Documentation ¶
Index ¶
Constants ¶
const ( RequestGuestClaim = "guest" NameClaim = "name" )
Claims as used by kwmserver guest support.
Variables ¶
This section is empty.
Functions ¶
func MustRegister ¶
func MustRegister(reg prometheus.Registerer, cs ...prometheus.Collector)
MustRegister registers all guest metrics with the provided registerer and panics upon the first registration that causes an error.
Types ¶
type Claims ¶
Claims define the claims for guests.
type ClaimsRequest ¶
type ClaimsRequest struct { UserInfo *ClaimsRequestMap `json:"userinfo,omitempty"` IDToken *ClaimsRequestMap `json:"id_token,omitempty"` Passthru json.RawMessage `json:"passthru,omitempty"` }
ClaimsRequest define the base claims structure for OpenID Connect claims request parameter value as specified at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter - in addition a Konnect specific pass thru value can be used to pass through any application specific values to access and reqfresh tokens.
func (*ClaimsRequest) SetPassthru ¶
func (cr *ClaimsRequest) SetPassthru(d interface{}) (err error)
SetPassthru sets the accociated claims request passthrough field to the JSON encoded value of the provided data.
type ClaimsRequestMap ¶
type ClaimsRequestMap map[string]*ClaimsRequestValue
ClaimsRequestMap defines a mapping of claims request values used with OpenID Connect claims request parameter values.
type ClaimsRequestValue ¶
type ClaimsRequestValue struct { Essential bool `json:"essential,omitempty"` Value interface{} `json:"value,omitempty"` Values []interface{} `json:"values,omitempty"` }
ClaimsRequestValue is the claims request detail definition of an OpenID Connect claims request parameter value.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles guests.
func NewManager ¶
func NewManager(ctx context.Context, id string, clientsRegistry *clients.Registry, allowGuestOnlyChannels bool, publicPatternString string, logger logrus.FieldLogger) *Manager
NewManager creates a new Manager with an id.
func (*Manager) ApplyRestrictions ¶
func (m *Manager) ApplyRestrictions(auth *api.AdminAuthToken, claims *kcoidc.ExtraClaimsWithType) error
ApplyRestrictions returns the guest claims from the provided claims.
func (*Manager) Context ¶
Context Returns the Context of the associated manager.
func (*Manager) MakeHTTPLogonHandler ¶
MakeHTTPLogonHandler implements the HTTP handler for guest logon requests.
type RequestObjectClaims ¶
type RequestObjectClaims struct { ClientID string `json:"client_id"` RawResponseType string `json:"response_type,omitempty"` RawScope string `json:"scope,omitempty"` Claims *ClaimsRequest `json:"claims,omitempty"` }
RequestObjectClaims holds the incoming request object claims provided as JWT via request parameter to OpenID Connect 1.0 authorization endpoint requests as used by kwmserver guest support. Specification at https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests
func (*RequestObjectClaims) Valid ¶
func (roc *RequestObjectClaims) Valid() error
Valid implements the claims interface.