authenticator

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2023 License: MPL-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package authenticator is responsible for handling the authentication of users with third party identity providers.

Index

Constants

View Source 
const (
	EmailClaim claim = "email"
	SubClaim   claim = "sub"
	NameClaim  claim = "name"

	DefaultUsernameClaim = NameClaim
)

Variables

View Source 
var (
	// "openid" is a required scope for OpenID Connect flows, and profile
	// gives OTF access to the user's username.
	DefaultOIDCScopes       = []string{oidc.ScopeOpenID, "profile"}
	ErrMissingOIDCIssuerURL = errors.New("missing oidc-issuer-url")
)
View Source 
var ErrOAuthCredentialsIncomplete = errors.New("must specify both client ID and client secret")

Functions

func NewAuthenticatorService 

func NewAuthenticatorService(ctx context.Context, opts Options) (*service, error)

NewAuthenticatorService constructs a service for logging users onto the system. Supports multiple clients: zero or more clients that support an opaque token, and one client that supports IDToken/OIDC.

func NewOIDCIssuer 

func NewOIDCIssuer(t *testing.T, username, aud, name string) string

NewOIDCIssuer creates an oidc issuer server and returns its url. For testing purposes.

Types

type IdentityProviderClient added in v0.1.14 

type IdentityProviderClient interface {
	// GetCurrentUser retrieves the currently authenticated user
	GetCurrentUser(ctx context.Context) (string, error)
}

type OAuthClient 

type OAuthClient struct {

	// for retrieving OTF system hostname to construct redirect URLs
	*internal.HostnameService

	OAuthConfig
	// contains filtered or unexported fields
}

OAuthClient performs the client role in an oauth handshake, requesting authorization from the user to access their account details on a particular cloud.

func (*OAuthClient) RequestPath 

func (a *OAuthClient) RequestPath() string

func (*OAuthClient) String 

func (a *OAuthClient) String() string

String provides a human-readable identifier for the oauth client, using the name of its underlying cloud provider

type OAuthConfig added in v0.1.14 

type OAuthConfig struct {
	Hostname            string
	ClientID            string
	ClientSecret        string
	Endpoint            oauth2.Endpoint
	Scopes              []string
	Name                string
	SkipTLSVerification bool
}

OAuthConfig is configuration for constructing an OAuth client

type OIDCConfig added in v0.1.14 

type OIDCConfig struct {
	// Name is the user-friendly identifier of the OIDC endpoint.
	Name string
	// IssuerURL is the issuer url for the OIDC provider.
	IssuerURL string
	// ClientID is the client id for the OIDC provider.
	ClientID string
	// ClientSecret is the client secret for the OIDC provider.
	ClientSecret string
	// Skip TLS Verification when communicating with issuer.
	SkipTLSVerification bool
	// Scopes to request from the OIDC provider.
	Scopes []string
	// UsernameClaim is the claim that provides the username.
	UsernameClaim string
}

OIDCConfig is the configuration for a generic OIDC provider.

type OpaqueHandlerConfig added in v0.1.14 

type OpaqueHandlerConfig struct {
	OAuthConfig
	ClientConstructor func(cfg OAuthConfig, token *oauth2.Token) (IdentityProviderClient, error)
}

type Options 

type Options struct {
	logr.Logger
	html.Renderer

	*internal.HostnameService

	TokensService        *tokens.Service
	OpaqueHandlerConfigs []OpaqueHandlerConfig
	IDTokenHandlerConfig OIDCConfig
	SkipTLSVerification  bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.