Documentation
¶
Index ¶
- Constants
- Variables
- func ConfigureAuthorizationServer(di initDI)
- func ProvideAuthServerDI(di configDI) authServerOut
- func Use()
- type AuthServerProperties
- type AuthorizationServerConfigurer
- type AuthorizeEndpointConfigurer
- type ClientAuthEndpointsConfigurer
- type ConditionalEndpoint
- type Configuration
- type Endpoints
- type EndpointsProperties
- type IdpLogoutSecurityConfigurer
- type IdpSecurityConfigurer
- type IssuerProperties
- type LogoutEndpointConfigurer
- type TokenAuthEndpointsConfigurer
Constants ¶
View Source
const ( OrderAuthorizeSecurityConfigurer = 0 OrderLogoutSecurityConfigurer = 50 OrderClientAuthSecurityConfigurer = 100 OrderTokenAuthSecurityConfigurer = 200 )
View Source
const (
PropertiesPrefix = "security.auth"
)
Variables ¶
View Source
var Module = &bootstrap.Module{ Name: "oauth2 authserver", Precedence: security.MinSecurityPrecedence + 20, Options: []fx.Option{ appconfig.FxEmbeddedDefaults(defaultConfigFS), fx.Provide(BindAuthServerProperties), fx.Provide(ProvideAuthServerDI), fx.Provide(provide), fx.Invoke(ConfigureAuthorizationServer), }, }
Functions ¶
func ConfigureAuthorizationServer ¶
func ConfigureAuthorizationServer(di initDI)
ConfigureAuthorizationServer is the Configuration entry point
func ProvideAuthServerDI ¶
func ProvideAuthServerDI(di configDI) authServerOut
Types ¶
type AuthServerProperties ¶
type AuthServerProperties struct {
Issuer IssuerProperties `json:"issuer"`
RedirectWhitelist []string `json:"redirect-whitelist"`
Endpoints EndpointsProperties `json:"endpoints"`
}
func BindAuthServerProperties ¶
func BindAuthServerProperties(ctx *bootstrap.ApplicationContext) AuthServerProperties
BindAuthServerProperties create and bind AuthServerProperties, with a optional prefix
func NewAuthServerProperties ¶
func NewAuthServerProperties() *AuthServerProperties
NewAuthServerProperties create a SessionProperties with default values
type AuthorizationServerConfigurer ¶
type AuthorizationServerConfigurer func(*Configuration)
type AuthorizeEndpointConfigurer ¶
type AuthorizeEndpointConfigurer struct {
// contains filtered or unexported fields
}
AuthorizeEndpointConfigurer implements security.Configurer and order.Ordered responsible to configure "authorize" endpoint
func (*AuthorizeEndpointConfigurer) Configure ¶
func (c *AuthorizeEndpointConfigurer) Configure(ws security.WebSecurity)
func (*AuthorizeEndpointConfigurer) Order ¶
func (c *AuthorizeEndpointConfigurer) Order() int
type ClientAuthEndpointsConfigurer ¶
type ClientAuthEndpointsConfigurer struct {
// contains filtered or unexported fields
}
ClientAuthEndpointsConfigurer implements security.Configurer and order.Ordered responsible to configure misc using client auth
func (*ClientAuthEndpointsConfigurer) Configure ¶
func (c *ClientAuthEndpointsConfigurer) Configure(ws security.WebSecurity)
func (*ClientAuthEndpointsConfigurer) Order ¶
func (c *ClientAuthEndpointsConfigurer) Order() int
type ConditionalEndpoint ¶
type ConditionalEndpoint struct {
Location *url.URL
Condition web.RequestMatcher
}
type Configuration ¶
type Configuration struct {
// configurable items
SessionSettingService session.SettingService
ClientStore oauth2.OAuth2ClientStore
ClientSecretEncoder passwd.PasswordEncoder
Endpoints Endpoints
UserAccountStore security.AccountStore
TenantStore security.TenantStore
ProviderStore security.ProviderStore
UserPasswordEncoder passwd.PasswordEncoder
TokenStore auth.TokenStore
JwkStore jwt.JwkStore
IdpManager idp.IdentityProviderManager
Issuer security.Issuer
OpenIDSSOEnabled bool
SamlIdpSigningMethod string
ApprovalStore auth.ApprovalStore
// contains filtered or unexported fields
}
func (*Configuration) AddIdp ¶
func (c *Configuration) AddIdp(configurer IdpSecurityConfigurer)
type EndpointsProperties ¶
type EndpointsProperties struct {
Authorize string `json:"authorize"`
Token string `json:"token"`
Approval string `json:"approval"`
CheckToken string `json:"check-token"`
TenantHierarchy string `json:"tenant-hierarchy"`
Error string `json:"error"`
Logout string `json:"logout"`
LoggedOut string `json:"logged-out"`
UserInfo string `json:"user-info"`
JwkSet string `json:"jwk-set"`
SamlMetadata string `json:"saml-metadata"`
}
type IdpLogoutSecurityConfigurer ¶
type IdpLogoutSecurityConfigurer interface {
ConfigureLogout(ws security.WebSecurity, config *Configuration)
}
IdpLogoutSecurityConfigurer additional interface that IdpSecurityConfigurer could choose to implement for customizing "logout" process Note: IdpLogoutSecurityConfigurer is only invoked once per instance, the given security.WebSecurity are shared
between IDPs. Therefore, implementing class should not change Route or Condition on the given "ws"
type IdpSecurityConfigurer ¶
type IdpSecurityConfigurer interface {
Configure(ws security.WebSecurity, config *Configuration)
}
IdpSecurityConfigurer interface for IDPs to implement for customizing "authorize" process
type IssuerProperties ¶
type IssuerProperties struct {
// the protocol which is either http or https
Protocol string `json:"protocol"`
// This server's host name
// Used to build the entity base url. The entity url identifies this auth server in a SAML exchange and OIDC exchange.
Domain string `json:"domain"`
Port int `json:"port"`
// Context base path for this server
// Used to build the entity base url. The entity url identifies this auth server in a SAML exchange.
ContextPath string `json:"context-path"`
IncludePort bool `json:"include-port"`
}
type LogoutEndpointConfigurer ¶
type LogoutEndpointConfigurer struct {
// contains filtered or unexported fields
}
LogoutEndpointConfigurer implements security.Configurer and order.Ordered responsible to configure "logout" endpoint
func (*LogoutEndpointConfigurer) Configure ¶
func (c *LogoutEndpointConfigurer) Configure(ws security.WebSecurity)
func (*LogoutEndpointConfigurer) Order ¶
func (c *LogoutEndpointConfigurer) Order() int
type TokenAuthEndpointsConfigurer ¶
type TokenAuthEndpointsConfigurer struct {
// contains filtered or unexported fields
}
TokenAuthEndpointsConfigurer implements security.Configurer and order.Ordered responsible to configure misc using token auth
func (*TokenAuthEndpointsConfigurer) Configure ¶
func (c *TokenAuthEndpointsConfigurer) Configure(ws security.WebSecurity)
func (*TokenAuthEndpointsConfigurer) Order ¶
func (c *TokenAuthEndpointsConfigurer) Order() int
Source Files
Click to show internal directories.
Click to hide internal directories.