adminidentity

package
v0.3.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package adminidentity exposes reusable identity-administration HTTP handlers for Workflow auth consumers.

Index

Constants

View Source
const (
	CredentialKindPasskey = "passkey"
	CredentialKindTOTP    = "totp"
)

Variables

View Source
var (
	ErrSetupCodeNotFound   = errors.New("setup code not found")
	ErrSetupCodeWrongEmail = errors.New("setup code email mismatch")
	ErrSetupCodeExpired    = errors.New("setup code expired")
)

Functions

func NewHandler

func NewHandler(options Options) (http.Handler, error)

NewHandler returns an HTTP handler for reusable auth identity administration.

Types

type AddPasskeyCredentialInput

type AddPasskeyCredentialInput struct {
	CredentialID   string
	CredentialJSON string
	PublicKey      string
	Label          string
}

type AddTOTPCredentialInput

type AddTOTPCredentialInput struct {
	Secret string
	Label  string
}

type Authorizer

type Authorizer interface {
	Authorize(context.Context, Principal, string, string) error
}

type ConformanceOptions

type ConformanceOptions struct {
	Handler http.Handler
	BaseURL string
	Client  *http.Client
	Routes  []RouteProbe
}

type ConformanceResult

type ConformanceResult struct {
	Pass     bool
	Failures []string
}

func CheckConformance

func CheckConformance(options ConformanceOptions) ConformanceResult

type Credential

type Credential struct {
	ID             string     `json:"id"`
	UserID         string     `json:"user_id,omitempty"`
	Kind           string     `json:"kind"`
	Label          string     `json:"label,omitempty"`
	CreatedAt      time.Time  `json:"created_at,omitempty"`
	LastUsedAt     *time.Time `json:"last_used_at,omitempty"`
	SecretMaterial string     `json:"-"`
}

type CredentialStore

type CredentialStore interface {
	ListCredentials(context.Context, string) ([]Credential, error)
	AddTOTPCredential(context.Context, string, AddTOTPCredentialInput) (Credential, error)
	AddPasskeyCredential(context.Context, string, AddPasskeyCredentialInput) (Credential, error)
}

type IssueSetupCodeInput

type IssueSetupCodeInput struct {
	Email       string    `json:"email"`
	DisplayName string    `json:"display_name,omitempty"`
	Role        string    `json:"role"`
	TenantIDs   []string  `json:"tenant_ids,omitempty"`
	ExpiresAt   time.Time `json:"expires_at,omitempty"`
}

type ListUsersFilter

type ListUsersFilter struct {
	Principal Principal
}

type Options

type Options struct {
	PagePath          string
	ProfilePath       string
	CredentialsPath   string
	PasskeyBeginPath  string
	PasskeyFinishPath string
	TOTPBeginPath     string
	TOTPVerifyPath    string
	UsersPath         string
	SetupRedeemPath   string
	SetupLoginPath    string
	LogoutPath        string

	PrincipalResolver PrincipalResolver
	UserStore         UserStore
	CredentialStore   CredentialStore
	SetupCodeStore    SetupCodeStore
	SessionIssuer     SessionIssuer
	StepInvoker       StepInvoker
	Authorizer        Authorizer
	LogoutHandler     http.Handler
}

Options configures the identity admin handler. The host owns persistence and policy by supplying typed adapters.

type Principal

type Principal struct {
	UserID string
	Email  string
	Role   string
}

type PrincipalResolver

type PrincipalResolver interface {
	CurrentPrincipal(*http.Request) (Principal, bool)
}

type ProfileUpdater added in v0.3.12

type ProfileUpdater interface {
	UpdateCurrentUser(context.Context, Principal, UpdateProfileInput) (User, error)
}

type RouteProbe

type RouteProbe struct {
	Name           string
	Method         string
	Path           string
	ExpectedStatus int
	RequireBody    bool
}

func DefaultRoutesForOptions

func DefaultRoutesForOptions(options Options) []RouteProbe

type Session

type Session struct {
	Token     string    `json:"token"`
	ExpiresAt time.Time `json:"expires_at,omitempty"`
}

type SessionIssuer

type SessionIssuer interface {
	IssueSession(context.Context, SessionRequest) (Session, error)
}

type SessionRequest

type SessionRequest struct {
	UserID    string
	Email     string
	Role      string
	TenantIDs []string
}

type SetupCode

type SetupCode struct {
	ID        string
	Code      string
	Email     string
	UserID    string
	Role      string
	TenantIDs []string
	ExpiresAt time.Time
	UsedAt    *time.Time
}

type SetupCodeStore

type SetupCodeStore interface {
	IssueSetupCode(context.Context, IssueSetupCodeInput) (SetupCode, error)
	RedeemSetupCode(context.Context, string, string) (SetupCode, error)
}

type StepCall

type StepCall struct {
	StepType string
	Input    map[string]any
}

type StepInvoker

type StepInvoker interface {
	InvokeStep(context.Context, StepCall) (map[string]any, error)
}

type UpdateProfileInput added in v0.3.12

type UpdateProfileInput struct {
	DisplayName   string `json:"display_name,omitempty"`
	RecoveryEmail string `json:"recovery_email,omitempty"`
}

type User

type User struct {
	ID            string   `json:"id"`
	Email         string   `json:"email"`
	DisplayName   string   `json:"display_name,omitempty"`
	RecoveryEmail string   `json:"recovery_email,omitempty"`
	Role          string   `json:"role,omitempty"`
	TenantIDs     []string `json:"tenant_ids,omitempty"`
}

type UserStore

type UserStore interface {
	CurrentUser(context.Context, Principal) (User, error)
	ListUsers(context.Context, ListUsersFilter) ([]User, error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL