internal

package

v0.0.5 Latest Latest Go to latest Published: Jun 20, 2020 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jonmclachlanatpurestorage/opa-oidc-plugin

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CreateOrGetVerifier(idp *string) (*oidc.IDTokenVerifier, error)
func New(m *plugins.Manager, cfg *Config) plugins.Plugin
type Config
- func Validate(m *plugins.Manager, bs []byte) (*Config, error)
type OpaOidcPlugin
type TrustedIdProviderManager
type TrustedIdProviderManagerImpl
- func GetTrustedIdentityProviderManager(trustedIdentityProviders []*string) (*TrustedIdProviderManagerImpl, error)
- func (idpm *TrustedIdProviderManagerImpl) VerifyToken(token *string) (*oidc.IDToken, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var OpenIdConnectVerify = &ast.Builtin{
	Name: "io.openid.verify",
	Decl: types.NewFunction(
		types.Args(
			types.S,
			types.NewArray(nil, types.S),
		),
		types.NewArray([]types.Type{
			types.B,
			types.NewObject(nil, types.NewDynamicProperty(types.A, types.A)),
		}, nil),
	),
}

Verifies an openId connect token and decodes the claims if it is valid.

Functions ¶

func CreateOrGetVerifier ¶

func CreateOrGetVerifier(idp *string) (*oidc.IDTokenVerifier, error)

func New ¶

func New(m *plugins.Manager, cfg *Config) plugins.Plugin

New returns a Plugin that implements the Envoy ext_authz API.

Types ¶

type Config ¶

type Config struct {
}

Config represents the plugin configuration.

func Validate ¶

func Validate(m *plugins.Manager, bs []byte) (*Config, error)

Validate receives a slice of bytes representing the plugin's configuration and returns a configuration value that can be used to instantiate the plugin.

type OpaOidcPlugin ¶

type OpaOidcPlugin struct {
	// contains filtered or unexported fields
}

func (*OpaOidcPlugin) Reconfigure ¶

func (p *OpaOidcPlugin) Reconfigure(ctx context.Context, config interface{})

func (*OpaOidcPlugin) Start ¶

func (p *OpaOidcPlugin) Start(ctx context.Context) error

func (*OpaOidcPlugin) Stop ¶

func (p *OpaOidcPlugin) Stop(ctx context.Context)

type TrustedIdProviderManager ¶

type TrustedIdProviderManager interface {

	// On nil error, IDToken contains the parsed jwt token iff there exist
	// at least one trusted identity provider in this managed set of IdP's
	// that successfully validated this token. Else, (if not valid or not
	// trusted or an error is encountered), a non-nil error returned and
	// IDToken is nil.
	VerifyToken(token *string) (*oidc.IDToken, error)
}

May be used to manage an token verification against an entire collection of trusted IdP's.

type TrustedIdProviderManagerImpl ¶

type TrustedIdProviderManagerImpl struct {
	// contains filtered or unexported fields
}

Private struct to implement interface, TrustedIdProviderManager. We use a sync map to safely manage a collection of trusted issuers and their verifiers.

func GetTrustedIdentityProviderManager ¶

func GetTrustedIdentityProviderManager(trustedIdentityProviders []*string) (*TrustedIdProviderManagerImpl, error)

func (*TrustedIdProviderManagerImpl) VerifyToken ¶

func (idpm *TrustedIdProviderManagerImpl) VerifyToken(token *string) (*oidc.IDToken, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL