federation

package

v1.1.2 Latest Latest Go to latest Published: Mar 2, 2026 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/eugenioenko/autentico

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateFederatedIdentity(fi FederatedIdentity) error
func CreateFederationProvider(p FederationProvider) error
func DeleteFederationProvider(id string) error
func HandleAdminFederationEndpoint(w http.ResponseWriter, r *http.Request)
func HandleFederationBegin(w http.ResponseWriter, r *http.Request)
func HandleFederationCallback(w http.ResponseWriter, r *http.Request)
func SignState(s FederationState) (string, error)
func UpdateFederationProvider(id string, req FederationProviderRequest) error
type FederatedIdentity
- func FederatedIdentityByProviderAndSub(providerID, sub string) (*FederatedIdentity, error)
type FederationProvider
- func FederationProviderByID(id string) (*FederationProvider, error)
- func ListFederationProviders() ([]*FederationProvider, error)
type FederationProviderRequest
type FederationProviderView
- func ListEnabledProviderViews() ([]FederationProviderView, error)
type FederationState
- func VerifyState(raw string) (*FederationState, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateFederatedIdentity ¶

func CreateFederatedIdentity(fi FederatedIdentity) error

func CreateFederationProvider ¶

func CreateFederationProvider(p FederationProvider) error

func DeleteFederationProvider ¶

func DeleteFederationProvider(id string) error

func HandleAdminFederationEndpoint ¶

func HandleAdminFederationEndpoint(w http.ResponseWriter, r *http.Request)

HandleAdminFederationEndpoint routes admin CRUD requests for federation providers.

func HandleFederationBegin ¶

func HandleFederationBegin(w http.ResponseWriter, r *http.Request)

HandleFederationBegin initiates an OIDC federation login by redirecting the user to the external identity provider.

func HandleFederationCallback ¶

func HandleFederationCallback(w http.ResponseWriter, r *http.Request)

HandleFederationCallback handles the OIDC callback from the external provider, resolves the local user, and issues an authorization code.

func SignState ¶

func SignState(s FederationState) (string, error)

SignState JSON-encodes the FederationState, signs it with HMAC-SHA256 using the CSRF secret, and returns a base64url-encoded "payload.signature" string.

func UpdateFederationProvider ¶

func UpdateFederationProvider(id string, req FederationProviderRequest) error

Types ¶

type FederatedIdentity ¶

type FederatedIdentity struct {
	ID             string
	ProviderID     string
	ProviderUserID string
	UserID         string
	Email          sql.NullString
	CreatedAt      time.Time
}

FederatedIdentity links a local user to a provider-specific subject (sub).

func FederatedIdentityByProviderAndSub ¶

func FederatedIdentityByProviderAndSub(providerID, sub string) (*FederatedIdentity, error)

type FederationProvider ¶

type FederationProvider struct {
	ID           string
	Name         string
	Issuer       string
	ClientID     string
	ClientSecret string
	IconSVG      sql.NullString
	Enabled      bool
	SortOrder    int
	CreatedAt    time.Time
}

FederationProvider represents a registered OIDC identity provider.

func FederationProviderByID ¶

func FederationProviderByID(id string) (*FederationProvider, error)

func ListFederationProviders ¶

func ListFederationProviders() ([]*FederationProvider, error)

type FederationProviderRequest ¶

type FederationProviderRequest struct {
	ID           string `json:"id"`
	Name         string `json:"name"`
	Issuer       string `json:"issuer"`
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	IconSVG      string `json:"icon_svg"`
	Enabled      *bool  `json:"enabled"`
	SortOrder    int    `json:"sort_order"`
}

FederationProviderRequest is used for admin create/update API calls.

type FederationProviderView ¶

type FederationProviderView struct {
	ID      string
	Name    string
	IconSVG template.HTML
}

FederationProviderView is a safe, template-ready representation of a provider.

func ListEnabledProviderViews ¶

func ListEnabledProviderViews() ([]FederationProviderView, error)

ListEnabledProviderViews returns only enabled providers as template-safe views, ordered by sort_order for display on the login page.

type FederationState ¶

type FederationState struct {
	Nonce               string `json:"nonce"`
	ProviderID          string `json:"provider_id"`
	RedirectURI         string `json:"redirect_uri"`
	ClientID            string `json:"client_id"`
	Scope               string `json:"scope"`
	State               string `json:"state"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
}

FederationState is HMAC-signed and round-tripped via the OAuth2 state parameter. It carries the original OIDC authorization request params across the provider redirect.

func VerifyState ¶

func VerifyState(raw string) (*FederationState, error)

VerifyState parses a signed state string produced by SignState, verifies the HMAC signature, and returns the decoded FederationState.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL