duouniversal

package module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2021 License: MIT Imports: 13 Imported by: 0

README

Duo Universal Prompt Golang SDK

This library allows for integrating the Duo Universal Prompt into a Go application.

Usage

For full usage, see the example folder.

Create a client with your clientID, clientSecret, apiHost, and your redirectURI.

duo, err := duouniversal.NewClient(*clientID, *clientSecret, *apiHost, *redirectURI)

Use the methods on the client to complete the authentication flow.

// Auther is used to represent Duo authentication behavior.
type Auther interface {
	// NewAuthorizationURL returns the authorization URL to redirect the user to
	// to begin authentication.
	NewAuthorizationURL(username, state string) (string, error)
	// DoHealthCheck performs a health check against the Duo service.
	DoHealthCheck() error
	// DoTokenExchange exchanges an OIDC code for the Duo authentication result.
	DoTokenExchange(code, username string) (*DuoClaims, error)
}

Documentation

Overview

Package duouniversal allows for integrating a Go application with the Duo Universal Prompt.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateRandomID 

func GenerateRandomID(len int) (string, error)

GenerateRandomID is a helper method to generate a random ID with a specific byte length.

Types

type Auther 

type Auther interface {
	// NewAuthorizationURL returns the authorization URL to redirect the user to
	// to begin authentication.
	NewAuthorizationURL(username, state string) (string, error)
	// DoHealthCheck performs a health check against the Duo service.
	DoHealthCheck() error
	// DoTokenExchange exchanges an OIDC code for the Duo authentication result.
	DoTokenExchange(code, username string) (*DuoClaims, error)
}

Auther is used to represent Duo authentication behavior.

type Client 

type Client struct {
	Client                  *http.Client
	ClientID                string
	ClientSecret            []byte
	APIHost                 string
	RedirectURI             string
	DisableCertVerification bool
	UseDuoCode              bool
	// contains filtered or unexported fields
}

Client represents authentication configuration and behavior for completing the OIDC flow with Duo.

func NewClient 

func NewClient(clientID, clientSecret, apiHost, redirectURI string, opts ...ClientOption) (*Client, error)

NewClient creates a new client for handling Duo authentications.

func (Client) DoHealthCheck 

func (c Client) DoHealthCheck() error

DoHealthCheck performs a health check against the Duo service.

func (Client) DoTokenExchange 

func (c Client) DoTokenExchange(code, username string) (*DuoClaims, error)

DoTokenExchange exchanges an OIDC code for the Duo authentication result.

func (Client) NewAuthorizationURL 

func (c Client) NewAuthorizationURL(username, state string) (string, error)

NewAuthorizationURL returns the authorization URL to redirect the user to to begin authentication.

type ClientOption 

type ClientOption func(*Client)

ClientOption represents functional options for the Client.

func WithCustomCertBundle 

func WithCustomCertBundle(certPool *x509.CertPool) ClientOption

WithCustomCertBundle allows for customizing the cert bundle used to communicate with Duo.

func WithDisableCertVerification 

func WithDisableCertVerification() ClientOption

WithDisableCertVerification disables cert verification.

type DuoClaims 

type DuoClaims struct {
	jwt.StandardClaims
	AuthTime   int `json:"auth_time"`
	AuthResult struct {
		Result    string `json:"result"`
		Status    string `json:"status"`
		StatusMsg string `json:"status_msg"`
	} `json:"auth_result"`
	AuthContext struct {
		Txid      string `json:"txid"`
		Timestamp int    `json:"timestamp"`
		User      struct {
			Name   string   `json:"name"`
			Key    string   `json:"key"`
			Groups []string `json:"groups"`
		} `json:"user"`
		Application struct {
			Name string `json:"name"`
			Key  string `json:"key"`
		} `json:"application"`
		AuthDevice struct {
			IP       string `json:"ip"`
			Location struct {
				City    string `json:"city"`
				State   string `json:"state"`
				Country string `json:"country"`
			} `json:"location"`
			Name string `json:"name"`
		} `json:"auth_device"`
		AccessDevice struct {
			IP       string `json:"ip"`
			Location struct {
				City    string `json:"city"`
				State   string `json:"state"`
				Country string `json:"country"`
			} `json:"location"`
			Hostname *string `json:"hostname"`
		} `json:"access_device"`
		Factor       string    `json:"factor"`
		EventType    string    `json:"event_type"`
		Result       string    `json:"result"`
		Reason       string    `json:"reason"`
		Alias        string    `json:"alias"`
		Isotimestamp time.Time `json:"isotimestamp"`
		Email        string    `json:"email"`
		OodSoftware  *string   `json:"ood_software"`
	} `json:"auth_context"`
	PreferredUsername string `json:"preferred_username"`
}

DuoClaims represents the decoded ID token received from Duo.

func (DuoClaims) Valid 

func (d DuoClaims) Valid() error

Valid is wrapped here to allow for forgiving a certain amount of clock skew.

func (DuoClaims) VerifyExpiresAt 

func (d DuoClaims) VerifyExpiresAt(cmp int64, leeway int64) bool

VerifyExpiresAt is wrapped here to allow for forgiving a certain amount of clock skew.

func (DuoClaims) VerifyIssuedAt 

func (d DuoClaims) VerifyIssuedAt(cmp int64, leeway int64) bool

VerifyIssuedAt is wrapped here to allow for forgiving a certain amount of clock skew.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.