README
¶
oktadance
Provides a convenient API to do basic authentication against Okta.
TODO
- Better MFA support (all that really works right now is okta verify)
Documentation
¶
Index ¶
- type ConsoleMultifactor
- type Dance
- func (d *Dance) Authenticate(ctx context.Context, username, password string, mfa Multifactor) (SessionToken, error)
- func (d *Dance) Authorize(ctx context.Context, sessionToken SessionToken) (SessionID, error)
- func (d *Dance) CloseSession(ctx context.Context, sessionID SessionID) error
- func (d *Dance) RefreshSession(ctx context.Context, sessionID SessionID) (*Session, error)
- func (d *Dance) Session(ctx context.Context, sessionID SessionID) (*Session, error)
- type Factor
- type Multifactor
- type Option
- type Session
- type SessionID
- type SessionToken
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConsoleMultifactor ¶
ConsoleMultifactor handles the user input
func NewConsoleMultifactor ¶
func NewConsoleMultifactor() (*ConsoleMultifactor, error)
NewConsoleMultifactor creates a `MultiFactor` which interacts with a user on the console to complete multifactor auth
The exact console interface should be considered UNSTABLE. If you need a stable UI, you should implement `Multifactor` directly.
func (*ConsoleMultifactor) ReadCode ¶
func (c *ConsoleMultifactor) ReadCode(Factor) (string, error)
ReadCode reads the MFA code when needed
func (*ConsoleMultifactor) RequestUsernamePassword ¶
func (c *ConsoleMultifactor) RequestUsernamePassword() (username, password string, err error)
RequestUsernamePassword asks the user for their username and password
type Dance ¶
type Dance struct {
// contains filtered or unexported fields
}
Dance performs the authentication & authorization dance with Okta
func New ¶
New dance client. If you need to use `Authenticate` make sure to pass in a clientID option via `WithClientID`
func (*Dance) Authenticate ¶
func (d *Dance) Authenticate(ctx context.Context, username, password string, mfa Multifactor) (SessionToken, error)
Authenticate authenticates the user against Okta and returns a `sessionToken`. The sessionToken needs to be given to the App which will then use `Authenticate` to authenticate the user for that App. The sessionToken is only usable once.
The `Multifactor` argument is used to complete multifactor authentication, if needed. If you *know* you won't need m,ultifactor authentication, it may be nil.
func (*Dance) Authorize ¶
Authorize establishes the session and returns the sid. It ensures the authentication token (sessionToken) is valid for the specific App (as identified by the clientId)
This method reuires a configured clientID as it verifies the pairing of the authenticated user and the application.
func (*Dance) CloseSession ¶
CloseSession closes the specified session
func (*Dance) RefreshSession ¶
RefreshSession extends the lifetime of the current session
type Factor ¶
type Factor interface {
ID() string
FactorType() string
Provider() string
// contains filtered or unexported methods
}
Factor identifies a factor
type Multifactor ¶
type Multifactor interface {
// Select the factor to use for the challenge
Select([]Factor) (Factor, error)
// Obtain the MFA code
ReadCode(Factor) (string, error)
}
Multifactor responds to MFA requests
type Option ¶
type Option interface {
// contains filtered or unexported methods
}
Option configures the dance
func WithClientID ¶
WithClientID configures a clientID on the dance. This is needed for some operations. Those operations call it out. If all you are doing is authenticating, you should not need the client_id
func WithHTTPClient ¶
WithHTTPClient allows you to specify your own http client. it is critical that this client be configured to not follow redirects: ```
httpClient := &http.Client{
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
}
```
func WithLogger ¶
func WithLogger(log func(...interface{})) Option
WithLogger passes in a logging function, such as `log.Println`, which will be used to log communication with Okta
func WithPrettyJSON ¶
func WithPrettyJSON() Option
WithPrettyJSON forces pretty printed JSON on requests and in logs
type Session ¶
type Session struct {
ID string `json:"id"`
UserID string `json:"userId"`
Login string `json:"login"`
CreatedAt time.Time `json:"createdAt"`
ExpiresAt time.Time `json:"expiresAt"`
Status string `json:"status"`
LastPasswordVerification time.Time `json:"lastPasswordVerification"`
LastFactorVerification time.Time `json:"lastFactorVerification"`
Amr []string `json:"amr"`
Idp struct {
ID string `json:"id"`
Type string `json:"type"`
} `json:"idp"`
MfaActive bool `json:"mfaActive"`
Links struct {
Self struct {
Href string `json:"href"`
Hints struct {
Allow []string `json:"allow"`
} `json:"hints"`
} `json:"self"`
Refresh struct {
Href string `json:"href"`
Hints struct {
Allow []string `json:"allow"`
} `json:"hints"`
} `json:"refresh"`
User struct {
Name string `json:"name"`
Href string `json:"href"`
Hints struct {
Allow []string `json:"allow"`
} `json:"hints"`
} `json:"user"`
} `json:"_links"`
}
Session is an OKTA Session, see [Session Model](https://developer.okta.com/docs/reference/api/sessions/#session-model)
Source Files
Directories