Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultFailureHandler = http.HandlerFunc(failureHandler)
DefaultFailureHandler responds with the status code and message based on the error extracted from the context.
Functions ¶
Types ¶
type Config ¶
type Config struct {
// Issuer is the SAMS instance URL, e.g. "https://accounts.sourcegraph.com".
Issuer string
// ClientID is the SAMS client ID, e.g. "sams_cid_xxx".
ClientID string
// ClientSecret is the SAMS client secret, e.g. "sams_cs_xxx".
ClientSecret string
// RequestScopes is the list of requested scopes for access tokens that are
// issued to this client.
RequestScopes []scopes.Scope
// RedirectURI is the URL to redirect to after the user has authenticated. It
// MUST exact-match one of the pre-registered redirect URIs on SAMS.
RedirectURI string
// FailureHandler is the HTTP handler to call when an error occurs. Use
// ErrorFromContext to extract the error.
FailureHandler http.Handler
SecretStore
}
Config contains the configuration for the SAMS authentication handler.
type Error ¶
type Error struct {
// StatusCode is the HTTP status code to respond with.
StatusCode int
// Cause is the error that caused the failure.
Cause error
}
Error is an error that occurred during the authentication process.
func ErrorFromContext ¶
ErrorFromContext returns the error from the given context.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler is the SAMS authentication handler.
func NewHandler ¶
NewHandler returns a new SAMS authentication handler with the given configuration.
func (*Handler) CallbackHandler ¶
CallbackHandler returns an HTTP handler that handles the SAMS callback and calls the success handler upon successful authentication. Use UserInfoFromContext to extract the user information.
func (*Handler) LoginHandler ¶
LoginHandler returns an HTTP handler that redirects the user to the SAMS authentication page.
It passes through the "prompt" and "prompt_auth" query parameters to SAMS.
type SecretStore ¶
type SecretStore interface {
// SetState sets the randomly-generated state to the per-user session.
SetState(r *http.Request, state string) error
// GetState returns the state from the per-user session.
GetState(r *http.Request) (string, error)
// DeleteState deletes the state from the per-user session.
DeleteState(r *http.Request)
// SetNonce sets the randomly-generated nonce to the per-user session.
SetNonce(r *http.Request, nonce string) error
// GetNonce returns the nonce from the per-user session.
GetNonce(r *http.Request) (string, error)
// DeleteNonce deletes the nonce from the per-user session.
DeleteNonce(r *http.Request)
}
SecretStore is the interface for managing the authentication state and nonce in the per-user session.
type UserInfo ¶
type UserInfo struct {
// ID is the unique identifier of the user.
ID string `json:"sub"`
// Name is the display name of the user.
Name string `json:"name"`
// Email is the email address of the user.
Email string `json:"email"`
// EmailVerified is true if the email address has been verified.
EmailVerified bool `json:"email_verified"`
// AvatarURL is the URL to the user's avatar.
AvatarURL string `json:"picture"`
// CreatedAt is the time when the user account was created.
CreatedAt time.Time `json:"created_at"`
// Token is the OAuth2 access token.
Token *oauth2.Token `json:"-"`
// IDToken is the OpenID Connect ID token.
IDToken *oidc.IDToken `json:"-"`
}
UserInfo contains the information about the authenticated user.
func UserInfoFromContext ¶
UserInfoFromContext returns the user info from the given context.
Source Files