okta

package module

v0.0.0-...-439c595 Latest Latest Go to latest Published: Mar 24, 2020 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wearefair/okta-auth

Links

Open Source Insights

README ¶

okta-auth

A library for authenticating against Okta as an end user with support for MFA.

Documentation ¶

Overview ¶

A package for authenticating as an end user with Okta, with support for MFA.

Construct a client with your Okta domain, and a struct that implements the Prompts interface.

After calling `Authenticate`, if a second factor is required the appropriate methods from the Prompts interface will be called to guide the user through the authentication flow.

Index ¶

type ClientConfig
type DebugLogger
type NonFatalAuthError
- func (nonFatalAuthError NonFatalAuthError) Error() string
type OktaClient
- func New(conf ClientConfig) (*OktaClient, error)
- func (c *OktaClient) Authenticate(username, password string) (string, error)
type Prompts
type TerminalError
- func (e TerminalError) Error() string
- func (e TerminalError) String() string
type VerifyU2FRequest
type VerifyU2FResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClientConfig ¶

type ClientConfig struct {
	// Your organizations Okta domain (<your-org>.okta.com).
	OktaDomain string

	// Callbacks for handling user and factor interaction.
	Prompts Prompts

	// An optional RoundTripper that can be used to modify the request/response.
	// Ex: Add a custom user-agent to all requests.
	RoundTripper http.RoundTripper

	// Optional logger that when provided enables debug logs.
	DebugLogger DebugLogger
}

type DebugLogger ¶

type DebugLogger interface {
	Log(string)
}

Interface for logging debug logs.

type NonFatalAuthError ¶

type NonFatalAuthError struct {
	ErrorSummary string
}

Custom error for handling auth timeout and rejection

func (NonFatalAuthError) Error ¶

func (nonFatalAuthError NonFatalAuthError) Error() string

type OktaClient ¶

type OktaClient struct {
	// contains filtered or unexported fields
}

func New ¶

func New(conf ClientConfig) (*OktaClient, error)

Constructs a new OktaClient with the given config.

The only required arguments are the OktaDomain, and Prompts. An error is returned if either of those arguments are omitted.

func (*OktaClient) Authenticate ¶

func (c *OktaClient) Authenticate(username, password string) (string, error)

Given a username and password, returns a session token or an error. You can then use the session token to obtain a session id. https://developer.okta.com/docs/api/resources/sessions#session-token

If a second factor is required, the configured callbacks on the client will be invoked.

type Prompts ¶

type Prompts interface {
	// Given a VerifyU2FRequest, should return true if the U2F device is present.
	// This is used to automatically choose the U2F device for MFA if it is detected.
	//
	// The Challenge field will not be set on this call.
	// This should set the "check only" field on the u2f authentication request.
	CheckU2FPresence(request VerifyU2FRequest) bool

	// Given a list of factors, should present the user with the choices and
	// return the chosen factor. If an error is returned the authentication flow
	// is aborted.
	ChooseFactor(factors []factors.Factor) (factors.Factor, error)

	// Called when there is a (retriable) error in the flow that should be presented to the user.
	// For example, if the wrong code has been entered in an SMS MFA flow, the user will be notified
	// and then prompted to choose a factor again.
	PresentUserError(string)

	// Attempt to authenticate with the chosen U2F device.
	// The context has a deadline set on it, which after it occurs the factor verification will be canceled.
	VerifyU2F(ctx context.Context, request VerifyU2FRequest) (VerifyU2FResponse, error)

	// Prompt the user for a code for the given factor (SMS, TOTP, Call).
	VerifyCode(factor factors.Factor) (string, error)

	// Prompt user to check their phone for Okta Verify push notification
	VerifyPush()
}

type TerminalError ¶

type TerminalError string

Used to indicate that the current authentication flow cannot proceed. When a terminal error is returned, the program should print the error and exit with a non zero status code.

func (TerminalError) Error ¶

func (e TerminalError) Error() string

func (TerminalError) String ¶

func (e TerminalError) String() string

type VerifyU2FRequest ¶

type VerifyU2FRequest struct {
	Facet     string
	AppId     string
	KeyHandle string
	Challenge string
	WebAuthn  bool
}

Parameters used for authenticating with a U2F device. For more information see https://fidoalliance.org/specifications/

type VerifyU2FResponse ¶

type VerifyU2FResponse struct {
	ClientData        string
	SignatureData     string
	AuthenticatorData string
}

Data returned after successfully authenticating with a U2F device. For more information see https://fidoalliance.org/specifications/

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
api Defines the API objects used in the authentication flows.	Defines the API objects used in the authentication flows.
factors Factors represent multi-factor options as part of the authentication flow.	Factors represent multi-factor options as part of the authentication flow.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL