Documentation ¶
Index ¶
- Constants
- Variables
- func Accept(ctx context.Context, deps *Dependencies, flows Flows, ...) (err error)
- func AcceptSyntheticInput(ctx context.Context, deps *Dependencies, flows Flows, syntheticInput Input) (err error)
- func ApplyAllEffects(ctx context.Context, deps *Dependencies, flows Flows) error
- func ApplyRunEffects(ctx context.Context, deps *Dependencies, flows Flows) error
- func AsInput(i Input, iface interface{}) bool
- func CollectCookies(ctx context.Context, deps *Dependencies, flows Flows) (cookies []*http.Cookie, err error)
- func FindAllMilestones[T Milestone](w *Flow) []T
- func FindMilestone[T Milestone](w *Flow) (T, bool)
- func FlowObject(flowRootObject config.AuthenticationFlowObject, pointer jsonpointer.T) (config.AuthenticationFlowObject, error)
- func FlowObjectGetName(o config.AuthenticationFlowObject) string
- func FlowObjectGetOneOf(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)
- func FlowObjectGetSteps(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)
- func GetAuthenticationInfoEntry(ctx context.Context, deps *Dependencies, flows Flows) (*authenticationinfo.Entry, bool)
- func GetCurrentObject(entries []TraverseEntry) (config.AuthenticationFlowObject, error)
- func GetFlowID(ctx context.Context) string
- func GetFlowRootObject(ctx context.Context) config.AuthenticationFlowObject
- func GetIDToken(ctx context.Context) string
- func GetLoginHint(ctx context.Context) string
- func GetOAuthSessionID(ctx context.Context) string
- func GetSuppressIDPSessionCookie(ctx context.Context) bool
- func GetUserIDHint(ctx context.Context) string
- func JSONPointerForOneOf(p jsonpointer.T, index int) jsonpointer.T
- func JSONPointerForStep(p jsonpointer.T, index int) jsonpointer.T
- func JSONPointerSubtract(p1 jsonpointer.T, p2 jsonpointer.T) jsonpointer.T
- func JSONPointerToParent(p jsonpointer.T) jsonpointer.T
- func NewWebsocketChannelName() string
- func RegisterFlow(flow PublicFlow)
- func RegisterIntent(intent Intent)
- func RegisterNode(node NodeSimple)
- func TraverseFlow(t Traverser, w *Flow) error
- func TraverseNode(t Traverser, w *Flow, n *Node) error
- func WebsocketChannelName(r *http.Request) string
- func WebsocketURL(origin string, channel string) (websocketURL string, err error)
- type AccountMigrationService
- type AnonymousIdentityService
- type AnonymousUserPromotionCodeStore
- type AuthenticationInfoEntryGetter
- type AuthenticationInfoService
- type AuthenticatorService
- type CaptchaService
- type ChallengeService
- type CookieGetter
- type CookieManager
- type CustomAttrsService
- type Data
- type DataFinishRedirectURI
- type DataOutputer
- type Dependencies
- type Effect
- type EffectGetter
- type EndOfFlowDataOutputer
- type ErrorSwitchFlow
- type Event
- type EventKind
- type EventRefresh
- type EventService
- type FindInputReactorResult
- func FindInputReactor(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)
- func FindInputReactorForFlow(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)
- func FindInputReactorForNode(ctx context.Context, deps *Dependencies, flows Flows, n *Node) (*FindInputReactorResult, error)
- type Flow
- type FlowAction
- type FlowActionType
- type FlowAllowlist
- type FlowReference
- type FlowResponse
- type FlowType
- type Flows
- type ForgotPasswordService
- type IDPSessionService
- type IDTokenService
- type IdentityService
- type Input
- type InputReactor
- type InputSchema
- type InputTakeAccountRecoveryCode
- type InputUnwrapper
- type Intent
- type IntlMiddleware
- type JSONResponseWriter
- type Kinder
- type MFAService
- type Milestone
- type Node
- type NodeSimple
- type NodeType
- type OAuthClientResolver
- type OAuthProviderFactory
- type OTPCodeService
- type OTPSender
- type OfflineGrantStore
- type OnCommitEffect
- type PasskeyCreationOptionsService
- type PasskeyRequestOptionsService
- type PasskeyService
- type PublicFlow
- type RateLimitMiddleware
- type RateLimiter
- type ResetPasswordService
- type RunEffect
- type Service
- func (s *Service) CreateNewFlow(publicFlow PublicFlow, sessionOptions *SessionOptions) (output *ServiceOutput, err error)
- func (s *Service) FeedInput(stateToken string, rawMessage json.RawMessage) (output *ServiceOutput, err error)
- func (s *Service) FeedSyntheticInput(stateToken string, syntheticInput Input) (output *ServiceOutput, err error)
- func (s *Service) Get(stateToken string) (output *ServiceOutput, err error)
- type ServiceDatabase
- type ServiceLogger
- type ServiceOutput
- type ServiceUIInfoResolver
- type Session
- type SessionOptions
- type SessionOutput
- type SessionService
- type StdAttrsService
- type Store
- type StoreImpl
- func (s *StoreImpl) CreateFlow(flow *Flow) error
- func (s *StoreImpl) CreateSession(session *Session) error
- func (s *StoreImpl) DeleteFlow(flow *Flow) error
- func (s *StoreImpl) DeleteSession(session *Session) error
- func (s *StoreImpl) GetFlowByStateToken(stateToken string) (*Flow, error)
- func (s *StoreImpl) GetSession(flowID string) (*Session, error)
- type TargetStep
- type TraverseEntry
- type Traverser
- type UserService
- type VerificationService
- type WebsocketEventStore
Constants ¶
const ( JsonPointerTokenOneOf string = "one_of" JsonPointerTokenSteps string = "steps" )
const (
AuthowAPIPerIP ratelimit.BucketName = "AuthflowAPIPerIP"
)
const Lifetime = duration.UserInteraction
const (
WebsocketEndpointV1 = "/api/v1/authentication_flows/ws"
)
Variables ¶
var AllFlowTypes []FlowType = []FlowType{ FlowTypeSignup, FlowTypePromote, FlowTypeLogin, FlowTypeSignupLogin, FlowTypeReauth, FlowTypeAccountRecovery, }
var DependencySet = wire.NewSet( wire.Struct(new(Dependencies), "*"), NewServiceLogger, wire.Struct(new(Service), "*"), wire.Struct(new(StoreImpl), "*"), wire.Bind(new(Store), new(*StoreImpl)), wire.Struct(new(IntlMiddleware), "*"), wire.Struct(new(RateLimitMiddleware), "*"), NewWebsocketEventStore, )
var ErrEOF = errors.New("eof")
ErrEOF means end of flow. This error originates from CanReactTo and will be propagated to public API.
var ErrFlowNotAllowed = apierrors.Forbidden.WithReason("AuthenticationFlowNotAllowed").New("flow not allowed")
var ErrFlowNotFound = apierrors.NotFound.WithReason("AuthenticationFlowNotFound").New("flow not found")
var ErrIncompatibleInput = errors.New("incompatible input")
ErrIncompatibleInput means the input reactor cannot react to the input. This error can only be returned by ReactTo.
var ErrInvalidJSONPointer = errors.New("invalid json pointer")
var ErrNoChange = errors.New("no change")
ErrNoChange means the input does not cause the flow to change. This error originates from Accept and will be propagated to public API.
var ErrNoEntries = errors.New("no entries")
var ErrSameNode = errors.New("same node")
ErrSameNode means the input is reacted to, but no node is produced. This typically means the node has performed some immediate side effects. This error can only be returned by ReactTo.
var ErrStepNotFound = apierrors.NotFound.WithReason("AuthenticationFlowStepNotFound").New("step not found")
var ErrUnknownFlow = apierrors.BadRequest.WithReason("AuthenticationFlowUnknownFlow").New("unknown flow")
var ErrUpdateNode = errors.New("update node")
ErrUpdateNode means the input is reacted to, but instead of producing a new node to be appended, the returned node should replace the node. This error can only be returned by ReactTo.
var InputTakeAccountRecoveryCodeSchemaBuilder validation.SchemaBuilder
Functions ¶
func Accept ¶
func Accept(ctx context.Context, deps *Dependencies, flows Flows, rawMessage json.RawMessage) (err error)
Accept executes the flow to the deepest using input. In addition to the errors caused by intents and nodes, ErrEOF and ErrNoChange can be returned.
func AcceptSyntheticInput ¶
func ApplyAllEffects ¶
func ApplyAllEffects(ctx context.Context, deps *Dependencies, flows Flows) error
func ApplyRunEffects ¶
func ApplyRunEffects(ctx context.Context, deps *Dependencies, flows Flows) error
func CollectCookies ¶
func FindAllMilestones ¶
func FindMilestone ¶
func FlowObject ¶
func FlowObject(flowRootObject config.AuthenticationFlowObject, pointer jsonpointer.T) (config.AuthenticationFlowObject, error)
func FlowObjectGetName ¶
func FlowObjectGetName(o config.AuthenticationFlowObject) string
func FlowObjectGetOneOf ¶
func FlowObjectGetOneOf(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)
func FlowObjectGetSteps ¶
func FlowObjectGetSteps(o config.AuthenticationFlowObject) ([]config.AuthenticationFlowObject, bool)
func GetAuthenticationInfoEntry ¶
func GetAuthenticationInfoEntry(ctx context.Context, deps *Dependencies, flows Flows) (*authenticationinfo.Entry, bool)
func GetCurrentObject ¶
func GetCurrentObject(entries []TraverseEntry) (config.AuthenticationFlowObject, error)
func GetFlowRootObject ¶
func GetFlowRootObject(ctx context.Context) config.AuthenticationFlowObject
func GetIDToken ¶
func GetLoginHint ¶
func GetOAuthSessionID ¶
func GetUserIDHint ¶
func JSONPointerForOneOf ¶
func JSONPointerForOneOf(p jsonpointer.T, index int) jsonpointer.T
func JSONPointerForStep ¶
func JSONPointerForStep(p jsonpointer.T, index int) jsonpointer.T
func JSONPointerSubtract ¶
func JSONPointerSubtract(p1 jsonpointer.T, p2 jsonpointer.T) jsonpointer.T
func JSONPointerToParent ¶
func JSONPointerToParent(p jsonpointer.T) jsonpointer.T
func NewWebsocketChannelName ¶
func NewWebsocketChannelName() string
func RegisterIntent ¶
func RegisterIntent(intent Intent)
func RegisterNode ¶
func RegisterNode(node NodeSimple)
func TraverseFlow ¶
func WebsocketChannelName ¶
Types ¶
type AccountMigrationService ¶
type AccountMigrationService interface {
Run(migrationTokenString string) (*accountmigration.HookResponse, error)
}
type AnonymousIdentityService ¶
type AnonymousIdentityService interface { Get(userID string, id string) (*identity.Anonymous, error) ParseRequestUnverified(requestJWT string) (*anonymous.Request, error) GetByKeyID(keyID string) (*identity.Anonymous, error) ParseRequest(requestJWT string, identity *identity.Anonymous) (*anonymous.Request, error) }
type AnonymousUserPromotionCodeStore ¶
type AnonymousUserPromotionCodeStore interface { GetPromotionCode(codeHash string) (*anonymous.PromotionCode, error) DeletePromotionCode(code *anonymous.PromotionCode) error }
type AuthenticationInfoEntryGetter ¶
type AuthenticationInfoEntryGetter interface {
GetAuthenticationInfoEntry(ctx context.Context, deps *Dependencies, flows Flows) *authenticationinfo.Entry
}
type AuthenticationInfoService ¶
type AuthenticationInfoService interface {
Save(entry *authenticationinfo.Entry) error
}
type AuthenticatorService ¶
type AuthenticatorService interface { NewWithAuthenticatorID(authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error) Get(authenticatorID string) (*authenticator.Info, error) Create(authenticatorInfo *authenticator.Info, markVerified bool) error Update(authenticatorInfo *authenticator.Info) error List(userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error) WithSpec(authenticatorInfo *authenticator.Info, spec *authenticator.Spec) (changed bool, info *authenticator.Info, err error) VerifyWithSpec(info *authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (verifyResult *service.VerifyResult, err error) VerifyOneWithSpec(userID string, authenticatorType model.AuthenticatorType, infos []*authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (info *authenticator.Info, verifyResult *service.VerifyResult, err error) ClearLockoutAttempts(userID string, usedMethods []config.AuthenticationLockoutMethod) error }
type CaptchaService ¶
type ChallengeService ¶
type CookieGetter ¶
type CookieManager ¶
type CustomAttrsService ¶
type Data ¶
type Data interface {
Data()
}
Data is a marker. Ensure all data is a struct, not an ad-hoc map.
type DataFinishRedirectURI ¶
type DataFinishRedirectURI struct {
FinishRedirectURI string `json:"finish_redirect_uri,omitempty"`
}
func (*DataFinishRedirectURI) Data ¶
func (*DataFinishRedirectURI) Data()
type DataOutputer ¶
type DataOutputer interface { InputReactor OutputData(ctx context.Context, deps *Dependencies, flows Flows) (Data, error) }
DataOutputer is an InputReactor. The data it outputs allow the caller to proceed.
type Dependencies ¶
type Dependencies struct { Config *config.AppConfig FeatureConfig *config.FeatureConfig Clock clock.Clock RemoteIP httputil.RemoteIP HTTPOrigin httputil.HTTPOrigin HTTPRequest *http.Request Users UserService Identities IdentityService AnonymousIdentities AnonymousIdentityService AnonymousUserPromotionCodeStore AnonymousUserPromotionCodeStore Authenticators AuthenticatorService MFA MFAService StdAttrsService StdAttrsService CustomAttrsService CustomAttrsService OTPCodes OTPCodeService OTPSender OTPSender Verification VerificationService ForgotPassword ForgotPasswordService ResetPassword ResetPasswordService AccountMigrations AccountMigrationService Challenges ChallengeService Captcha CaptchaService OAuthProviderFactory OAuthProviderFactory PasskeyRequestOptionsService PasskeyRequestOptionsService PasskeyCreationOptionsService PasskeyCreationOptionsService PasskeyService PasskeyService IDPSessions IDPSessionService Sessions SessionService AuthenticationInfos AuthenticationInfoService SessionCookie session.CookieDef MFADeviceTokenCookie mfa.CookieDef Cookies CookieManager Events EventService RateLimiter RateLimiter OfflineGrants OfflineGrantStore IDTokens IDTokenService }
type EffectGetter ¶
type EndOfFlowDataOutputer ¶
type EndOfFlowDataOutputer interface { PublicFlow OutputEndOfFlowData(ctx context.Context, deps *Dependencies, flows Flows, baseData *DataFinishRedirectURI) (Data, error) }
EndOfFlowDataOutputer is an optional interface to be implemented by PublicFlow. The implementation MUST return a Data that contains baseData.
type ErrorSwitchFlow ¶
type ErrorSwitchFlow struct { // FlowReference indicates the flow to switch to. FlowReference FlowReference // SyntheticInput advance the switched flow at the current state. // It MUST include the input that triggers this error. SyntheticInput Input }
ErrorSwitchFlow is a special error for switching flow.
func (*ErrorSwitchFlow) Error ¶
func (e *ErrorSwitchFlow) Error() string
type EventKind ¶
type EventKind string
const ( // EventKindRefresh indicates client should re-fetch current state of flow for updated state. EventKindRefresh EventKind = "refresh" )
type EventRefresh ¶
type EventRefresh struct {
Kind EventKind `json:"kind"`
}
func NewEventRefresh ¶
func NewEventRefresh() *EventRefresh
type EventService ¶
type FindInputReactorResult ¶
type FindInputReactorResult struct { Flows Flows InputReactor InputReactor InputSchema InputSchema }
func FindInputReactor ¶
func FindInputReactor(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)
func FindInputReactorForFlow ¶
func FindInputReactorForFlow(ctx context.Context, deps *Dependencies, flows Flows) (*FindInputReactorResult, error)
func FindInputReactorForNode ¶
func FindInputReactorForNode(ctx context.Context, deps *Dependencies, flows Flows, n *Node) (*FindInputReactorResult, error)
type FlowAction ¶
type FlowAction struct { Type FlowActionType `json:"type"` Identification config.AuthenticationFlowIdentification `json:"identification,omitempty"` Authentication config.AuthenticationFlowAuthentication `json:"authentication,omitempty"` Data Data `json:"data,omitempty"` }
FlowAction is an API object.
func GetFlowAction ¶
func GetFlowAction(flowRootObject config.AuthenticationFlowObject, pointer jsonpointer.T) *FlowAction
type FlowActionType ¶
type FlowActionType string
const (
FlowActionTypeFinished FlowActionType = "finished"
)
func FlowActionTypeFromStepType ¶
func FlowActionTypeFromStepType(t config.AuthenticationFlowStepType) FlowActionType
type FlowAllowlist ¶
type FlowAllowlist struct { DefinedGroups []*config.UIAuthenticationFlowGroup AllowedGroups []*config.AuthenticationFlowAllowlistGroup AllowedFlows []*config.AuthenticationFlowAllowlistFlow }
FlowAllowlist contains union of flow group and flow allowlist.
func NewFlowAllowlist ¶
func NewFlowAllowlist(allowlist *config.AuthenticationFlowAllowlist, definedGroups []*config.UIAuthenticationFlowGroup) FlowAllowlist
func (FlowAllowlist) CanCreateFlow ¶
func (a FlowAllowlist) CanCreateFlow(flowReference FlowReference) bool
func (FlowAllowlist) DeriveFlowNameForDefaultUI ¶
func (a FlowAllowlist) DeriveFlowNameForDefaultUI(flowType FlowType, flowGroup string) (string, error)
type FlowReference ¶
FlowReference is an API object.
func GetFlowReference ¶
func GetFlowReference(ctx context.Context) FlowReference
type FlowResponse ¶
type FlowResponse struct { StateToken string `json:"state_token"` Type FlowType `json:"type,omitempty"` Name string `json:"name,omitempty"` Action *FlowAction `json:"action,omitempty"` }
FlowResponse is an API object.
type ForgotPasswordService ¶
type ForgotPasswordService interface { SendCode(loginID string, options *forgotpassword.CodeOptions) error IsRateLimitError(err error, target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) bool CodeLength(target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) int InspectState(target string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) (*otp.State, error) }
type IDPSessionService ¶
type IDPSessionService interface { MakeSession(*session.Attrs) (*idpsession.IDPSession, string) Create(*idpsession.IDPSession) error Reauthenticate(idpSessionID string, amr []string) error }
type IDTokenService ¶
type IdentityService ¶
type IdentityService interface { Get(id string) (*identity.Info, error) SearchBySpec(spec *identity.Spec) (exactMatch *identity.Info, otherMatches []*identity.Info, err error) ListByClaim(name string, value string) ([]*identity.Info, error) ListByUser(userID string) ([]*identity.Info, error) New(userID string, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error) UpdateWithSpec(is *identity.Info, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error) CheckDuplicated(info *identity.Info) (*identity.Info, error) Create(is *identity.Info) error Update(oldIs *identity.Info, newIs *identity.Info) error Delete(is *identity.Info) error }
type InputReactor ¶
type InputReactor interface { CanReactTo(ctx context.Context, deps *Dependencies, flows Flows) (InputSchema, error) ReactTo(ctx context.Context, deps *Dependencies, flows Flows, input Input) (*Node, error) }
InputReactor, if can react to some input, must return an InputSchema. It must react to the Input produced by its InputSchema. As a special case, CanReactTo can return a nil InputSchema, which means the InputReactor can react to a nil Input.
type InputSchema ¶
type InputSchema interface { GetJSONPointer() jsonpointer.T SchemaBuilder() validation.SchemaBuilder // MakeInput MUST return *validation.AggregateError if rawMessage does not validate against the JSON schema. MakeInput(rawMessage json.RawMessage) (Input, error) }
InputSchema validates and parses the input. It is associated with a json pointer which points to the a step, or a branch of a step.
type InputTakeAccountRecoveryCode ¶
type InputTakeAccountRecoveryCode struct {
AccountRecoveryCode string `json:"account_recovery_code"`
}
func MakeInputTakeAccountRecoveryCode ¶
func MakeInputTakeAccountRecoveryCode(rawMessage json.RawMessage) (*InputTakeAccountRecoveryCode, bool)
type InputUnwrapper ¶
type InputUnwrapper interface {
Unwrap() Input
}
InputUnwrapper is for advanced usage. This usage is not used at the moment.
type IntlMiddleware ¶
type IntlMiddleware struct{}
type JSONResponseWriter ¶
type JSONResponseWriter interface {
WriteResponse(rw http.ResponseWriter, resp *api.Response)
}
type MFAService ¶
type MFAService interface { GenerateRecoveryCodes() []string ListRecoveryCodes(userID string) ([]*mfa.RecoveryCode, error) ReplaceRecoveryCodes(userID string, codes []string) ([]*mfa.RecoveryCode, error) VerifyRecoveryCode(userID string, code string) (*mfa.RecoveryCode, error) ConsumeRecoveryCode(c *mfa.RecoveryCode) error GenerateDeviceToken() string CreateDeviceToken(userID string, token string) (*mfa.DeviceToken, error) VerifyDeviceToken(userID string, deviceToken string) error }
type Milestone ¶
type Milestone interface {
Milestone()
}
Milestone is a marker. The designed use case is to find out whether a particular milestone exists in the flow, or any of its subflows.
type Node ¶
type Node struct { Type NodeType `json:"type"` Simple NodeSimple `json:"simple,omitempty"` SubFlow *Flow `json:"flow,omitempty"` }
func NewNodeSimple ¶
func NewNodeSimple(simple NodeSimple) *Node
func NewSubFlow ¶
func (*Node) MarshalJSON ¶
func (*Node) UnmarshalJSON ¶
type NodeSimple ¶
type NodeSimple interface { Kinder }
func InstantiateNode ¶
func InstantiateNode(kind string) (NodeSimple, error)
type OAuthClientResolver ¶
type OAuthClientResolver interface {
ResolveClient(clientID string) *config.OAuthClientConfig
}
type OAuthProviderFactory ¶
type OAuthProviderFactory interface {
NewOAuthProvider(alias string) sso.OAuthProvider
}
type OTPCodeService ¶
type OTPCodeService interface { GenerateOTP(kind otp.Kind, target string, form otp.Form, opt *otp.GenerateOptions) (string, error) VerifyOTP(kind otp.Kind, target string, otp string, opts *otp.VerifyOptions) error InspectState(kind otp.Kind, target string) (*otp.State, error) LookupCode(purpose otp.Purpose, code string) (target string, err error) SetSubmittedCode(kind otp.Kind, target string, code string) (*otp.State, error) }
type OTPSender ¶
type OTPSender interface { Prepare(channel model.AuthenticatorOOBChannel, target string, form otp.Form, typ otp.MessageType) (*otp.PreparedMessage, error) Send(msg *otp.PreparedMessage, opts otp.SendOptions) error }
type OfflineGrantStore ¶
type OfflineGrantStore interface {
ListClientOfflineGrants(clientID string, userID string) ([]*oauth.OfflineGrant, error)
}
type OnCommitEffect ¶
type OnCommitEffect func(ctx context.Context, deps *Dependencies) error
type PasskeyCreationOptionsService ¶
type PasskeyCreationOptionsService interface {
MakeCreationOptions(userID string) (*model.WebAuthnCreationOptions, error)
}
type PasskeyRequestOptionsService ¶
type PasskeyRequestOptionsService interface { MakeModalRequestOptions() (*model.WebAuthnRequestOptions, error) MakeModalRequestOptionsWithUser(userID string) (*model.WebAuthnRequestOptions, error) }
type PasskeyService ¶
type PublicFlow ¶
type PublicFlow interface { Intent FlowType() FlowType FlowInit(r FlowReference, startFrom jsonpointer.T) FlowFlowReference() FlowReference FlowRootObject(deps *Dependencies) (config.AuthenticationFlowObject, error) }
PublicFlow is a instantiable intent by the public.
func InstantiateFlow ¶
func InstantiateFlow(f FlowReference, startFrom jsonpointer.T) (PublicFlow, error)
InstantiateFlow is used by the HTTP layer to instantiate a Flow.
type RateLimitMiddleware ¶
type RateLimitMiddleware struct { RateLimiter RateLimiter RemoteIP httputil.RemoteIP JSON JSONResponseWriter Config *config.AppConfig }
type RateLimiter ¶
type RateLimiter interface { Allow(spec ratelimit.BucketSpec) error Reserve(spec ratelimit.BucketSpec) *ratelimit.Reservation Cancel(r *ratelimit.Reservation) }
type ResetPasswordService ¶
type ResetPasswordService interface { VerifyCode(code string) (state *otp.State, err error) VerifyCodeWithTarget(target string, code string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) (state *otp.State, err error) ResetPassword(code string, newPassword string) error ResetPasswordWithTarget(target string, code string, newPassword string, channel forgotpassword.CodeChannel, kind forgotpassword.CodeKind) error }
type Service ¶
type Service struct { ContextDoNotUseDirectly context.Context Deps *Dependencies Logger ServiceLogger Store Store Database ServiceDatabase UIConfig *config.UIConfig UIInfoResolver ServiceUIInfoResolver OAuthClientResolver OAuthClientResolver }
func (*Service) CreateNewFlow ¶
func (s *Service) CreateNewFlow(publicFlow PublicFlow, sessionOptions *SessionOptions) (output *ServiceOutput, err error)
func (*Service) FeedInput ¶
func (s *Service) FeedInput(stateToken string, rawMessage json.RawMessage) (output *ServiceOutput, err error)
func (*Service) FeedSyntheticInput ¶
func (s *Service) FeedSyntheticInput(stateToken string, syntheticInput Input) (output *ServiceOutput, err error)
type ServiceDatabase ¶
type ServiceLogger ¶
func NewServiceLogger ¶
func NewServiceLogger(lf *log.Factory) ServiceLogger
type ServiceOutput ¶
type ServiceOutput struct { Session *Session SessionOutput *SessionOutput Flow *Flow FlowReference *FlowReference Finished bool FlowAction *FlowAction Cookies []*http.Cookie }
func (*ServiceOutput) ToFlowResponse ¶
func (o *ServiceOutput) ToFlowResponse() FlowResponse
type ServiceUIInfoResolver ¶
type ServiceUIInfoResolver interface {
SetAuthenticationInfoInQuery(redirectURI string, e *authenticationinfo.Entry) string
}
type Session ¶
type Session struct { FlowID string `json:"flow_id"` OAuthSessionID string `json:"oauth_session_id,omitempty"` ClientID string `json:"client_id,omitempty"` RedirectURI string `json:"redirect_uri,omitempty"` Prompt []string `json:"prompt,omitempty"` State string `json:"state,omitempty"` XState string `json:"x_state,omitempty"` UILocales string `json:"ui_locales,omitempty"` IDToken string `json:"id_token,omitempty"` SuppressIDPSessionCookie bool `json:"suppress_idp_session_cookie,omitempty"` UserIDHint string `json:"user_id_hint,omitempty"` LoginHint string `json:"login_hint,omitempty"` }
Session must not contain web session ID. This is to ensure webapp does not have privilege in authflow.
func NewSession ¶
func NewSession(opts *SessionOptions) *Session
func (*Session) MakeContext ¶
func (s *Session) MakeContext(ctx context.Context, deps *Dependencies, publicFlow PublicFlow) (context.Context, error)
func (*Session) ToOutput ¶
func (s *Session) ToOutput() *SessionOutput
type SessionOptions ¶
type SessionOptions struct { OAuthSessionID string ClientID string RedirectURI string Prompt []string State string XState string UILocales string IDToken string SuppressIDPSessionCookie bool UserIDHint string LoginHint string }
func (*SessionOptions) PartiallyMergeFrom ¶
func (s *SessionOptions) PartiallyMergeFrom(o *SessionOptions) *SessionOptions
type SessionOutput ¶
type SessionService ¶
type StdAttrsService ¶
type StoreImpl ¶
func (*StoreImpl) CreateFlow ¶
func (*StoreImpl) CreateSession ¶
func (*StoreImpl) DeleteFlow ¶
func (*StoreImpl) DeleteSession ¶
func (*StoreImpl) GetFlowByStateToken ¶
type TargetStep ¶
type TargetStep interface { GetName() string GetJSONPointer() jsonpointer.T }
type TraverseEntry ¶
type TraverseEntry struct { FlowObject config.AuthenticationFlowObject JSONPointer jsonpointer.T Name string FieldName string Index int }
func Traverse ¶
func Traverse(o config.AuthenticationFlowObject, pointer jsonpointer.T) ([]TraverseEntry, error)
type UserService ¶
type UserService interface { Get(id string, role accesscontrol.Role) (*model.User, error) GetRaw(id string) (*user.User, error) Create(userID string) (*user.User, error) UpdateLoginTime(userID string, t time.Time) error AfterCreate( user *user.User, identities []*identity.Info, authenticators []*authenticator.Info, isAdminAPI bool, ) error }
type VerificationService ¶
type VerificationService interface { GetClaimStatus(userID string, claimName model.ClaimName, claimValue string) (*verification.ClaimStatus, error) GetIdentityVerificationStatus(i *identity.Info) ([]verification.ClaimStatus, error) NewVerifiedClaim(userID string, claimName string, claimValue string) *verification.Claim MarkClaimVerified(claim *verification.Claim) error }
type WebsocketEventStore ¶
type WebsocketEventStore struct { AppID config.AppID RedisHandle *appredis.Handle Store Store // contains filtered or unexported fields }
func NewWebsocketEventStore ¶
func (*WebsocketEventStore) ChannelName ¶
func (s *WebsocketEventStore) ChannelName(websocketChannelName string) string
Source Files ¶
- accept.go
- allowlist.go
- authenticationinfo.go
- clone.go
- context.go
- cookie.go
- dependencies.go
- deps.go
- effect.go
- errors.go
- event.go
- flow.go
- id.go
- independent_inputs.go
- input.go
- intent.go
- intl_middleware.go
- jsonpointer.go
- marshal.go
- milestone.go
- node.go
- output.go
- rate_limit_middleware.go
- service.go
- session.go
- store.go
- target_step.go
- traverse.go
- websocket.go
- workflow.go
- workflows.go