Documentation ¶
Index ¶
- type ConsoleMultifactor
- type Dance
- func (d *Dance) Authenticate(ctx context.Context, username, password string, mfa Multifactor) (SessionToken, error)
- func (d *Dance) Authorize(ctx context.Context, sessionToken SessionToken) (SessionID, error)
- func (d *Dance) CloseSession(ctx context.Context, sessionID SessionID) error
- func (d *Dance) RefreshSession(ctx context.Context, sessionID SessionID) (*Session, error)
- func (d *Dance) Session(ctx context.Context, sessionID SessionID) (*Session, error)
- type Factor
- type Multifactor
- type Option
- type Session
- type SessionID
- type SessionToken
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConsoleMultifactor ¶
ConsoleMultifactor handles the user input
func NewConsoleMultifactor ¶
func NewConsoleMultifactor() (*ConsoleMultifactor, error)
NewConsoleMultifactor creates a `MultiFactor` which interacts with a user on the console to complete multifactor auth
The exact console interface should be considered UNSTABLE. If you need a stable UI, you should implement `Multifactor` directly.
func (*ConsoleMultifactor) ReadCode ¶
func (c *ConsoleMultifactor) ReadCode(Factor) (string, error)
ReadCode reads the MFA code when needed
func (*ConsoleMultifactor) RequestUsernamePassword ¶
func (c *ConsoleMultifactor) RequestUsernamePassword() (username, password string, err error)
RequestUsernamePassword asks the user for their username and password
type Dance ¶
type Dance struct {
// contains filtered or unexported fields
}
Dance performs the authentication & authorization dance with Okta
func New ¶
New dance client. If you need to use `Authenticate` make sure to pass in a clientID option via `WithClientID`
func (*Dance) Authenticate ¶
func (d *Dance) Authenticate(ctx context.Context, username, password string, mfa Multifactor) (SessionToken, error)
Authenticate authenticates the user against Okta and returns a `sessionToken`. The sessionToken needs to be given to the App which will then use `Authenticate` to authenticate the user for that App. The sessionToken is only usable once.
The `Multifactor` argument is used to complete multifactor authentication, if needed. If you *know* you won't need m,ultifactor authentication, it may be nil.
func (*Dance) Authorize ¶
Authorize establishes the session and returns the sid. It ensures the authentication token (sessionToken) is valid for the specific App (as identified by the clientId)
This method reuires a configured clientID as it verifies the pairing of the authenticated user and the application.
func (*Dance) CloseSession ¶
CloseSession closes the specified session
func (*Dance) RefreshSession ¶
RefreshSession extends the lifetime of the current session
type Factor ¶
type Factor interface { ID() string FactorType() string Provider() string // contains filtered or unexported methods }
Factor identifies a factor
type Multifactor ¶
type Multifactor interface { // Select the factor to use for the challenge Select([]Factor) (Factor, error) // Obtain the MFA code ReadCode(Factor) (string, error) }
Multifactor responds to MFA requests
type Option ¶
type Option interface {
// contains filtered or unexported methods
}
Option configures the dance
func WithClientID ¶
WithClientID configures a clientID on the dance. This is needed for some operations. Those operations call it out. If all you are doing is authenticating, you should not need the client_id
func WithHTTPClient ¶
WithHTTPClient allows you to specify your own http client. it is critical that this client be configured to not follow redirects: ```
httpClient := &http.Client{ CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse }, }
```
func WithLogger ¶
func WithLogger(log func(...interface{})) Option
WithLogger passes in a logging function, such as `log.Println`, which will be used to log communication with Okta
func WithPrettyJSON ¶
func WithPrettyJSON() Option
WithPrettyJSON forces pretty printed JSON on requests and in logs
type Session ¶
type Session struct { ID string `json:"id"` UserID string `json:"userId"` Login string `json:"login"` CreatedAt time.Time `json:"createdAt"` ExpiresAt time.Time `json:"expiresAt"` Status string `json:"status"` LastPasswordVerification time.Time `json:"lastPasswordVerification"` LastFactorVerification time.Time `json:"lastFactorVerification"` Amr []string `json:"amr"` Idp struct { ID string `json:"id"` Type string `json:"type"` } `json:"idp"` MfaActive bool `json:"mfaActive"` Links struct { Self struct { Href string `json:"href"` Hints struct { Allow []string `json:"allow"` } `json:"hints"` } `json:"self"` Refresh struct { Href string `json:"href"` Hints struct { Allow []string `json:"allow"` } `json:"hints"` } `json:"refresh"` User struct { Name string `json:"name"` Href string `json:"href"` Hints struct { Allow []string `json:"allow"` } `json:"hints"` } `json:"user"` } `json:"_links"` }
Session is an OKTA Session, see [Session Model](https://developer.okta.com/docs/reference/api/sessions/#session-model)