseDirectly context.Context
	Deps                    *Dependencies
	Logger                  ServiceLogger
	Store                   Store
	Database                ServiceDatabase
	UIConfig                *config.UIConfig
	UIInfoResolver          ServiceUIInfoResolver
	OAuthClientResolver     OAuthClientResolver
}

func (*Service) CreateNewFlow 

func (s *Service) CreateNewFlow(publicFlow PublicFlow, sessionOptions *SessionOptions) (output *ServiceOutput, err error)

func (*Service) FeedInput 

func (s *Service) FeedInput(stateToken string, rawMessage json.RawMessage) (output *ServiceOutput, err error)

func (*Service) FeedSyntheticInput 

func (s *Service) FeedSyntheticInput(stateToken string, syntheticInput Input) (output *ServiceOutput, err error)

func (*Service) Get 

func (s *Service) Get(stateToken string) (output *ServiceOutput, err error)

type ServiceDatabase 

type ServiceDatabase interface {
	WithTx(do func() error) (err error)
	ReadOnly(do func() error) (err error)
}

type ServiceLogger 

type ServiceLogger struct{ *log.Logger }

func NewServiceLogger 

func NewServiceLogger(lf *log.Factory) ServiceLogger

type ServiceOutput 

type ServiceOutput struct {
	Session       *Session
	SessionOutput *SessionOutput
	Flow          *Flow

	FlowReference *FlowReference
	Finished      bool
	FlowAction    *FlowAction

	Cookies []*http.Cookie
}

func (*ServiceOutput) ToFlowResponse 

func (o *ServiceOutput) ToFlowResponse() FlowResponse

type ServiceUIInfoResolver 

type ServiceUIInfoResolver interface {
	SetAuthenticationInfoInQuery(redirectURI string, e *authenticationinfo.Entry) string
}

type Session 

type Session struct {
	FlowID string `json:"flow_id"`

	OAuthSessionID string `json:"oauth_session_id,omitempty"`

	ClientID    string   `json:"client_id,omitempty"`
	RedirectURI string   `json:"redirect_uri,omitempty"`
	Prompt      []string `json:"prompt,omitempty"`
	State       string   `json:"state,omitempty"`
	XState      string   `json:"x_state,omitempty"`
	UILocales   string   `json:"ui_locales,omitempty"`

	IDToken                  string `json:"id_token,omitempty"`
	SuppressIDPSessionCookie bool   `json:"suppress_idp_session_cookie,omitempty"`
	UserIDHint               string `json:"user_id_hint,omitempty"`
	LoginHint                string `json:"login_hint,omitempty"`
}

Session must not contain web session ID. This is to ensure webapp does not have privilege in authflow.

func NewSession 

func NewSession(opts *SessionOptions) *Session

func (*Session) MakeContext 

func (s *Session) MakeContext(ctx context.Context, deps *Dependencies, publicFlow PublicFlow) (context.Context, error)

func (*Session) ToOutput 

func (s *Session) ToOutput() *SessionOutput

type SessionOptions 

type SessionOptions struct {
	OAuthSessionID string

	ClientID    string
	RedirectURI string
	Prompt      []string
	State       string
	XState      string
	UILocales   string

	IDToken                  string
	SuppressIDPSessionCookie bool
	UserIDHint               string
	LoginHint                string
}

func (*SessionOptions) PartiallyMergeFrom 

func (s *SessionOptions) PartiallyMergeFrom(o *SessionOptions) *SessionOptions

type SessionOutput 

type SessionOutput struct {
	FlowID      string `json:"flow_id"`
	ClientID    string `json:"client_id,omitempty"`
	RedirectURI string `json:"redirect_uri,omitempty"`
}

type SessionService 

type SessionService interface {
	RevokeWithoutEvent(session.Session) error
}

type StdAttrsService 

type StdAttrsService interface {
	PopulateStandardAttributes(userID string, iden *identity.Info) error
	UpdateStandardAttributesWithList(role accesscontrol.Role, userID string, attrs attrs.List) error
}

type Store 

type Store interface {
	CreateSession(session *Session) error
	GetSession(flowID string) (*Session, error)
	DeleteSession(session *Session) error

	CreateFlow(flow *Flow) error
	GetFlowByStateToken(stateToken string) (*Flow, error)
	DeleteFlow(flow *Flow) error
}

type StoreImpl 

type StoreImpl struct {
	Redis   *appredis.Handle
	AppID   config.AppID
	Context context.Context
}

func (*StoreImpl) CreateFlow 

func (s *StoreImpl) CreateFlow(flow *Flow) error

func (*StoreImpl) CreateSession 

func (s *StoreImpl) CreateSession(session *Session) error

func (*StoreImpl) DeleteFlow 

func (s *StoreImpl) DeleteFlow(flow *Flow) error

func (*StoreImpl) DeleteSession 

func (s *StoreImpl) DeleteSession(session *Session) error

func (*StoreImpl) GetFlowByStateToken 

func (s *StoreImpl) GetFlowByStateToken(stateToken string) (*Flow, error)

func (*StoreImpl) GetSession 

func (s *StoreImpl) GetSession(flowID string) (*Session, error)

type TargetStep 

type TargetStep interface {
	GetName() string
	GetJSONPointer() jsonpointer.T
}

type TraverseEntry 

type TraverseEntry struct {
	FlowObject  config.AuthenticationFlowObject
	JSONPointer jsonpointer.T
	Name        string
	FieldName   string
	Index       int
}

func Traverse 

func Traverse(o config.AuthenticationFlowObject, pointer jsonpointer.T) ([]TraverseEntry, error)

type Traverser 

type Traverser struct {
	Intent     func(intent Intent, w *Flow) error
	NodeSimple func(nodeSimple NodeSimple, w *Flow) error
}

type UserService 

type UserService interface {
	Get(id string, role accesscontrol.Role) (*model.User, error)
	GetRaw(id string) (*user.User, error)
	Create(userID string) (*user.User, error)
	UpdateLoginTime(userID string, t time.Time) error
	AfterCreate(
		user *user.User,
		identities []*identity.Info,
		authenticators []*authenticator.Info,
		isAdminAPI bool,
	) error
}

type VerificationService 

type VerificationService interface {
	GetClaimStatus(userID string, claimName model.ClaimName, claimValue string) (*verification.ClaimStatus, error)
	GetIdentityVerificationStatus(i *identity.Info) ([]verification.ClaimStatus, error)
	NewVerifiedClaim(userID string, claimName string, claimValue string) *verification.Claim
	MarkClaimVerified(claim *verification.Claim) error
}

type WebsocketEventStore 

type WebsocketEventStore struct {
	AppID       config.AppID
	RedisHandle *appredis.Handle
	Store       Store
	// contains filtered or unexported fields
}

func NewWebsocketEventStore 

func NewWebsocketEventStore(appID config.AppID, handle *appredis.Handle, store Store) *WebsocketEventStore

func (*WebsocketEventStore) ChannelName 

func (s *WebsocketEventStore) ChannelName(websocketChannelName string) string

func (*WebsocketEventStore) Publish 

func (s *WebsocketEventStore) Publish(websocketChannelName string, e Event) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.