state

package

v1.26.0 Latest Latest Go to latest Published: Sep 13, 2025 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jkroepke/openvpn-auth-oauth2

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type ClientIdentifier
type State
- func New(client ClientIdentifier, ipAddr, ipPort, sessionState string) State
- func NewWithEncodedToken(encodedState, secretKey string) (State, error)
- func (state *State) Encode(secretKey string) (string, error)

Constants ¶

View Source

const (
	SessionNoState                     = "0"
	SessionStateEmpty                  = "1"
	SessionStateInitial                = "2"
	SessionStateAuthenticated          = "3"
	SessionStateExpired                = "4"
	SessionStateInvalid                = "5"
	SessionStateAuthenticatedEmptyUser = "6"
	SessionStateExpiredEmptyUser       = "7"
)

Variables ¶

View Source

var ErrInvalid = errors.New("invalid state")

Functions ¶

This section is empty.

Types ¶

type ClientIdentifier ¶ added in v1.8.0

type ClientIdentifier struct {
	SessionID            string // OpenVPN session identifier
	CommonName           string // OpenVPN common name (user)
	AuthFailedReasonFile string // File for failed authentication reasons
	AuthControlFile      string // Control file for authentication
	CID                  uint64 // OpenVPN connection ID
	KID                  uint64 // OpenVPN key ID
	UsernameIsDefined    int    // 1 if username is defined, 0 otherwise
}

ClientIdentifier holds detailed information about the client initiating an OAuth2 login flow.

This struct provides more context for the client and can be passed to github.com/jkroepke/openvpn-auth-oauth2/internal/openvpn.Client.AcceptClient.

type State ¶

type State struct {
	IPAddr       string           // Client's IP address
	IPPort       string           // Client's port
	SessionState string           // Compact session state representation
	Client       ClientIdentifier // Information about the client
	Issued       int64            // Timestamp (seconds since Unix epoch)
}

State represents the context and security information associated with an OAuth2 login flow.

The `State` value is passed to the `state` GET parameter during the OAuth2 login flow. It ensures that the client initiating the login flow is the same client completing it, thus preventing CSRF (Cross-Site Request Forgery) attacks. The `State` value is returned by the OAuth2 Identity Provider (IDP) in the redirect URL.

To prevent tampering, the `State` is protected using AES encryption.

func New ¶

func New(client ClientIdentifier, ipAddr, ipPort, sessionState string) State

New returns a new State with the current timestamp (rounded to the nearest second).

func NewWithEncodedToken ¶ added in v1.20.1

func NewWithEncodedToken(encodedState, secretKey string) (State, error)

NewWithEncodedToken creates a State from an encoded and encrypted token.

func (*State) Encode ¶

func (state *State) Encode(secretKey string) (string, error)

Encode serializes the state into a space-separated, AES-encrypted, base64-URL-safe string. Fields are encoded in fixed order:

CID KID AuthFailedReasonFile AuthControlFile SessionID UsernameIsDefined CommonName IPAddr IPPort SessionState Issued

Empty strings are encoded as \x00, and spaces as \x00. The result is safe for use in URL parameters and has a ~1-second resolution timestamp.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL