tclogin

package
v0.0.0-...-a5b7ecb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2019 License: MPL-2.0 Imports: 2 Imported by: 0

Documentation

Overview

The Login service serves as the interface between external authentication systems and Taskcluster credentials.

See:

How to use this package

First create a Login object: 

login := tclogin.New(nil)

and then call one or more of login's methods, e.g.: 

err := login.Ping(.....)

handling any errors... 

if err != nil {
	// handle error...
}

Taskcluster Schema

The source code of this go package was auto-generated from the API definition at https://taskcluster-staging.net/references/login/v1/api.json together with the input and output schemas it references, downloaded on Thu, 27 Jun 2019 at 07:22:00 UTC. The code was generated by https://github.com/taskcluster/taskcluster-client-go/blob/master/build.sh.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CredentialsResponse 

type CredentialsResponse struct {

	// Taskcluster credentials. Note that the credentials may not contain a certificate!
	//
	// See https://taskcluster-staging.net/schemas/login/v1/oidc-credentials-response.json#/properties/credentials
	Credentials TaskclusterCredentials `json:"credentials"`

	// Time after which the credentials are no longer valid.  Callers should
	// call `oidcCredentials` again to get fresh credentials before this time.
	//
	// See https://taskcluster-staging.net/schemas/login/v1/oidc-credentials-response.json#/properties/expires
	Expires tcclient.Time `json:"expires"`
}

A response containing credentials corresponding to a supplied OIDC `access_token`.

See https://taskcluster-staging.net/schemas/login/v1/oidc-credentials-response.json#

type Login 

type Login tcclient.Client

func New 

func New(credentials *tcclient.Credentials, rootURL string) *Login

New returns a Login client, configured to run against production. Pass in nil credentials to create a client without authentication. The returned client is mutable, so returned settings can be altered. 

login := tclogin.New(
    nil,                                      // client without authentication
    "http://localhost:1234/my/taskcluster",   // taskcluster hosted at this root URL on local machine
)
err := login.Ping(.....)                      // for example, call the Ping(.....) API endpoint (described further down)...
if err != nil {
	// handle errors...
}

func NewFromEnv 

func NewFromEnv() *Login

NewFromEnv returns a *Login configured from environment variables.

The root URL is taken from TASKCLUSTER_PROXY_URL if set to a non-empty string, otherwise from TASKCLUSTER_ROOT_URL if set, otherwise the empty string.

The credentials are taken from environment variables: 

TASKCLUSTER_CLIENT_ID
TASKCLUSTER_ACCESS_TOKEN
TASKCLUSTER_CERTIFICATE

If TASKCLUSTER_CLIENT_ID is empty/unset, authentication will be disabled.

func (*Login) OidcCredentials 

func (login *Login) OidcCredentials(provider string) (*CredentialsResponse, error)

Stability: *** EXPERIMENTAL ***

Given an OIDC `access_token` from a trusted OpenID provider, return a set of Taskcluster credentials for use on behalf of the identified user.

This method is typically not called with a Taskcluster client library and does not accept Hawk credentials. The `access_token` should be given in an `Authorization` header: ``` Authorization: Bearer abc.xyz ```

The `access_token` is first verified against the named :provider, then passed to the provider's APIBuilder to retrieve a user profile. That profile is then used to generate Taskcluster credentials appropriate to the user. Note that the resulting credentials may or may not include a `certificate` property. Callers should be prepared for either alternative.

The given credentials will expire in a relatively short time. Callers should monitor this expiration and refresh the credentials if necessary, by calling this endpoint again, if they have expired.

See #oidcCredentials

func (*Login) Ping 

func (login *Login) Ping() error

Respond without doing anything. This endpoint is used to check that the service is up.

See #ping

type TaskclusterCredentials 

type TaskclusterCredentials struct {

	// Syntax:     ^[a-zA-Z0-9_-]{22,66}$
	//
	// See https://taskcluster-staging.net/schemas/login/v1/oidc-credentials-response.json#/properties/credentials/properties/accessToken
	AccessToken string `json:"accessToken"`

	// See https://taskcluster-staging.net/schemas/login/v1/oidc-credentials-response.json#/properties/credentials/properties/certificate
	Certificate string `json:"certificate,omitempty"`

	// Syntax:     ^[A-Za-z0-9!@/:.+|_-]+$
	//
	// See https://taskcluster-staging.net/schemas/login/v1/oidc-credentials-response.json#/properties/credentials/properties/clientId
	ClientID string `json:"clientId"`
}

Taskcluster credentials. Note that the credentials may not contain a certificate!

See https://taskcluster-staging.net/schemas/login/v1/oidc-credentials-response.json#/properties/credentials

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.