Documentation
¶
Overview ¶
Package connector defines interfaces for federated identity strategies.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CallbackConnector ¶
type CallbackConnector interface {
// The initial URL to redirect the user to.
//
// OAuth2 implementations should request different scopes from the upstream
// identity provider based on the scopes requested by the downstream client.
// For example, if the downstream client requests a refresh token from the
// server, the connector should also request a token from the provider.
//
// Many identity providers have arbitrary restrictions on refresh tokens. For
// example Google only allows a single refresh token per client/user/scopes
// combination, and wont return a refresh token even if offline access is
// requested if one has already been issues. There's no good general answer
// for these kind of restrictions, and may require this package to become more
// aware of the global set of user/connector interactions.
LoginURL(s Scopes, callbackURL, state string) (string, error)
// Handle the callback to the server and return an identity.
HandleCallback(s Scopes, r *http.Request) (identity Identity, err error)
}
CallbackConnector is an interface implemented by connectors which use an OAuth style redirect flow to determine user information.
type Connector ¶
type Connector interface{}
Connector is a mechanism for federating login to a remote identity service.
Implementations are expected to implement either the PasswordConnector or CallbackConnector interface.
type Identity ¶
type Identity struct {
UserID string
Username string
Email string
EmailVerified bool
Groups []string
// ConnectorData holds data used by the connector for subsequent requests after initial
// authentication, such as access tokens for upstream provides.
//
// This data is never shared with end users, OAuth clients, or through the API.
ConnectorData []byte
}
Identity represents the ID Token claims supported by the server.
type PasswordConnector ¶
type PasswordConnector interface {
Login(ctx context.Context, s Scopes, username, password string) (identity Identity, validPassword bool, err error)
}
PasswordConnector is an interface implemented by connectors which take a username and password.
type RefreshConnector ¶
type RefreshConnector interface {
// Refresh is called when a client attempts to claim a refresh token. The
// connector should attempt to update the identity object to reflect any
// changes since the token was last refreshed.
Refresh(ctx context.Context, s Scopes, identity Identity) (Identity, error)
}
RefreshConnector is a connector that can update the client claims.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package github provides authentication strategies using GitHub.
|
Package github provides authentication strategies using GitHub. |
|
Package ldap implements strategies for authenticating using the LDAP protocol.
|
Package ldap implements strategies for authenticating using the LDAP protocol. |
|
Package mock implements connectors which help test various server components.
|
Package mock implements connectors which help test various server components. |
|
Package oidc implements logging in through OpenID Connect providers.
|
Package oidc implements logging in through OpenID Connect providers. |
Click to show internal directories.
Click to hide internal directories.