authn

package
v0.40.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 32 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAuthenticatorNotEnabled = herodot.DefaultError{
	ErrorField:  "authenticator matching this route is misconfigured or disabled",
	CodeField:   http.StatusInternalServerError,
	StatusField: http.StatusText(http.StatusInternalServerError),
}
View Source 
var ErrAuthenticatorNotResponsible = errors.New("Authenticator not responsible")

Functions

func NewErrAuthenticatorMisconfigured 

func NewErrAuthenticatorMisconfigured(a Authenticator, err error) *herodot.DefaultError

func NewErrAuthenticatorNotEnabled 

func NewErrAuthenticatorNotEnabled(a Authenticator) *herodot.DefaultError

func PrepareRequest 

func PrepareRequest(r *http.Request, cf AuthenticatorForwardConfig) (http.Request, error)

Types

type Audience 

type Audience []string

func (*Audience) UnmarshalJSON 

func (a *Audience) UnmarshalJSON(b []byte) error

type AuthenticationSession 

type AuthenticationSession struct {
	Subject      string                 `json:"subject"`
	Extra        map[string]interface{} `json:"extra"`
	Header       http.Header            `json:"header"`
	MatchContext MatchContext           `json:"match_context"`
}

func (*AuthenticationSession) Copy 

func (a *AuthenticationSession) Copy() *AuthenticationSession

func (*AuthenticationSession) SetHeader 

func (a *AuthenticationSession) SetHeader(key, val string)

type Authenticator 

type Authenticator interface {
	Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, rule pipeline.Rule) error
	GetID() string
	Validate(config json.RawMessage) error
}

type AuthenticatorAnonymous 

type AuthenticatorAnonymous struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorAnonymous 

func NewAuthenticatorAnonymous(c configuration.Provider) *AuthenticatorAnonymous

func (*AuthenticatorAnonymous) Authenticate 

func (a *AuthenticatorAnonymous) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthenticatorAnonymous) Config 

func (a *AuthenticatorAnonymous) Config(config json.RawMessage) (*AuthenticatorAnonymousConfiguration, error)

func (*AuthenticatorAnonymous) GetID 

func (a *AuthenticatorAnonymous) GetID() string

func (*AuthenticatorAnonymous) Validate 

func (a *AuthenticatorAnonymous) Validate(config json.RawMessage) error

type AuthenticatorAnonymousConfiguration 

type AuthenticatorAnonymousConfiguration struct {
	Subject string `json:"subject"`
}

type AuthenticatorBearerToken 

type AuthenticatorBearerToken struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorBearerToken 

func NewAuthenticatorBearerToken(c configuration.Provider, provider trace.TracerProvider) *AuthenticatorBearerToken

func (*AuthenticatorBearerToken) Authenticate 

func (a *AuthenticatorBearerToken) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) (err error)

func (*AuthenticatorBearerToken) Config 

func (a *AuthenticatorBearerToken) Config(config json.RawMessage) (*AuthenticatorBearerTokenConfiguration, error)

func (*AuthenticatorBearerToken) GetID 

func (a *AuthenticatorBearerToken) GetID() string

func (*AuthenticatorBearerToken) Validate 

func (a *AuthenticatorBearerToken) Validate(config json.RawMessage) error

type AuthenticatorBearerTokenConfiguration 

type AuthenticatorBearerTokenConfiguration struct {
	CheckSessionURL     string                      `json:"check_session_url"`
	BearerTokenLocation *helper.BearerTokenLocation `json:"token_from"`
	Prefix              string                      `json:"prefix"`
	PreserveQuery       bool                        `json:"preserve_query"`
	PreservePath        bool                        `json:"preserve_path"`
	PreserveHost        bool                        `json:"preserve_host"`
	ExtraFrom           string                      `json:"extra_from"`
	SubjectFrom         string                      `json:"subject_from"`
	ForwardHTTPHeaders  []string                    `json:"forward_http_headers"`
	SetHeaders          map[string]string           `json:"additional_headers"`
	ForceMethod         string                      `json:"force_method"`
}

func (*AuthenticatorBearerTokenConfiguration) GetCheckSessionURL 

func (a *AuthenticatorBearerTokenConfiguration) GetCheckSessionURL() string

func (*AuthenticatorBearerTokenConfiguration) GetForceMethod 

func (a *AuthenticatorBearerTokenConfiguration) GetForceMethod() string

func (*AuthenticatorBearerTokenConfiguration) GetForwardHTTPHeaders 

func (a *AuthenticatorBearerTokenConfiguration) GetForwardHTTPHeaders() []string

func (*AuthenticatorBearerTokenConfiguration) GetPreserveHost 

func (a *AuthenticatorBearerTokenConfiguration) GetPreserveHost() bool

func (*AuthenticatorBearerTokenConfiguration) GetPreservePath 

func (a *AuthenticatorBearerTokenConfiguration) GetPreservePath() bool

func (*AuthenticatorBearerTokenConfiguration) GetPreserveQuery 

func (a *AuthenticatorBearerTokenConfiguration) GetPreserveQuery() bool

func (*AuthenticatorBearerTokenConfiguration) GetSetHeaders 

func (a *AuthenticatorBearerTokenConfiguration) GetSetHeaders() map[string]string

type AuthenticatorBearerTokenFilter 

type AuthenticatorBearerTokenFilter struct {
}

type AuthenticatorCookieSession 

type AuthenticatorCookieSession struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorCookieSession 

func NewAuthenticatorCookieSession(c configuration.Provider, provider trace.TracerProvider) *AuthenticatorCookieSession

func (*AuthenticatorCookieSession) Authenticate 

func (a *AuthenticatorCookieSession) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) (err error)

func (*AuthenticatorCookieSession) Config 

func (a *AuthenticatorCookieSession) Config(config json.RawMessage) (*AuthenticatorCookieSessionConfiguration, error)

func (*AuthenticatorCookieSession) GetID 

func (a *AuthenticatorCookieSession) GetID() string

func (*AuthenticatorCookieSession) Validate 

func (a *AuthenticatorCookieSession) Validate(config json.RawMessage) error

type AuthenticatorCookieSessionConfiguration 

type AuthenticatorCookieSessionConfiguration struct {
	Only               []string          `json:"only"`
	CheckSessionURL    string            `json:"check_session_url"`
	PreserveQuery      bool              `json:"preserve_query"`
	PreservePath       bool              `json:"preserve_path"`
	ExtraFrom          string            `json:"extra_from"`
	SubjectFrom        string            `json:"subject_from"`
	PreserveHost       bool              `json:"preserve_host"`
	ForwardHTTPHeaders []string          `json:"forward_http_headers"`
	SetHeaders         map[string]string `json:"additional_headers"`
	ForceMethod        string            `json:"force_method"`
}

func (*AuthenticatorCookieSessionConfiguration) GetCheckSessionURL 

func (a *AuthenticatorCookieSessionConfiguration) GetCheckSessionURL() string

func (*AuthenticatorCookieSessionConfiguration) GetForceMethod 

func (a *AuthenticatorCookieSessionConfiguration) GetForceMethod() string

func (*AuthenticatorCookieSessionConfiguration) GetForwardHTTPHeaders 

func (a *AuthenticatorCookieSessionConfiguration) GetForwardHTTPHeaders() []string

func (*AuthenticatorCookieSessionConfiguration) GetPreserveHost 

func (a *AuthenticatorCookieSessionConfiguration) GetPreserveHost() bool

func (*AuthenticatorCookieSessionConfiguration) GetPreservePath 

func (a *AuthenticatorCookieSessionConfiguration) GetPreservePath() bool

func (*AuthenticatorCookieSessionConfiguration) GetPreserveQuery 

func (a *AuthenticatorCookieSessionConfiguration) GetPreserveQuery() bool

func (*AuthenticatorCookieSessionConfiguration) GetSetHeaders 

func (a *AuthenticatorCookieSessionConfiguration) GetSetHeaders() map[string]string

type AuthenticatorCookieSessionFilter 

type AuthenticatorCookieSessionFilter struct {
}

type AuthenticatorForwardConfig 

type AuthenticatorForwardConfig interface {
	GetCheckSessionURL() string
	GetPreserveQuery() bool
	GetPreservePath() bool
	GetPreserveHost() bool
	GetForwardHTTPHeaders() []string
	GetSetHeaders() map[string]string
	GetForceMethod() string
}

type AuthenticatorJWT 

type AuthenticatorJWT struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorJWT 

func NewAuthenticatorJWT(
	c configuration.Provider,
	r AuthenticatorJWTRegistry,
) *AuthenticatorJWT

func (*AuthenticatorJWT) Authenticate 

func (a *AuthenticatorJWT) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) (err error)

func (*AuthenticatorJWT) Config 

func (a *AuthenticatorJWT) Config(config json.RawMessage) (*AuthenticatorOAuth2JWTConfiguration, error)

func (*AuthenticatorJWT) GetID 

func (a *AuthenticatorJWT) GetID() string

func (*AuthenticatorJWT) Validate 

func (a *AuthenticatorJWT) Validate(config json.RawMessage) error

type AuthenticatorJWTRegistry 

type AuthenticatorJWTRegistry interface {
	credentials.VerifierRegistry
	Tracer() trace.Tracer
}

type AuthenticatorNoOp 

type AuthenticatorNoOp struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorNoOp 

func NewAuthenticatorNoOp(c configuration.Provider) *AuthenticatorNoOp

func (*AuthenticatorNoOp) Authenticate 

func (a *AuthenticatorNoOp) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthenticatorNoOp) GetID 

func (a *AuthenticatorNoOp) GetID() string

func (*AuthenticatorNoOp) Validate 

func (a *AuthenticatorNoOp) Validate(config json.RawMessage) error

type AuthenticatorOAuth2ClientCredentials 

type AuthenticatorOAuth2ClientCredentials struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2ClientCredentials 

func NewAuthenticatorOAuth2ClientCredentials(c configuration.Provider, logger *logrusx.Logger) *AuthenticatorOAuth2ClientCredentials

func (*AuthenticatorOAuth2ClientCredentials) Authenticate 

func (a *AuthenticatorOAuth2ClientCredentials) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthenticatorOAuth2ClientCredentials) Config 

func (a *AuthenticatorOAuth2ClientCredentials) Config(config json.RawMessage) (*AuthenticatorOAuth2Configuration, error)

func (*AuthenticatorOAuth2ClientCredentials) GetID 

func (a *AuthenticatorOAuth2ClientCredentials) GetID() string

func (*AuthenticatorOAuth2ClientCredentials) Validate 

func (a *AuthenticatorOAuth2ClientCredentials) Validate(config json.RawMessage) error

type AuthenticatorOAuth2ClientCredentialsRetryConfiguration 

type AuthenticatorOAuth2ClientCredentialsRetryConfiguration struct {
	Timeout string `json:"max_delay"`
	MaxWait string `json:"give_up_after"`
}

type AuthenticatorOAuth2Configuration 

type AuthenticatorOAuth2Configuration struct {
	Scopes   []string                                                `json:"required_scope"`
	TokenURL string                                                  `json:"token_url"`
	Retry    *AuthenticatorOAuth2ClientCredentialsRetryConfiguration `json:"retry,omitempty"`
	Cache    clientCredentialsCacheConfig                            `json:"cache"`
}

type AuthenticatorOAuth2Introspection 

type AuthenticatorOAuth2Introspection struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorOAuth2Introspection 

func NewAuthenticatorOAuth2Introspection(c configuration.Provider, l *logrusx.Logger, p trace.TracerProvider) *AuthenticatorOAuth2Introspection

func (*AuthenticatorOAuth2Introspection) Authenticate 

func (a *AuthenticatorOAuth2Introspection) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) (err error)

func (*AuthenticatorOAuth2Introspection) Config 

func (a *AuthenticatorOAuth2Introspection) Config(config json.RawMessage) (*AuthenticatorOAuth2IntrospectionConfiguration, *http.Client, error)

func (*AuthenticatorOAuth2Introspection) GetID 

func (a *AuthenticatorOAuth2Introspection) GetID() string

func (*AuthenticatorOAuth2Introspection) Validate 

func (a *AuthenticatorOAuth2Introspection) Validate(config json.RawMessage) error

type AuthenticatorOAuth2IntrospectionConfiguration 

type AuthenticatorOAuth2IntrospectionConfiguration struct {
	Scopes                      []string                                              `json:"required_scope"`
	Audience                    []string                                              `json:"target_audience"`
	Issuers                     []string                                              `json:"trusted_issuers"`
	PreAuth                     *AuthenticatorOAuth2IntrospectionPreAuthConfiguration `json:"pre_authorization"`
	ScopeStrategy               string                                                `json:"scope_strategy"`
	IntrospectionURL            string                                                `json:"introspection_url"`
	PreserveHost                bool                                                  `json:"preserve_host"`
	BearerTokenLocation         *helper.BearerTokenLocation                           `json:"token_from"`
	Prefix                      string                                                `json:"prefix"`
	IntrospectionRequestHeaders map[string]string                                     `json:"introspection_request_headers"`
	Retry                       *AuthenticatorOAuth2IntrospectionRetryConfiguration   `json:"retry"`
	Cache                       cacheConfig                                           `json:"cache"`
}

type AuthenticatorOAuth2IntrospectionPreAuthConfiguration 

type AuthenticatorOAuth2IntrospectionPreAuthConfiguration struct {
	Enabled      bool     `json:"enabled"`
	ClientID     string   `json:"client_id"`
	ClientSecret string   `json:"client_secret"`
	Audience     string   `json:"audience"`
	Scope        []string `json:"scope"`
	TokenURL     string   `json:"token_url"`
}

type AuthenticatorOAuth2IntrospectionResult 

type AuthenticatorOAuth2IntrospectionResult struct {
	Active    bool                   `json:"active"`
	Extra     map[string]interface{} `json:"ext"`
	Subject   string                 `json:"sub,omitempty"`
	Username  string                 `json:"username"`
	Audience  Audience               `json:"aud,omitempty"`
	TokenType string                 `json:"token_type"`
	Issuer    string                 `json:"iss"`
	ClientID  string                 `json:"client_id,omitempty"`
	Scope     string                 `json:"scope,omitempty"`
	Expires   int64                  `json:"exp"`
	TokenUse  string                 `json:"token_use"`
}

type AuthenticatorOAuth2IntrospectionRetryConfiguration 

type AuthenticatorOAuth2IntrospectionRetryConfiguration struct {
	Timeout string `json:"max_delay"`
	MaxWait string `json:"give_up_after"`
}

type AuthenticatorOAuth2JWTConfiguration 

type AuthenticatorOAuth2JWTConfiguration struct {
	Scope               []string                    `json:"required_scope"`
	Audience            []string                    `json:"target_audience"`
	Issuers             []string                    `json:"trusted_issuers"`
	AllowedAlgorithms   []string                    `json:"allowed_algorithms"`
	JWKSURLs            []string                    `json:"jwks_urls"`
	ScopeStrategy       string                      `json:"scope_strategy"`
	BearerTokenLocation *helper.BearerTokenLocation `json:"token_from"`
}

type AuthenticatorUnauthorized 

type AuthenticatorUnauthorized struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorUnauthorized 

func NewAuthenticatorUnauthorized(c configuration.Provider) *AuthenticatorUnauthorized

func (*AuthenticatorUnauthorized) Authenticate 

func (a *AuthenticatorUnauthorized) Authenticate(r *http.Request, session *AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthenticatorUnauthorized) GetID 

func (a *AuthenticatorUnauthorized) GetID() string

func (*AuthenticatorUnauthorized) Validate 

func (a *AuthenticatorUnauthorized) Validate(config json.RawMessage) error

type MatchContext 

type MatchContext struct {
	RegexpCaptureGroups []string    `json:"regexp_capture_groups"`
	URL                 *url.URL    `json:"url"`
	Method              string      `json:"method"`
	Header              http.Header `json:"header"`
}

type Registry 

type Registry interface {
	AvailablePipelineAuthenticators() []string
	PipelineAuthenticator(string) (Authenticator, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.