provider

package
v3.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 2, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const VersionLatest = -1

Variables

View Source
var (
	ErrNoSuchProvider        = errors.New("no provider with the given name")
	ErrNoProviderWithVersion = errors.New("version not supported")
	ErrNoOptions             = errors.New("options provided but none accepted")
	ErrMissingClientSecret   = errors.New("missing client secret in configuration")
)
View Source
var (
	ErrOIDCMissingIDToken = errors.New("oidc: missing ID token in response")
	ErrOIDCNonceMismatch  = errors.New("oidc: nonce does not match")
)
View Source
var GlobalRegistry = NewRegistry()

Functions

This section is empty.

Types

type AuthCodeExchangeOption

type AuthCodeExchangeOption interface {
	ApplyToAuthCodeExchangeOptions(target *AuthCodeExchangeOptions)
}

type AuthCodeExchangeOptions

type AuthCodeExchangeOptions struct {
	RedirectURL     string
	AuthCodeOptions []oauth2.AuthCodeOption
	ProviderOptions map[string]string
}

AuthCodeExchangeOptions are options for the AuthCodeExchange operation.

func (*AuthCodeExchangeOptions) ApplyOptions

func (o *AuthCodeExchangeOptions) ApplyOptions(opts []AuthCodeExchangeOption)

type AuthCodeURLOption

type AuthCodeURLOption interface {
	ApplyToAuthCodeURLOptions(target *AuthCodeURLOptions)
}

type AuthCodeURLOptions

type AuthCodeURLOptions struct {
	RedirectURL     string
	Scopes          []string
	AuthCodeOptions []oauth2.AuthCodeOption
	ProviderOptions map[string]string
}

AuthCodeURLOptions are options for the AuthCodeURL operation.

func (*AuthCodeURLOptions) ApplyOptions

func (o *AuthCodeURLOptions) ApplyOptions(opts []AuthCodeURLOption)

type ClientCredentialsOption

type ClientCredentialsOption interface {
	ApplyToClientCredentialsOptions(target *ClientCredentialsOptions)
}

type ClientCredentialsOptions

type ClientCredentialsOptions struct {
	Scopes          []string
	EndpointParams  url.Values
	ProviderOptions map[string]string
}

ClientCredentialsOptions are options for the ClientCredentials operation.

func (*ClientCredentialsOptions) ApplyOptions

func (o *ClientCredentialsOptions) ApplyOptions(opts []ClientCredentialsOption)

type ConstantTimeoutAlgorithm

type ConstantTimeoutAlgorithm struct {
	// contains filtered or unexported fields
}

func NewConstantTimeoutAlgorithm

func NewConstantTimeoutAlgorithm(timeout time.Duration) *ConstantTimeoutAlgorithm

func (*ConstantTimeoutAlgorithm) Timeout

func (cta *ConstantTimeoutAlgorithm) Timeout(ctx context.Context, tok *Token) (time.Duration, bool)

type DeviceCodeAuthOption

type DeviceCodeAuthOption interface {
	ApplyToDeviceCodeAuthOptions(target *DeviceCodeAuthOptions)
}

type DeviceCodeAuthOptions

type DeviceCodeAuthOptions struct {
	Scopes          []string
	ProviderOptions map[string]string
}

DeviceCodeAuthOptions are options for the DeviceCodeAuth operation.

func (*DeviceCodeAuthOptions) ApplyOptions

func (o *DeviceCodeAuthOptions) ApplyOptions(opts []DeviceCodeAuthOption)

type DeviceCodeExchangeOption

type DeviceCodeExchangeOption interface {
	ApplyToDeviceCodeExchangeOptions(target *DeviceCodeExchangeOptions)
}

type DeviceCodeExchangeOptions

type DeviceCodeExchangeOptions struct {
	ProviderOptions map[string]string
}

DeviceCodeExchangeOptions are options for the DeviceCodeExchange operation.

func (*DeviceCodeExchangeOptions) ApplyOptions

func (o *DeviceCodeExchangeOptions) ApplyOptions(opts []DeviceCodeExchangeOption)

type Endpoint

type Endpoint struct {
	oauth2.Endpoint

	DeviceURL string
}

Endpoint is an extension of oauth2.Endpoint that also provides information about other URLs.

type EndpointFactoryFunc

type EndpointFactoryFunc func(opts map[string]string) Endpoint

EndpointFactoryFunc returns an Endpoint given some provider configuration.

func StaticEndpointFactory

func StaticEndpointFactory(endpoint Endpoint) EndpointFactoryFunc

StaticEndpointFactory returns an EndpointFactoryFunc for a static endpoint configuration that does not take provider options.

type FactoryFunc

type FactoryFunc func(ctx context.Context, vsn int, opts map[string]string) (Provider, error)

func BasicFactory

func BasicFactory(endpoint Endpoint) FactoryFunc

type LogarithmicTimeoutAlgorithm

type LogarithmicTimeoutAlgorithm struct {
	// contains filtered or unexported fields
}

func NewLogarithmicTimeoutAlgorithm

func NewLogarithmicTimeoutAlgorithm(expiryLeewayFactor float64, timeout, expiryDelta time.Duration) *LogarithmicTimeoutAlgorithm

func (*LogarithmicTimeoutAlgorithm) Timeout

func (lta *LogarithmicTimeoutAlgorithm) Timeout(ctx context.Context, tok *Token) (time.Duration, bool)

type OptionError

type OptionError struct {
	Option string
	Cause  error
}

func (*OptionError) Error

func (oe *OptionError) Error() string

func (*OptionError) Unwrap

func (oe *OptionError) Unwrap() error

type PrivateOperations

type PrivateOperations interface {
	PublicOperations

	// AuthCodeExchange performs an authorization code flow exchange request.
	AuthCodeExchange(ctx context.Context, code string, opts ...AuthCodeExchangeOption) (*Token, error)

	// ClientCredentials performs a client credentials flow request.
	ClientCredentials(ctx context.Context, opts ...ClientCredentialsOption) (*Token, error)

	// TokenExchange performs an RFC 8693 token exchange operation.
	TokenExchange(ctx context.Context, t *Token, opts ...TokenExchangeOption) (*Token, error)
}

PrivateOperations defines the operations for a client that require knowledge of the client ID and client secret.

type Provider

type Provider interface {
	// Version is the revision of this provider vis-a-vis the options it
	// supports.
	Version() int

	// Public returns a view of the operations for this provider for the given
	// client ID.
	Public(clientID string) PublicOperations

	// Private returns a complete set of the operations for this provider for
	// the given client ID and client secret.
	Private(clientID, clientSecret string) PrivateOperations
}

Provider represents an integration with a particular OAuth provider using the authorization code grant.

func AzureADFactory

func AzureADFactory(ctx context.Context, vsn int, opts map[string]string) (Provider, error)

func CustomFactory

func CustomFactory(ctx context.Context, vsn int, opts map[string]string) (Provider, error)

func GoogleFactory

func GoogleFactory(ctx context.Context, vsn int, opts map[string]string) (Provider, error)

func OIDCFactory

func OIDCFactory(ctx context.Context, vsn int, opts map[string]string) (Provider, error)

type PublicOperations

type PublicOperations interface {
	// AuthCodeURL returns a URL to send a user to for initial authentication.
	//
	// If this provider does not define an authorization code endpoint URL, this
	// method returns false.
	AuthCodeURL(state string, opts ...AuthCodeURLOption) (string, bool)

	// DeviceCodeAuth performs the RFC 8628 device code authorization operation.
	//
	// If this provider does not support device code authorization, this method
	// returns false.
	DeviceCodeAuth(ctx context.Context, opts ...DeviceCodeAuthOption) (*devicecode.Auth, bool, error)

	// DeviceCodeExchange performs the RFC 8628 device code exchange operation
	// once, without polling.
	DeviceCodeExchange(ctx context.Context, deviceCode string, opts ...DeviceCodeExchangeOption) (*Token, error)

	// RefreshToken performs a refresh token flow request.
	//
	// This method does not check the expiration of the token. It forces a
	// refresh when invoked.
	//
	// Depending on the source of the token, this method may require the client
	// secret. However, for implicit and device code grants, it only requires
	// the client ID.
	RefreshToken(ctx context.Context, t *Token, opts ...RefreshTokenOption) (*Token, error)
}

PublicOperations defines the operations for a client that only require knowledge of the client ID.

type RefreshTokenOption

type RefreshTokenOption interface {
	ApplyToRefreshTokenOptions(target *RefreshTokenOptions)
}

type RefreshTokenOptions

type RefreshTokenOptions struct {
	ProviderOptions map[string]string
}

RefreshTokenOptions are options for the RefreshToken operation.

func (*RefreshTokenOptions) ApplyOptions

func (o *RefreshTokenOptions) ApplyOptions(opts []RefreshTokenOption)

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

func NewRegistry

func NewRegistry() *Registry

func (*Registry) MustRegister

func (r *Registry) MustRegister(name string, factory FactoryFunc)

func (*Registry) New

func (r *Registry) New(ctx context.Context, name string, opts map[string]string) (Provider, error)

New looks up a provider with the given name and configures it according to the specified options.

func (*Registry) NewAt

func (r *Registry) NewAt(ctx context.Context, name string, vsn int, opts map[string]string) (Provider, error)

NewAt looks up a provider with the given name at the given version and configures it according to the specified options.

func (*Registry) Register

func (r *Registry) Register(name string, factory FactoryFunc) error

Register registers a new provider using the name and factory specified.

type TimeToExpiryPiecewiseTimeoutAlgorithm

type TimeToExpiryPiecewiseTimeoutAlgorithm struct {
	// contains filtered or unexported fields
}

func (*TimeToExpiryPiecewiseTimeoutAlgorithm) Timeout

type TimeToExpiryPiecewiseTimeoutMapping

type TimeToExpiryPiecewiseTimeoutMapping struct {
	Test      func(d time.Duration, ok bool) bool
	Algorithm TimeoutAlgorithm
}

type TimeoutAlgorithm

type TimeoutAlgorithm interface {
	Timeout(ctx context.Context, tok *Token) (time.Duration, bool)
}

func NewBoundedLogarithmicTimeoutAlgorithm

func NewBoundedLogarithmicTimeoutAlgorithm(expiryLeewayFactor float64, timeout, expiryDelta time.Duration) TimeoutAlgorithm

type TimeoutProvider

type TimeoutProvider struct {
	// contains filtered or unexported fields
}

func NewTimeoutProvider

func NewTimeoutProvider(delegate Provider, alg TimeoutAlgorithm) *TimeoutProvider

func (*TimeoutProvider) Private

func (tp *TimeoutProvider) Private(clientID, clientSecret string) PrivateOperations

func (*TimeoutProvider) Public

func (tp *TimeoutProvider) Public(clientID string) PublicOperations

func (*TimeoutProvider) Version

func (tp *TimeoutProvider) Version() int

type Token

type Token struct {
	*oauth2.Token `json:",inline"`

	ExtraData map[string]interface{} `json:"extra_data,omitempty"`

	// ProviderVersion is the version of the provider that last updated this
	// token. It can be used to upgrade the provider options before handing off
	// to methods that expect versions to be synchronized with the plugin
	// provider version.
	//
	// May be unspecified. If not specified, provider options must be treated as
	// opaque data.
	ProviderVersion int `json:"provider_version,omitempty"`

	// ProviderOptions are the set of persistent options to use for this token
	// when configuring a provider.
	ProviderOptions map[string]string `json:"provider_options,omitempty"`
}

Token is an extension of *oauth2.Token that also provides complementary data to store (usually from the token's own raw data).

type TokenExchangeOption added in v3.1.0

type TokenExchangeOption interface {
	ApplyToTokenExchangeOptions(target *TokenExchangeOptions)
}

type TokenExchangeOptions added in v3.1.0

type TokenExchangeOptions struct {
	Scopes          []string
	Audiences       []string
	Resources       []string
	AuthCodeOptions []oauth2.AuthCodeOption
	ProviderOptions map[string]string
}

TokenExchangeOptions are options for the TokenExchange operation.

func (*TokenExchangeOptions) ApplyOptions added in v3.1.0

func (o *TokenExchangeOptions) ApplyOptions(opts []TokenExchangeOption)

type WithAudiences added in v3.1.0

type WithAudiences []string

func (WithAudiences) ApplyToTokenExchangeOptions added in v3.1.0

func (wa WithAudiences) ApplyToTokenExchangeOptions(target *TokenExchangeOptions)

type WithProviderOptions

type WithProviderOptions map[string]string

func (WithProviderOptions) ApplyToAuthCodeExchangeOptions

func (wpo WithProviderOptions) ApplyToAuthCodeExchangeOptions(target *AuthCodeExchangeOptions)

func (WithProviderOptions) ApplyToAuthCodeURLOptions

func (wpo WithProviderOptions) ApplyToAuthCodeURLOptions(target *AuthCodeURLOptions)

func (WithProviderOptions) ApplyToClientCredentialsOptions

func (wpo WithProviderOptions) ApplyToClientCredentialsOptions(target *ClientCredentialsOptions)

func (WithProviderOptions) ApplyToDeviceCodeAuthOptions

func (wpo WithProviderOptions) ApplyToDeviceCodeAuthOptions(target *DeviceCodeAuthOptions)

func (WithProviderOptions) ApplyToDeviceCodeExchangeOptions

func (wpo WithProviderOptions) ApplyToDeviceCodeExchangeOptions(target *DeviceCodeExchangeOptions)

func (WithProviderOptions) ApplyToRefreshTokenOptions

func (wpo WithProviderOptions) ApplyToRefreshTokenOptions(target *RefreshTokenOptions)

func (WithProviderOptions) ApplyToTokenExchangeOptions added in v3.1.0

func (wpo WithProviderOptions) ApplyToTokenExchangeOptions(target *TokenExchangeOptions)

type WithRedirectURL

type WithRedirectURL string

func (WithRedirectURL) ApplyToAuthCodeExchangeOptions

func (wru WithRedirectURL) ApplyToAuthCodeExchangeOptions(target *AuthCodeExchangeOptions)

func (WithRedirectURL) ApplyToAuthCodeURLOptions

func (wru WithRedirectURL) ApplyToAuthCodeURLOptions(target *AuthCodeURLOptions)

type WithResources added in v3.1.0

type WithResources []string

func (WithResources) ApplyToTokenExchangeOptions added in v3.1.0

func (wr WithResources) ApplyToTokenExchangeOptions(target *TokenExchangeOptions)

type WithScopes

type WithScopes []string

func (WithScopes) ApplyToAuthCodeURLOptions

func (ws WithScopes) ApplyToAuthCodeURLOptions(target *AuthCodeURLOptions)

func (WithScopes) ApplyToClientCredentialsOptions

func (ws WithScopes) ApplyToClientCredentialsOptions(target *ClientCredentialsOptions)

func (WithScopes) ApplyToDeviceCodeAuthOptions

func (ws WithScopes) ApplyToDeviceCodeAuthOptions(target *DeviceCodeAuthOptions)

func (WithScopes) ApplyToTokenExchangeOptions added in v3.1.0

func (ws WithScopes) ApplyToTokenExchangeOptions(target *TokenExchangeOptions)

type WithURLParams

type WithURLParams map[string]string

func (WithURLParams) ApplyToAuthCodeExchangeOptions

func (wup WithURLParams) ApplyToAuthCodeExchangeOptions(target *AuthCodeExchangeOptions)

func (WithURLParams) ApplyToAuthCodeURLOptions

func (wup WithURLParams) ApplyToAuthCodeURLOptions(target *AuthCodeURLOptions)

func (WithURLParams) ApplyToClientCredentialsOptions

func (wup WithURLParams) ApplyToClientCredentialsOptions(target *ClientCredentialsOptions)

func (WithURLParams) ApplyToTokenExchangeOptions added in v3.1.0

func (wup WithURLParams) ApplyToTokenExchangeOptions(target *TokenExchangeOptions)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL