federation

package

v1.6.4 Latest Latest Go to latest Published: Apr 6, 2026 License: GPL-3.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/eugenioenko/autentico

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateFederatedIdentity(fi FederatedIdentity) error
func CreateFederationProvider(p FederationProvider) error
func DeleteFederatedIdentity(id string) error
func DeleteFederationProvider(id string) error
func HandleCreateProvider(w http.ResponseWriter, r *http.Request)
func HandleDeleteProvider(w http.ResponseWriter, r *http.Request)
func HandleFederationBegin(w http.ResponseWriter, r *http.Request)
func HandleFederationCallback(w http.ResponseWriter, r *http.Request)
func HandleGetProvider(w http.ResponseWriter, r *http.Request)
func HandleListProviders(w http.ResponseWriter, r *http.Request)
func HandleUpdateProvider(w http.ResponseWriter, r *http.Request)
func SignState(s FederationState) (string, error)
func UpdateFederationProvider(id string, req FederationProviderRequest) error
type FederatedIdentity
- func FederatedIdentitiesByUserID(userID string) ([]*FederatedIdentity, error)
- func FederatedIdentityByProviderAndSub(providerID, sub string) (*FederatedIdentity, error)
type FederationProvider
- func FederationProviderByID(id string) (*FederationProvider, error)
- func ListFederationProviders() ([]*FederationProvider, error)
type FederationProviderRequest
type FederationProviderView
- func ListEnabledProviderViews() ([]FederationProviderView, error)
type FederationState
- func VerifyState(raw string) (*FederationState, error)
type ProviderResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateFederatedIdentity ¶

func CreateFederatedIdentity(fi FederatedIdentity) error

func CreateFederationProvider ¶

func CreateFederationProvider(p FederationProvider) error

func DeleteFederatedIdentity ¶ added in v1.3.2

func DeleteFederatedIdentity(id string) error

func DeleteFederationProvider ¶

func DeleteFederationProvider(id string) error

func HandleCreateProvider ¶ added in v1.4.4

func HandleCreateProvider(w http.ResponseWriter, r *http.Request)

HandleCreateProvider godoc @Summary Create a federation provider @Tags federation-admin @Accept json @Produce json @Param request body FederationProviderRequest true "Provider request" @Security BearerAuth @Success 201 {object} map[string]string @Router /admin/api/federation [post]

func HandleDeleteProvider ¶ added in v1.4.4

func HandleDeleteProvider(w http.ResponseWriter, r *http.Request)

HandleDeleteProvider godoc @Summary Delete a federation provider @Tags federation-admin @Param id path string true "Provider ID" @Security BearerAuth @Success 204 @Failure 404 {object} model.ApiError @Router /admin/api/federation/{id} [delete]

func HandleFederationBegin ¶

func HandleFederationBegin(w http.ResponseWriter, r *http.Request)

HandleFederationBegin initiates an OIDC federation login by redirecting the user to the external identity provider.

func HandleFederationCallback ¶

func HandleFederationCallback(w http.ResponseWriter, r *http.Request)

HandleFederationCallback handles the OIDC callback from the external provider, resolves the local user, and issues an authorization code.

func HandleGetProvider ¶ added in v1.4.4

func HandleGetProvider(w http.ResponseWriter, r *http.Request)

HandleGetProvider godoc @Summary Get a federation provider @Tags federation-admin @Produce json @Param id path string true "Provider ID" @Security BearerAuth @Success 200 {object} ProviderResponse @Failure 404 {object} model.ApiError @Router /admin/api/federation/{id} [get]

func HandleListProviders ¶ added in v1.4.4

func HandleListProviders(w http.ResponseWriter, r *http.Request)

HandleListProviders godoc @Summary List federation providers @Tags federation-admin @Produce json @Security BearerAuth @Success 200 {array} ProviderResponse @Router /admin/api/federation [get]

func HandleUpdateProvider ¶ added in v1.4.4

func HandleUpdateProvider(w http.ResponseWriter, r *http.Request)

HandleUpdateProvider godoc @Summary Update a federation provider @Tags federation-admin @Accept json @Produce json @Param id path string true "Provider ID" @Param request body FederationProviderRequest true "Provider request" @Security BearerAuth @Success 200 {object} map[string]string @Failure 404 {object} model.ApiError @Router /admin/api/federation/{id} [put]

func SignState ¶

func SignState(s FederationState) (string, error)

SignState JSON-encodes the FederationState, signs it with HMAC-SHA256 using the CSRF secret, and returns a base64url-encoded "payload.signature" string.

func UpdateFederationProvider ¶

func UpdateFederationProvider(id string, req FederationProviderRequest) error

Types ¶

type FederatedIdentity ¶

type FederatedIdentity struct {
	ID             string
	ProviderID     string
	ProviderUserID string
	UserID         string
	Email          sql.NullString
	CreatedAt      time.Time
}

FederatedIdentity links a local user to a provider-specific subject (sub).

func FederatedIdentitiesByUserID ¶ added in v1.3.2

func FederatedIdentitiesByUserID(userID string) ([]*FederatedIdentity, error)

func FederatedIdentityByProviderAndSub ¶

func FederatedIdentityByProviderAndSub(providerID, sub string) (*FederatedIdentity, error)

type FederationProvider ¶

type FederationProvider struct {
	ID           string
	Name         string
	Issuer       string
	ClientID     string
	ClientSecret string
	IconSVG      sql.NullString
	Enabled      bool
	SortOrder    int
	CreatedAt    time.Time
}

FederationProvider represents a registered OIDC identity provider.

func FederationProviderByID ¶

func FederationProviderByID(id string) (*FederationProvider, error)

func ListFederationProviders ¶

func ListFederationProviders() ([]*FederationProvider, error)

type FederationProviderRequest ¶

type FederationProviderRequest struct {
	ID           string `json:"id"`
	Name         string `json:"name"`
	Issuer       string `json:"issuer"`
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	IconSVG      string `json:"icon_svg"`
	Enabled      *bool  `json:"enabled"`
	SortOrder    int    `json:"sort_order"`
}

FederationProviderRequest is used for admin create/update API calls.

type FederationProviderView ¶

type FederationProviderView struct {
	ID      string
	Name    string
	IconSVG template.HTML
}

FederationProviderView is a safe, template-ready representation of a provider.

func ListEnabledProviderViews ¶

func ListEnabledProviderViews() ([]FederationProviderView, error)

ListEnabledProviderViews returns only enabled providers as template-safe views, ordered by sort_order for display on the login page.

type FederationState ¶

type FederationState struct {
	Nonce               string `json:"nonce"`
	ProviderID          string `json:"provider_id"`
	RedirectURI         string `json:"redirect_uri"`
	ClientID            string `json:"client_id"`
	Scope               string `json:"scope"`
	State               string `json:"state"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
}

FederationState is HMAC-signed and round-tripped via the OAuth2 state parameter. It carries the original OIDC authorization request params across the provider redirect.

func VerifyState ¶

func VerifyState(raw string) (*FederationState, error)

VerifyState parses a signed state string produced by SignState, verifies the HMAC signature, and returns the decoded FederationState.

type ProviderResponse ¶ added in v1.4.4

type ProviderResponse struct {
	ID        string `json:"id"`
	Name      string `json:"name"`
	Issuer    string `json:"issuer"`
	ClientID  string `json:"client_id"`
	IconSVG   string `json:"icon_svg"`
	Enabled   bool   `json:"enabled"`
	SortOrder int    `json:"sort_order"`
}

ProviderResponse is the shared response shape for federation provider endpoints.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL