Documentation ¶
Index ¶
- Constants
- Variables
- func DeleteAccessToken(ctx context.Context, provider string, token string) error
- func GetUserClaimFromContext[T any](ctx context.Context, claim string) (T, bool)
- func GetUserForGitHubId(ctx context.Context, sic server.IdentityConfigWrapper, ghUser int64) (string, error)
- func GetUserSubjectFromContext(ctx context.Context) string
- func NewOAuthConfig(provider string, cli bool) (*oauth2.Config, error)
- func NewProviderHttpClient(provider string) *http.Client
- func RegisterOAuthFlags(v *viper.Viper, flags *pflag.FlagSet) error
- func ValidateProviderToken(_ context.Context, provider string, token string) error
- func WithAuthTokenContext(ctx context.Context, token openid.Token) context.Context
- type JwkSetJwtValidator
- type JwtValidator
- type KeySetCache
- type KeySetFetcher
Constants ¶
const ( // Google OAuth2 provider Google = "google" // Github OAuth2 provider Github = "github" // GitHubApp provider GitHubApp = "github-app" )
Variables ¶
var OAuthSuccessHtml []byte
OAuthSuccessHtml is the html page sent to the client upon successful enrollment via CLI
Functions ¶
func DeleteAccessToken ¶
DeleteAccessToken deletes the access token for a given provider
func GetUserClaimFromContext ¶ added in v0.0.35
GetUserClaimFromContext returns the specified claim from the user subject in the context if found and of the correct type
func GetUserForGitHubId ¶ added in v0.0.39
func GetUserForGitHubId(ctx context.Context, sic server.IdentityConfigWrapper, ghUser int64) (string, error)
GetUserForGitHubId looks up a user in Keycloak by their GitHub ID. This is a temporary implementation until we have a proper interface in front of IDP implementations.
If the user is found, it returns their subject _in Keycloak_, suitable for use in the `sub` claim of a JWT, and in OpenFGA's user field. Note that this function may return a user of "" with no error if no users were found matching the GitHub ID.
func GetUserSubjectFromContext ¶ added in v0.0.24
GetUserSubjectFromContext returns the user subject from the context, or nil
func NewOAuthConfig ¶
NewOAuthConfig creates a new OAuth2 config for the given provider and whether the client is a CLI or web client
func NewProviderHttpClient ¶
NewProviderHttpClient creates a new http client for the given provider
func RegisterOAuthFlags ¶
RegisterOAuthFlags registers client ID and secret file flags for all known providers. This is pretty tied into the internal of the auth module, so it lives here, but it would be nice if we have a consistent registration pattern (database flags are registered in the config module).
func ValidateProviderToken ¶
ValidateProviderToken validates the given token for the given provider
Types ¶
type JwkSetJwtValidator ¶
type JwkSetJwtValidator struct {
// contains filtered or unexported fields
}
JwkSetJwtValidator is a JWT validator that uses a JWK set URL to validate the tokens
func (*JwkSetJwtValidator) ParseAndValidate ¶
func (j *JwkSetJwtValidator) ParseAndValidate(tokenString string) (openid.Token, error)
ParseAndValidate validates a token string and returns an openID token, or an error if the token is invalid
type JwtValidator ¶
JwtValidator provides the functions to validate a JWT
func NewJwtValidator ¶
func NewJwtValidator(ctx context.Context, jwksUrl string) (JwtValidator, error)
NewJwtValidator creates a new JWT validator that uses a JWK set URL to validate the tokens
type KeySetCache ¶
type KeySetCache struct {
// contains filtered or unexported fields
}
KeySetCache is a KeySetFetcher that fetches the JWK set from a cache
type KeySetFetcher ¶
KeySetFetcher provides the functions to fetch a JWK set