openid

package

v0.0.0-...-fa273ca Latest Latest Go to latest Published: Nov 18, 2019 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/meowdada/minio-debug

Documentation ¶

Index ¶

Constants
Variables
func GetDefaultExpiration(dsecs string) (time.Duration, error)
func SetIdentityOpenID(s config.Config, cfg Config)
type Config
- func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (c Config, err error)
- func (r *Config) PopulatePublicKey() error
- func (r *Config) UnmarshalJSON(data []byte) error
type DiscoveryDoc
type ID
type JWKS
- func (key *JWKS) DecodePublicKey() (crypto.PublicKey, error)
type JWT
- func NewJWT(c Config) *JWT
- func (p *JWT) ID() ID
- func (p *JWT) Validate(token, dsecs string) (map[string]interface{}, error)
type Validator
type Validators
- func NewValidators() *Validators

Constants ¶

View Source

const (
	JwksURL     = "jwks_url"
	ConfigURL   = "config_url"
	ClaimPrefix = "claim_prefix"

	EnvIdentityOpenIDState       = "MINIO_IDENTITY_OPENID_STATE"
	EnvIdentityOpenIDJWKSURL     = "MINIO_IDENTITY_OPENID_JWKS_URL"
	EnvIdentityOpenIDURL         = "MINIO_IDENTITY_OPENID_CONFIG_URL"
	EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX"
)

OpenID keys and envs.

View Source

const (
	EnvIamJwksURL = "MINIO_IAM_JWKS_URL"
)

Legacy envs

Variables ¶

View Source

var (
	ErrTokenExpired    = errors.New("token expired")
	ErrInvalidDuration = errors.New("duration higher than token expiry")
)

ErrTokenExpired - error token expired

View Source

var (
	DefaultKVS = config.KVS{
		config.State:   config.StateOff,
		config.Comment: "This is a default OpenID configuration",
		JwksURL:        "",
		ConfigURL:      "",
		ClaimPrefix:    "",
	}
)

DefaultKVS - default config for OpenID config

View Source

var (
	Help = config.HelpKV{
		ConfigURL:      `OpenID discovery documented endpoint. eg: "https://accounts.google.com/.well-known/openid-configuration"`,
		config.State:   "Indicates if OpenID identity is enabled or not",
		config.Comment: "A comment to describe the OpenID identity setting",
	}
)

Help template for OpenID identity feature.

Functions ¶

func GetDefaultExpiration ¶

func GetDefaultExpiration(dsecs string) (time.Duration, error)

GetDefaultExpiration - returns the expiration seconds expected.

func SetIdentityOpenID ¶

func SetIdentityOpenID(s config.Config, cfg Config)

SetIdentityOpenID - One time migration code needed, for migrating from older config to new for OpenIDConfig.

Types ¶

type Config ¶

type Config struct {
	JWKS struct {
		URL *xnet.URL `json:"url"`
	} `json:"jwks"`
	URL          *xnet.URL `json:"url,omitempty"`
	ClaimPrefix  string    `json:"claimPrefix,omitempty"`
	DiscoveryDoc DiscoveryDoc
	// contains filtered or unexported fields
}

Config - OpenID Config RSA authentication target arguments

func LookupConfig ¶

func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (c Config, err error)

LookupConfig lookup jwks from config, override with any ENVs.

func (*Config) PopulatePublicKey ¶

func (r *Config) PopulatePublicKey() error

PopulatePublicKey - populates a new publickey from the JWKS URL.

func (*Config) UnmarshalJSON ¶

func (r *Config) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

type DiscoveryDoc ¶

type DiscoveryDoc struct {
	Issuer                           string   `json:"issuer,omitempty"`
	AuthEndpoint                     string   `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                    string   `json:"token_endpoint,omitempty"`
	UserInfoEndpoint                 string   `json:"userinfo_endpoint,omitempty"`
	RevocationEndpoint               string   `json:"revocation_endpoint,omitempty"`
	JwksURI                          string   `json:"jwks_uri,omitempty"`
	ResponseTypesSupported           []string `json:"response_types_supported,omitempty"`
	SubjectTypesSupported            []string `json:"subject_types_supported,omitempty"`
	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
	ScopesSupported                  []string `json:"scopes_supported,omitempty"`
	TokenEndpointAuthMethods         []string `json:"token_endpoint_auth_methods_supported,omitempty"`
	ClaimsSupported                  []string `json:"claims_supported,omitempty"`
	CodeChallengeMethodsSupported    []string `json:"code_challenge_methods_supported,omitempty"`
}

DiscoveryDoc - parses the output from openid-configuration for example https://accounts.google.com/.well-known/openid-configuration

type ID ¶

type ID string

ID - holds identification name authentication validator target.

type JWKS ¶

type JWKS struct {
	Keys []*JWKS `json:"keys,omitempty"`

	Kty string `json:"kty"`
	Use string `json:"use,omitempty"`
	Kid string `json:"kid,omitempty"`
	Alg string `json:"alg,omitempty"`

	Crv string `json:"crv,omitempty"`
	X   string `json:"x,omitempty"`
	Y   string `json:"y,omitempty"`
	D   string `json:"d,omitempty"`
	N   string `json:"n,omitempty"`
	E   string `json:"e,omitempty"`
	K   string `json:"k,omitempty"`
}

JWKS - https://tools.ietf.org/html/rfc7517

func (*JWKS) DecodePublicKey ¶

func (key *JWKS) DecodePublicKey() (crypto.PublicKey, error)

DecodePublicKey - decodes JSON Web Key (JWK) as public key

type JWT ¶

type JWT struct {
	Config
}

JWT - rs client grants provider details.

func NewJWT ¶

func NewJWT(c Config) *JWT

NewJWT - initialize new jwt authenticator.

func (*JWT) ID ¶

func (p *JWT) ID() ID

ID returns the provider name and authentication type.

func (*JWT) Validate ¶

func (p *JWT) Validate(token, dsecs string) (map[string]interface{}, error)

Validate - validates the access token.

type Validator ¶

type Validator interface {
	// Validate is a custom validator function for this provider,
	// each validation is authenticationType or provider specific.
	Validate(token string, duration string) (map[string]interface{}, error)

	// ID returns provider name of this provider.
	ID() ID
}

Validator interface describes basic implementation requirements of various authentication providers.

type Validators ¶

type Validators struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Validators - holds list of providers indexed by provider id.

func NewValidators ¶

func NewValidators() *Validators

NewValidators - creates Validators.

func (*Validators) Add ¶

func (list *Validators) Add(provider Validator) error

Add - adds unique provider to provider list.

func (*Validators) Get ¶

func (list *Validators) Get(id ID) (p Validator, err error)

Get - returns the provider for the given providerID, if not found returns an error.

func (*Validators) List ¶

func (list *Validators) List() []ID

List - returns available provider IDs.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL