authn

package

v0.0.0-...-9a5b211 Latest Latest Go to latest Published: Jul 1, 2023 License: MPL-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataliftHQ/datalift

Documentation ¶

Index ¶

Constants
Variables
func ContextWithAnonymousClaims(ctx context.Context) context.Context
func ContextWithClaims(ctx context.Context, claims *Claims) context.Context
func New(cfg *anypb.Any, logger *zap.Logger, scope tally.Scope) (service.Service, error)
func NewStorage(cfg *anypb.Any, logger *zap.Logger, scope tally.Scope) (service.Service, error)
type Claims
- func ClaimsFromContext(ctx context.Context) (*Claims, error)
- func DefaultClaimsFromOIDCToken(ctx context.Context, t *oidc.IDToken) (*Claims, error)
type ClaimsConfig
- func NewClaimsConfig(subjectClaimName string, groupsClaimName string) *ClaimsConfig
- func (cc *ClaimsConfig) ClaimsFromOIDCToken(ctx context.Context, t *oidc.IDToken) (*Claims, error)
type ClaimsContextKey
type ClaimsFromOIDCTokenFunc
type Issuer
type OIDCProvider
- func WithClaimsFromOIDCTokenFunc(p *OIDCProvider, fn ClaimsFromOIDCTokenFunc) *OIDCProvider
- func (p *OIDCProvider) CreateToken(ctx context.Context, subject string, ...) (*oauth2.Token, error)
- func (p *OIDCProvider) Exchange(ctx context.Context, code string) (*oauth2.Token, error)
- func (p *OIDCProvider) GetAuthCodeURL(ctx context.Context, state string) (string, error)
- func (p *OIDCProvider) GetStateNonce(redirectURL string) (string, error)
- func (p *OIDCProvider) Read(ctx context.Context, userID, provider string) (*oauth2.Token, error)
- func (p *OIDCProvider) RefreshToken(ctx context.Context, t *oauth2.Token) (*oauth2.Token, error)
- func (p *OIDCProvider) ValidateStateNonce(state string) (string, error)
- func (p *OIDCProvider) Verify(ctx context.Context, rawToken string) (*Claims, error)
type Provider
- func NewOIDCProvider(ctx context.Context, config *authnv1.Config, tokenStorage Storage) (Provider, error)
type Service
type Storage
type TokenReader
type TokenStorer

Constants ¶

View Source

const AnonymousSubject = "system:anonymous"

View Source

const Name = "datalift.service.authn"

View Source

const StorageName = "datalift.service.authn.storage"

Variables ¶

View Source

var AlwaysAllowedMethods = []string{
	"/datalift.authn.v1.AuthnAPI/Callback",
	"/datalift.authn.v1.AuthnAPI/Login",
	"/datalift.healthcheck.v1.HealthcheckAPI/*",
}

AlwaysAllowedMethods is a list of method patterns that are always open and not blocked by authn or authz. TODO(maybe): convert this to an API annotation or make configurable on the middleware that use the list.

Functions ¶

func ContextWithAnonymousClaims ¶

func ContextWithAnonymousClaims(ctx context.Context) context.Context

func ContextWithClaims ¶

func ContextWithClaims(ctx context.Context, claims *Claims) context.Context

func New ¶

func New(cfg *anypb.Any, logger *zap.Logger, scope tally.Scope) (service.Service, error)

func NewStorage ¶

func NewStorage(cfg *anypb.Any, logger *zap.Logger, scope tally.Scope) (service.Service, error)

Types ¶

type Claims ¶

type Claims struct {
	*jwt.StandardClaims

	// Groups could be derived from the token or an external mapping.
	Groups []string `json:"grp,omitempty"`
}

Standardized representation of a user's claims.

func ClaimsFromContext ¶

func ClaimsFromContext(ctx context.Context) (*Claims, error)

func DefaultClaimsFromOIDCToken ¶

func DefaultClaimsFromOIDCToken(ctx context.Context, t *oidc.IDToken) (*Claims, error)

Extract claims from an OIDC token and return standard claims object. This could be configurable at a later date to support subjects with IDs other than email (e.g. GitHub ID).

type ClaimsConfig ¶

type ClaimsConfig struct {
	// contains filtered or unexported fields
}

func NewClaimsConfig ¶

func NewClaimsConfig(subjectClaimName string, groupsClaimName string) *ClaimsConfig

func (*ClaimsConfig) ClaimsFromOIDCToken ¶

func (cc *ClaimsConfig) ClaimsFromOIDCToken(ctx context.Context, t *oidc.IDToken) (*Claims, error)

type ClaimsContextKey ¶

type ClaimsContextKey struct{}

type ClaimsFromOIDCTokenFunc ¶

type ClaimsFromOIDCTokenFunc func(ctx context.Context, t *oidc.IDToken) (*Claims, error)

type Issuer ¶

type Issuer interface {
	// CreateToken creates a new OAuth2 for the provided subject with the provided expiration. If expiry is nil,
	// the token will never expire.
	CreateToken(ctx context.Context, subject string, tokenType authnmodulev1.CreateTokenRequest_TokenType, expiry *time.Duration) (token *oauth2.Token, err error)
	RefreshToken(ctx context.Context, token *oauth2.Token) (*oauth2.Token, error)
}

type OIDCProvider ¶

type OIDCProvider struct {
	// contains filtered or unexported fields
}

func WithClaimsFromOIDCTokenFunc ¶

func WithClaimsFromOIDCTokenFunc(p *OIDCProvider, fn ClaimsFromOIDCTokenFunc) *OIDCProvider

func (*OIDCProvider) CreateToken ¶

func (p *OIDCProvider) CreateToken(ctx context.Context, subject string, tokenType authnmodulev1.CreateTokenRequest_TokenType, expiry *time.Duration) (*oauth2.Token, error)

func (*OIDCProvider) Exchange ¶

func (p *OIDCProvider) Exchange(ctx context.Context, code string) (*oauth2.Token, error)

func (*OIDCProvider) GetAuthCodeURL ¶

func (p *OIDCProvider) GetAuthCodeURL(ctx context.Context, state string) (string, error)

func (*OIDCProvider) GetStateNonce ¶

func (p *OIDCProvider) GetStateNonce(redirectURL string) (string, error)

func (*OIDCProvider) Read ¶

func (p *OIDCProvider) Read(ctx context.Context, userID, provider string) (*oauth2.Token, error)

func (*OIDCProvider) RefreshToken ¶

func (p *OIDCProvider) RefreshToken(ctx context.Context, t *oauth2.Token) (*oauth2.Token, error)

Refresh the issuer token. If the provider token is not valid, refresh it. If any error occurs continue auth code flow.

func (*OIDCProvider) ValidateStateNonce ¶

func (p *OIDCProvider) ValidateStateNonce(state string) (string, error)

func (*OIDCProvider) Verify ¶

func (p *OIDCProvider) Verify(ctx context.Context, rawToken string) (*Claims, error)

type Provider ¶

type Provider interface {
	GetStateNonce(redirectURL string) (string, error)
	ValidateStateNonce(state string) (redirectURL string, err error)

	Verify(ctx context.Context, rawIDToken string) (*Claims, error)
	GetAuthCodeURL(ctx context.Context, state string) (string, error)
	Exchange(ctx context.Context, code string) (token *oauth2.Token, err error)
}

func NewOIDCProvider ¶

func NewOIDCProvider(ctx context.Context, config *authnv1.Config, tokenStorage Storage) (Provider, error)

type Service ¶

type Service interface {
	Issuer
	Provider
	TokenReader // Read calls are proxied through the IssuerProvider so the token can be refreshed if needed.
}

type Storage ¶

type Storage interface {
	TokenReader
	TokenStorer
}

type TokenReader ¶

type TokenReader interface {
	Read(ctx context.Context, userID, provider string) (*oauth2.Token, error)
}

type TokenStorer ¶

type TokenStorer interface {
	Store(ctx context.Context, userID, provider string, token *oauth2.Token) error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL