Documentation
¶
Overview ¶
Package authenticator is responsible for handling the authentication of users with third party identity providers.
templ: version: v0.3.943
Index ¶
Constants ¶
View Source
const ( EmailClaim claim = "email" SubClaim = "sub" NameClaim = "name" DefaultClaim = NameClaim )
Variables ¶
View Source
var ( // "openid" is a required scope for OpenID Connect flows, and profile // gives OTF access to the user's username. DefaultOIDCScopes = []string{oidc.ScopeOpenID, "profile"} ErrMissingOIDCIssuerURL = errors.New("missing oidc-issuer-url") )
View Source
var ErrOAuthCredentialsIncomplete = errors.New("must specify both client ID and client secret")
Functions ¶
Types ¶
type IdentityProviderClient ¶ added in v0.1.14
type OAuthClient ¶
type OAuthClient struct {
logr.Logger
OAuthConfig
// for retrieving OTF system hostname to construct redirect URLs
*internal.HostnameService
// contains filtered or unexported fields
}
OAuthClient performs the client role in an oauth handshake, requesting authorization from the user to access their account details on a particular cloud.
func (*OAuthClient) RequestPath ¶
func (a *OAuthClient) RequestPath() string
func (*OAuthClient) String ¶
func (a *OAuthClient) String() string
String provides a human-readable identifier for the oauth client, using the name of its underlying cloud provider
type OAuthConfig ¶ added in v0.1.14
type OAuthConfig struct {
// Name of oauth client. Should be a lowercase string because it is used
// in URL paths.
Name string
BaseURL *internal.WebURL
ClientID string
ClientSecret string
Endpoint oauth2.Endpoint
Scopes []string
SkipTLSVerification bool
Icon templ.Component
}
OAuthConfig is configuration for constructing an OAuth client
type OIDCConfig ¶ added in v0.1.14
type OIDCConfig struct {
// Name is the user-friendly identifier of the OIDC endpoint.
Name string
// IssuerURL is the issuer url for the OIDC provider.
IssuerURL string
// ClientID is the client id for the OIDC provider.
ClientID string
// ClientSecret is the client secret for the OIDC provider.
ClientSecret string
// Skip TLS Verification when communicating with issuer.
SkipTLSVerification bool
// Scopes to request from the OIDC provider.
Scopes []string
// UsernameClaim is the claim that provides the username.
UsernameClaim string
}
OIDCConfig is the configuration for a generic OIDC provider.
type OpaqueHandlerConfig ¶ added in v0.1.14
type OpaqueHandlerConfig struct {
OAuthConfig
ClientConstructor func(cfg OAuthConfig, token *oauth2.Token) (IdentityProviderClient, error)
}
type Options ¶
type Options struct {
logr.Logger
HostnameService *internal.HostnameService
UserService userService
TokensService *tokens.Service
IDTokenHandlerConfig OIDCConfig
SkipTLSVerification bool
}
type Service ¶ added in v0.3.24
type Service struct {
logr.Logger
HostnameService *internal.HostnameService
UserService userService
TokensService *tokens.Service
// contains filtered or unexported fields
}
func NewAuthenticatorService ¶
NewAuthenticatorService constructs a service for logging users onto the system. Supports multiple clients: zero or more clients that support an opaque token, and one client that supports IDToken/OIDC.
func (*Service) AddHandlers ¶ added in v0.3.24
func (*Service) Clients ¶ added in v0.4.8
func (a *Service) Clients() []*OAuthClient
func (*Service) RegisterOAuthClient ¶ added in v0.3.24
func (a *Service) RegisterOAuthClient(cfg OpaqueHandlerConfig) error
Source Files
Click to show internal directories.
Click to hide internal directories.