Documentation ¶
Index ¶
Constants ¶
const ( JwksURL = "jwks_url" ConfigURL = "config_url" ClaimPrefix = "claim_prefix" EnvIdentityOpenIDState = "MINIO_IDENTITY_OPENID_STATE" EnvIdentityOpenIDJWKSURL = "MINIO_IDENTITY_OPENID_JWKS_URL" EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL" EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX" )
OpenID keys and envs.
const (
EnvIamJwksURL = "MINIO_IAM_JWKS_URL"
)
Legacy envs
Variables ¶
var ( ErrTokenExpired = errors.New("token expired") ErrInvalidDuration = errors.New("duration higher than token expiry") )
ErrTokenExpired - error token expired
var ( DefaultKVS = config.KVS{ config.State: config.StateOff, config.Comment: "This is a default OpenID configuration", JwksURL: "", ConfigURL: "", ClaimPrefix: "", } )
DefaultKVS - default config for OpenID config
var ( Help = config.HelpKV{ ConfigURL: `OpenID discovery documented endpoint. eg: "https://accounts.google.com/.well-known/openid-configuration"`, config.State: "Indicates if OpenID identity is enabled or not", config.Comment: "A comment to describe the OpenID identity setting", } )
Help template for OpenID identity feature.
Functions ¶
func GetDefaultExpiration ¶
GetDefaultExpiration - returns the expiration seconds expected.
func SetIdentityOpenID ¶
SetIdentityOpenID - One time migration code needed, for migrating from older config to new for OpenIDConfig.
Types ¶
type Config ¶
type Config struct { JWKS struct { URL *xnet.URL `json:"url"` } `json:"jwks"` URL *xnet.URL `json:"url,omitempty"` ClaimPrefix string `json:"claimPrefix,omitempty"` DiscoveryDoc DiscoveryDoc // contains filtered or unexported fields }
Config - OpenID Config RSA authentication target arguments
func LookupConfig ¶
func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (c Config, err error)
LookupConfig lookup jwks from config, override with any ENVs.
func (*Config) PopulatePublicKey ¶
PopulatePublicKey - populates a new publickey from the JWKS URL.
func (*Config) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data.
type DiscoveryDoc ¶
type DiscoveryDoc struct { Issuer string `json:"issuer,omitempty"` AuthEndpoint string `json:"authorization_endpoint,omitempty"` TokenEndpoint string `json:"token_endpoint,omitempty"` UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"` RevocationEndpoint string `json:"revocation_endpoint,omitempty"` JwksURI string `json:"jwks_uri,omitempty"` ResponseTypesSupported []string `json:"response_types_supported,omitempty"` SubjectTypesSupported []string `json:"subject_types_supported,omitempty"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"` ScopesSupported []string `json:"scopes_supported,omitempty"` TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"` ClaimsSupported []string `json:"claims_supported,omitempty"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` }
DiscoveryDoc - parses the output from openid-configuration for example https://accounts.google.com/.well-known/openid-configuration
type JWKS ¶
type JWKS struct { Keys []*JWKS `json:"keys,omitempty"` Kty string `json:"kty"` Use string `json:"use,omitempty"` Kid string `json:"kid,omitempty"` Alg string `json:"alg,omitempty"` Crv string `json:"crv,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` D string `json:"d,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` K string `json:"k,omitempty"` }
type Validator ¶
type Validator interface { // Validate is a custom validator function for this provider, // each validation is authenticationType or provider specific. Validate(token string, duration string) (map[string]interface{}, error) // ID returns provider name of this provider. ID() ID }
Validator interface describes basic implementation requirements of various authentication providers.
type Validators ¶
Validators - holds list of providers indexed by provider id.
func (*Validators) Add ¶
func (list *Validators) Add(provider Validator) error
Add - adds unique provider to provider list.
func (*Validators) Get ¶
func (list *Validators) Get(id ID) (p Validator, err error)
Get - returns the provider for the given providerID, if not found returns an error.
func (*Validators) List ¶
func (list *Validators) List() []ID
List - returns available provider IDs.