identity

package

v0.66.0 Latest Latest Go to latest Published: May 12, 2025 License: Apache-2.0 Imports: 11 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/libregraph/lico

Links

Open Source Insights

Documentation ¶

Index ¶

func AuthorizeScopes(manager Manager, user User, scopes map[string]bool) (map[string]bool, map[string]bool)
func GetSessionRef(label string, audience string, userID string) *string
func GetUserClaimsForScopes(user User, scopes map[string]bool, ...) map[string]jwt.Claims
func NewContext(ctx context.Context, auth AuthRecord) context.Context
type AuthRecord
- func FromContext(ctx context.Context) (AuthRecord, bool)
- func NewAuthRecord(manager Manager, sub string, authorizedScopes map[string]bool, ...) AuthRecord
type Config
type IsHandledError
- func (err *IsHandledError) Error() string
type LoginRequiredError
- func NewLoginRequiredError(id string, signInURI *url.URL) *LoginRequiredError
- func (err *LoginRequiredError) Error() string
- func (err *LoginRequiredError) SignInURI() *url.URL
type Manager
type PublicUser
type RedirectError
- func NewRedirectError(id string, redirectURI *url.URL) *RedirectError
- func (err *RedirectError) Error() string
- func (err *RedirectError) RedirectURI() *url.URL
type User
type UserWithClaims
type UserWithEmail
type UserWithID
type UserWithProfile
type UserWithScopedClaims
type UserWithSessionRef
type UserWithUniqueID
type UserWithUsername

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AuthorizeScopes ¶

func AuthorizeScopes(manager Manager, user User, scopes map[string]bool) (map[string]bool, map[string]bool)

AuthorizeScopes uses the provided manager and user to filter the provided scopes and returns a mapping of only the authorized scopes.

func GetSessionRef ¶

func GetSessionRef(label string, audience string, userID string) *string

GetSessionRef builds a per user and audience unique identifier.

func GetUserClaimsForScopes ¶

func GetUserClaimsForScopes(user User, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap) map[string]jwt.Claims

GetUserClaimsForScopes returns a mapping of user claims of the provided user filtered by the provided scopes.

func NewContext ¶

func NewContext(ctx context.Context, auth AuthRecord) context.Context

NewContext returns a new Context that carries value auth.

Types ¶

type AuthRecord ¶

type AuthRecord interface {
	Manager() Manager
	Subject() string
	AuthorizedScopes() map[string]bool
	AuthorizeScopes(map[string]bool)
	AuthorizedClaims() *payload.ClaimsRequest
	AuthorizeClaims(*payload.ClaimsRequest)
	Claims(...string) []jwt.Claims

	User() PublicUser
	SetUser(PublicUser)

	LoggedOn() (bool, time.Time)
	SetAuthTime(time.Time)
}

AuthRecord is an interface which provides identity auth information with scopes and claims..

func FromContext ¶

func FromContext(ctx context.Context) (AuthRecord, bool)

FromContext returns the AuthRecord value stored in ctx, if any.

func NewAuthRecord ¶

func NewAuthRecord(manager Manager, sub string, authorizedScopes map[string]bool, authorizedClaims *payload.ClaimsRequest, claimsByScope map[string]jwt.Claims) AuthRecord

NewAuthRecord returns a implementation of identity.AuthRecord holding the provided data in memory.

type Config ¶

type Config struct {
	SignInFormURI *url.URL
	SignedOutURI  *url.URL

	ScopesSupported []string

	Logger logrus.FieldLogger
}

Config defines a IdentityManager's configuration settings.

type IsHandledError ¶

type IsHandledError struct {
}

IsHandledError is an error which tells that the backend has handled the request and all further handling should stop

func (*IsHandledError) Error ¶

func (err *IsHandledError) Error() string

Error implements the error interface.

type LoginRequiredError ¶

type LoginRequiredError struct {
	// contains filtered or unexported fields
}

LoginRequiredError which backends can return to indicate that sign-in is required.

func NewLoginRequiredError ¶

func NewLoginRequiredError(id string, signInURI *url.URL) *LoginRequiredError

NewLoginRequiredError creates a new corresponding error with the provided id.

func (*LoginRequiredError) Error ¶

func (err *LoginRequiredError) Error() string

Error implements the error interface.

func (*LoginRequiredError) SignInURI ¶

func (err *LoginRequiredError) SignInURI() *url.URL

SignInURI returns the sign-in URL of the accociated error.

type Manager ¶

type Manager interface {
	Authenticate(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, next Manager) (AuthRecord, error)
	Authorize(ctx context.Context, rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, auth AuthRecord) (AuthRecord, error)
	EndSession(ctx context.Context, rw http.ResponseWriter, req *http.Request, esr *payload.EndSessionRequest) error

	ApproveScopes(ctx context.Context, sub string, audience string, approvedScopesList map[string]bool) (string, error)
	ApprovedScopes(ctx context.Context, sub string, audience string, ref string) (map[string]bool, error)

	Fetch(ctx context.Context, userID string, sessionRef *string, scopes map[string]bool, requestedClaimsMaps []*payload.ClaimsRequestMap, requestedScopes map[string]bool) (AuthRecord, bool, error)

	Name() string
	ScopesSupported(scopes map[string]bool) []string
	ClaimsSupported(claims []string) []string

	AddRoutes(ctx context.Context, router *mux.Router)

	OnSetLogon(func(ctx context.Context, rw http.ResponseWriter, user User) error) error
	OnUnsetLogon(func(ctx context.Context, rw http.ResponseWriter) error) error
}

Manager is a interface to define a identity manager.

type PublicUser ¶

type PublicUser interface {
	Subject() string
	Raw() string
}

PublicUser is a user with a public Subject and a raw id.

type RedirectError ¶

type RedirectError struct {
	// contains filtered or unexported fields
}

RedirectError is an error which backends can return if a redirection is required.

func NewRedirectError ¶

func NewRedirectError(id string, redirectURI *url.URL) *RedirectError

NewRedirectError creates a new corresponding error with the provided id and redirect URL.

func (*RedirectError) Error ¶

func (err *RedirectError) Error() string

Error implements the error interface.

func (*RedirectError) RedirectURI ¶

func (err *RedirectError) RedirectURI() *url.URL

RedirectURI returns the redirection URL of the accociated error.

type User ¶

type User interface {
	Subject() string
}

User defines a most simple user with an id defined as subject.

type UserWithClaims ¶

type UserWithClaims interface {
	User
	Claims() jwt.MapClaims
}

UserWithClaims is a User with jwt claims.

type UserWithEmail ¶

type UserWithEmail interface {
	User
	Email() string
	EmailVerified() bool
}

UserWithEmail is a User with Email.

type UserWithID ¶

type UserWithID interface {
	User
	ID() int64
}

UserWithID is a User with a locally unique numeric id.

type UserWithProfile ¶

type UserWithProfile interface {
	User
	Name() string
	FamilyName() string
	GivenName() string
}

UserWithProfile is a User with Name.

type UserWithScopedClaims ¶

type UserWithScopedClaims interface {
	User
	ScopedClaims(authorizedScopes map[string]bool) jwt.MapClaims
}

UserWithScopedClaims is a user with jwt claims bound to provided scopes.

type UserWithSessionRef ¶

type UserWithSessionRef interface {
	User
	SessionRef() *string
}

UserWithSessionRef is a user which supports an underlaying session reference.

type UserWithUniqueID ¶

type UserWithUniqueID interface {
	User
	UniqueID() string
}

UserWithUniqueID is a User with a unique string id.

type UserWithUsername ¶

type UserWithUsername interface {
	User
	Username() string
}

UserWithUsername is a User with an username different from subject.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authorities
samlext
clients
managers

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL