auth

package

v0.0.0-...-3852003 Latest Latest Go to latest Published: Apr 25, 2024 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/navikt/nada-backend

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func FetchCertificates(discoveryURL string) (map[string]CertificateList, error)
func JWTValidator(certificates map[string]CertificateList, audience string) jwt.Keyfunc
type Azure
- func NewAzure(clientID, clientSecret, clientTenant, hostname string) *Azure
- func (a *Azure) KeyDiscoveryURL() string
- func (a *Azure) Middleware(keyDiscoveryURL string, azureGroups *AzureGroupClient, ...) MiddlewareHandler
- func (a *Azure) Verify(ctx context.Context, rawIDToken string) (*oidc.IDToken, error)
type AzureGroupClient
- func NewAzureGroups(client *http.Client, clientID, clientSecret, tenantID string) *AzureGroupClient
- func (a *AzureGroupClient) GroupsForUser(ctx context.Context, token, email string) (Groups, error)
type CertificateList
type EncodedCertificate
- func (c EncodedCertificate) Decode() (*x509.Certificate, error)
type GoogleGroupClient
- func NewGoogleGroups(ctx context.Context, credentailFile, subject string, log *logrus.Entry) (*GoogleGroupClient, error)
- func (g *GoogleGroupClient) Groups(ctx context.Context, email *string) (groups Groups, err error)
type Group
type Groups
- func (g Groups) Contains(email string) bool
- func (g Groups) Emails() []string
- func (g Groups) Get(email string) (Group, bool)
- func (g Groups) Names() []string
type Key
type KeyDiscovery
- func Discover(reader io.Reader) (*KeyDiscovery, error)
- func DiscoverURL(url string) (*KeyDiscovery, error)
- func (k *KeyDiscovery) Map() (result map[string]CertificateList, err error)
type MemberOfGroup
type MemberOfResponse
type Middleware
- func (m *Middleware) Handler(next http.Handler) http.Handler
type MiddlewareHandler
- func MockJWTValidatorMiddleware() MiddlewareHandler
type SessionRetriever
type TeamProjectsMapping
- func (t *TeamProjectsMapping) Get(team string) (string, bool)
- func (t *TeamProjectsMapping) SetTeamProjects(projects map[string]string)
type TokenResponse
type User
- func GetUser(ctx context.Context) *User

Constants ¶

View Source

const (
	AzureGraphMemberOfEndpoint = "https://graph.microsoft.com/v1.0/me/memberOf/microsoft.graph.group?$select=mail,groupTypes,displayName"
	CacheDuration              = 1 * time.Hour
)

View Source

const ContextUserKey contextKey = 1

Variables ¶

View Source

var MockUser = User{
	Name:  "Anderson, Mock",
	Email: "mock.anderson@email.com",
	GoogleGroups: Groups{
		{
			Name:  "team",
			Email: "team@nav.no",
		},
		{
			Name:  "nada",
			Email: "nada@nav.no",
		},
		{
			Name:  "aura",
			Email: "aura@nav.no",
		},
		{
			Name:  "nais-team-nyteam",
			Email: "nais-team-nyteam@nav.no",
		},
	},
	AzureGroups: Groups{
		{
			Name:  "team",
			Email: "team@nav.no",
		},
	},
	Expiry: time.Now().Add(time.Hour * 24),
}

Functions ¶

func FetchCertificates ¶

func FetchCertificates(discoveryURL string) (map[string]CertificateList, error)

func JWTValidator ¶

func JWTValidator(certificates map[string]CertificateList, audience string) jwt.Keyfunc

Types ¶

type Azure ¶

type Azure struct {
	oauth2.Config
	// contains filtered or unexported fields
}

func NewAzure ¶

func NewAzure(clientID, clientSecret, clientTenant, hostname string) *Azure

func (*Azure) KeyDiscoveryURL ¶

func (a *Azure) KeyDiscoveryURL() string

func (*Azure) Middleware ¶

func (a *Azure) Middleware(keyDiscoveryURL string, azureGroups *AzureGroupClient, googleGroups *GoogleGroupClient, sessionStore SessionRetriever) MiddlewareHandler

func (*Azure) Verify ¶

func (a *Azure) Verify(ctx context.Context, rawIDToken string) (*oidc.IDToken, error)

type AzureGroupClient ¶

type AzureGroupClient struct {
	Client            *http.Client
	OAuthClientID     string
	OAuthClientSecret string
	OAuthTenantID     string
}

func NewAzureGroups ¶

func NewAzureGroups(client *http.Client, clientID, clientSecret, tenantID string) *AzureGroupClient

func (*AzureGroupClient) GroupsForUser ¶

func (a *AzureGroupClient) GroupsForUser(ctx context.Context, token, email string) (Groups, error)

type CertificateList ¶

type CertificateList []*x509.Certificate

type EncodedCertificate ¶

type EncodedCertificate string

func (EncodedCertificate) Decode ¶

func (c EncodedCertificate) Decode() (*x509.Certificate, error)

Decode a base64 encoded certificate into a X509 structure.

type GoogleGroupClient ¶

type GoogleGroupClient struct {
	// contains filtered or unexported fields
}

func NewGoogleGroups ¶

func NewGoogleGroups(ctx context.Context, credentailFile, subject string, log *logrus.Entry) (*GoogleGroupClient, error)

func (*GoogleGroupClient) Groups ¶

func (g *GoogleGroupClient) Groups(ctx context.Context, email *string) (groups Groups, err error)

type Group ¶

type Group struct {
	Name  string `json:"name"`
	Email string `json:"email"`
}

type Groups ¶

type Groups []Group

func (Groups) Contains ¶

func (g Groups) Contains(email string) bool

func (Groups) Emails ¶

func (g Groups) Emails() []string

func (Groups) Get ¶

func (g Groups) Get(email string) (Group, bool)

func (Groups) Names ¶

func (g Groups) Names() []string

type Key ¶

type Key struct {
	Kid string               `json:"kid"`
	X5c []EncodedCertificate `json:"x5c"`
}

type KeyDiscovery ¶

type KeyDiscovery struct {
	Keys []Key `json:"keys"`
}

func Discover ¶

func Discover(reader io.Reader) (*KeyDiscovery, error)

func DiscoverURL ¶

func DiscoverURL(url string) (*KeyDiscovery, error)

func (*KeyDiscovery) Map ¶

func (k *KeyDiscovery) Map() (result map[string]CertificateList, err error)

Map transform a KeyDiscovery object into a dictionary with "kid" as key and lists of decoded X509 certificates as values.

Returns an error if any certificate does not decode.

type MemberOfGroup ¶

type MemberOfGroup struct {
	DisplayName string   `json:"displayName"`
	Mail        string   `json:"mail"`
	GroupTypes  []string `json:"groupTypes"`
}

type MemberOfResponse ¶

type MemberOfResponse struct {
	Groups []MemberOfGroup `json:"value"`
}

type Middleware ¶

type Middleware struct {
	// contains filtered or unexported fields
}

func (*Middleware) Handler ¶

func (m *Middleware) Handler(next http.Handler) http.Handler

type MiddlewareHandler ¶

type MiddlewareHandler func(http.Handler) http.Handler

func MockJWTValidatorMiddleware ¶

func MockJWTValidatorMiddleware() MiddlewareHandler

type SessionRetriever ¶

type SessionRetriever interface {
	GetSession(ctx context.Context, token string) (*models.Session, error)
}

type TeamProjectsMapping ¶

type TeamProjectsMapping struct {
	TeamProjects map[string]string
	// contains filtered or unexported fields
}

func (*TeamProjectsMapping) Get ¶

func (t *TeamProjectsMapping) Get(team string) (string, bool)

func (*TeamProjectsMapping) SetTeamProjects ¶

func (t *TeamProjectsMapping) SetTeamProjects(projects map[string]string)

type TokenResponse ¶

type TokenResponse struct {
	AccessToken string `json:"access_token"`
}

type User ¶

type User struct {
	Name            string `json:"name"`
	Email           string `json:"email"`
	AzureGroups     Groups
	GoogleGroups    Groups
	AllGoogleGroups Groups
	Expiry          time.Time `json:"expiry"`
}

func GetUser ¶

func GetUser(ctx context.Context) *User

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL