Documentation ¶
Index ¶
- Constants
- func NewDexClient(hostAndPort string, caCrt, clientCrt, clientKey string) (api.DexClient, error)
- type AuthSource
- type Authenticator
- func (a *Authenticator) Authenticate(r *http.Request) (*User, error)
- func (a *Authenticator) CallbackFunc(fn func(loginInfo LoginJSON, successURL string, w http.ResponseWriter)) func(w http.ResponseWriter, r *http.Request)
- func (a *Authenticator) ExchangeAuthCode(code string) (idToken, refreshToken string, err error)
- func (a *Authenticator) LoginFunc(w http.ResponseWriter, r *http.Request)
- func (a *Authenticator) LogoutFunc(w http.ResponseWriter, r *http.Request)
- func (a *Authenticator) SetCSRFCookie(path string, w *http.ResponseWriter)
- func (a *Authenticator) VerifyCSRFToken(r *http.Request) (err error)
- func (a *Authenticator) VerifyReferer(r *http.Request) (err error)
- type Config
- type LoginJSON
- type SessionStore
- type User
Constants ¶
View Source
const ( CSRFCookieName = "csrf-token" CSRFHeader = "X-CSRFToken" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AuthSource ¶
type AuthSource int
AuthSource allows callers to switch between Tectonic and OpenShift login support.
const ( AuthSourceTectonic AuthSource = 0 AuthSourceOpenShift AuthSource = 1 )
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func NewAuthenticator ¶
func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error)
NewAuthenticator initializes an Authenticator struct. It blocks until the authenticator is able to contact the provider.
func (*Authenticator) Authenticate ¶
func (a *Authenticator) Authenticate(r *http.Request) (*User, error)
func (*Authenticator) CallbackFunc ¶
func (a *Authenticator) CallbackFunc(fn func(loginInfo LoginJSON, successURL string, w http.ResponseWriter)) func(w http.ResponseWriter, r *http.Request)
CallbackFunc handles OAuth2 callbacks and code/token exchange. Requests with unexpected params are redirected to the root route.
func (*Authenticator) ExchangeAuthCode ¶
func (a *Authenticator) ExchangeAuthCode(code string) (idToken, refreshToken string, err error)
ExchangeAuthCode allows callers to return a raw token response given a OAuth2 code. This is useful for clients which need to request refresh tokens.
func (*Authenticator) LoginFunc ¶
func (a *Authenticator) LoginFunc(w http.ResponseWriter, r *http.Request)
LoginFunc redirects to the OIDC provider for user login.
func (*Authenticator) LogoutFunc ¶
func (a *Authenticator) LogoutFunc(w http.ResponseWriter, r *http.Request)
LogoutFunc cleans up session cookies.
func (*Authenticator) SetCSRFCookie ¶
func (a *Authenticator) SetCSRFCookie(path string, w *http.ResponseWriter)
func (*Authenticator) VerifyCSRFToken ¶
func (a *Authenticator) VerifyCSRFToken(r *http.Request) (err error)
func (*Authenticator) VerifyReferer ¶
func (a *Authenticator) VerifyReferer(r *http.Request) (err error)
type Config ¶
type Config struct { AuthSource AuthSource IssuerURL string IssuerCA string RedirectURL string ClientID string ClientSecret string Scope []string SuccessURL string ErrorURL string RefererPath string // cookiePath is an abstraction leak. (unfortunately, a necessary one.) CookiePath string SecureCookies bool }
type LoginJSON ¶
type SessionStore ¶
type SessionStore struct {
// contains filtered or unexported fields
}
func NewSessionStore ¶
func NewSessionStore(maxSessions int) *SessionStore
Click to show internal directories.
Click to hide internal directories.