ssoauth

package module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 2, 2020 License: LGPL-3.0 Imports: 13 Imported by: 0

README

SSO Auth

The ssoauth package implements macaroon-based authentication with canonical SSO services.

Documentation

Overview

Package ssoauth implements macaroon based authentication with Canonical SSO.

Index

Constants

This section is empty.

Variables

View Source 
var ErrUnauthorized = errgo.New("unauthorized")
View Source 
var ErrUnsupportedCaveat = errgo.New("unsupported caveat")

ErrUnsupportedCaveat is returned from the function created in CaveatChecker when the caveat is not understood by the checker.

Functions

func AddThirdPartyCaveat 

func AddThirdPartyCaveat(m *macaroon.Macaroon, rootKey []byte, location string, pk *rsa.PublicKey) error

AddThirdPartyCaveat adds a third-party caveat to the given macaroon in the format understood by the SSO server.

func CaveatChecker 

func CaveatChecker(location string, acc *Account) func(caveatID string) error

CaveatChecker creates a function which verifies first-party caveats added by the SSO server at the given location. Account information returned from the SSO server will be stored in the given Account. The returned function is suitable for using asthe check parameter with the Verify method of macaroon.Macaroon. If any provided caveat is not supported by this checker then an ErrUnsupportedCaveat error will be returned.

Types

type Account 

type Account struct {
	Provider    string    `json:"-"`
	OpenID      string    `json:"openid"`
	Username    string    `json:"username"`
	DisplayName string    `json:"displayname"`
	Email       string    `json:"email"`
	IsVerified  bool      `json:"is_verified"`
	LastAuth    time.Time `json:"-"`
}

Account contains the details of the authenticated user that Ubuntu SSO added to the discharge macaroon.

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

An Authenticator is used to mint macaroons with a third-party caveat addressed to a canonical SSO provider and authenticate responses.

func New 

func New(p Params) *Authenticator

New creates a new Authenticator.

func (*Authenticator) Authenticate 

func (a *Authenticator) Authenticate(ctx context.Context, ms macaroon.Slice) (*Account, error)

Authenticate checks that the given macaroon slice is a valid discharged SSO macaroon and returns the user details associated with the macaroon, if any. If given macaroons are not valid then an error with a cause of ErrUnauthorized is returned.

func (*Authenticator) Macaroon 

func (a *Authenticator) Macaroon(ctx context.Context) (*bakery.Macaroon, error)

Macaroon creates a new macaroon with a third party caveat addressed to the configured SSO server. Once discharged, the macaroon can be used to authorize a call to the Authenticate method.

type Params 

type Params struct {
	// Oven contains the Oven instance that issues the macaroons.
	Oven *bakery.Oven

	// Location contains the Ubuntu SSO location that the macaroons
	// are addressed to.
	Location string

	// PublicKey contains the public key of the Ubuntu SSO server to
	// which the third-party caveat will be addressed.
	PublicKey *rsa.PublicKey
}

Source Files

View all Source files

Directories

Path Synopsis
Package ssoauthacl provides mechanisms to match accounts to identity lists.
 Package ssoauthacl provides mechanisms to match accounts to identity lists.
Package ssoauthtest contains test helpers for SSO authentication.
 Package ssoauthtest contains test helpers for SSO authentication.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.