Documentation ¶
Overview ¶
Package duouniversal allows for integrating a Go application with the Duo Universal Prompt.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateRandomID ¶
GenerateRandomID is a helper method to generate a random ID with a specific byte length.
Types ¶
type Auther ¶
type Auther interface { // NewAuthorizationURL returns the authorization URL to redirect the user to // to begin authentication. NewAuthorizationURL(username, state string) (string, error) // DoHealthCheck performs a health check against the Duo service. DoHealthCheck() error // DoTokenExchange exchanges an OIDC code for the Duo authentication result. DoTokenExchange(code, username string) (*DuoClaims, error) }
Auther is used to represent Duo authentication behavior.
type Client ¶
type Client struct { Client *http.Client ClientID string ClientSecret []byte APIHost string RedirectURI string DisableCertVerification bool UseDuoCode bool // contains filtered or unexported fields }
Client represents authentication configuration and behavior for completing the OIDC flow with Duo.
func NewClient ¶
func NewClient(clientID, clientSecret, apiHost, redirectURI string, opts ...ClientOption) (*Client, error)
NewClient creates a new client for handling Duo authentications.
func (Client) DoHealthCheck ¶
DoHealthCheck performs a health check against the Duo service.
func (Client) DoTokenExchange ¶
DoTokenExchange exchanges an OIDC code for the Duo authentication result.
type ClientOption ¶
type ClientOption func(*Client)
ClientOption represents functional options for the Client.
func WithCustomCertBundle ¶
func WithCustomCertBundle(certPool *x509.CertPool) ClientOption
WithCustomCertBundle allows for customizing the cert bundle used to communicate with Duo.
func WithDisableCertVerification ¶
func WithDisableCertVerification() ClientOption
WithDisableCertVerification disables cert verification.
type DuoClaims ¶
type DuoClaims struct { jwt.StandardClaims AuthTime int `json:"auth_time"` AuthResult struct { Result string `json:"result"` Status string `json:"status"` StatusMsg string `json:"status_msg"` } `json:"auth_result"` AuthContext struct { Txid string `json:"txid"` Timestamp int `json:"timestamp"` User struct { Name string `json:"name"` Key string `json:"key"` Groups []string `json:"groups"` } `json:"user"` Application struct { Name string `json:"name"` Key string `json:"key"` } `json:"application"` AuthDevice struct { IP string `json:"ip"` Location struct { City string `json:"city"` State string `json:"state"` Country string `json:"country"` } `json:"location"` Name string `json:"name"` } `json:"auth_device"` AccessDevice struct { IP string `json:"ip"` Location struct { City string `json:"city"` State string `json:"state"` Country string `json:"country"` } `json:"location"` Hostname *string `json:"hostname"` } `json:"access_device"` Factor string `json:"factor"` EventType string `json:"event_type"` Result string `json:"result"` Reason string `json:"reason"` Alias string `json:"alias"` Isotimestamp time.Time `json:"isotimestamp"` Email string `json:"email"` OodSoftware *string `json:"ood_software"` } `json:"auth_context"` PreferredUsername string `json:"preferred_username"` }
DuoClaims represents the decoded ID token received from Duo.
func (DuoClaims) Valid ¶
Valid is wrapped here to allow for forgiving a certain amount of clock skew.
func (DuoClaims) VerifyExpiresAt ¶
VerifyExpiresAt is wrapped here to allow for forgiving a certain amount of clock skew.