 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Variables
- func DecryptToken(ciphertext string) (plaintext []byte, err error)
- func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error)
- func GetCredentialsFromLDAP(client *http.Client, endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)
- func GetTokenFromRequest(r *http.Request) (string, error)
- func IsSessionTokenValid(token string) bool
- func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string, ...) (string, error)
- type IdentityProvider
- type IdentityProviderI
- type STSClaims
- type SessionFeatures
- type TokenClaims
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoAuthToken = errors.New("session token missing") ErrTokenExpired = errors.New("session token has expired") ErrReadingToken = errors.New("session token internal data is malformed") )
Session token errors
Functions ¶
func DecryptToken ¶ added in v0.16.1
DecryptToken receives base64 encoded ciphertext, decode it, decrypt it (AES-GCM) and produces []byte
func GetCredentialsFromLDAP ¶ added in v0.4.6
func GetCredentialsFromLDAP(client *http.Client, endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)
GetCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled if the authentication succeed *credentials.Login object is returned and we continue with the normal STSAssumeRole flow
func GetTokenFromRequest ¶
GetTokenFromRequest returns a token from a http Request either defined on a cookie `token` or on Authorization header.
Authorization Header needs to be like "Authorization Bearer <token>"
func IsSessionTokenValid ¶ added in v0.3.4
IsSessionTokenValid returns true or false depending upon the provided session if the token is valid or not
func NewEncryptedTokenForClient ¶ added in v0.3.4
func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string, features *SessionFeatures) (string, error)
NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first encrypts the claims and the sign them
Types ¶
type IdentityProvider ¶
type IdentityProvider struct {
	KeyFunc oauth2.StateKeyFunc
	Client  *oauth2.Provider
	RoleARN string
}
    Interface implementation
Define the structure of a IdentityProvider with Client inside and define the functions that are used during the authentication flow.
func (IdentityProvider) GenerateLoginURL ¶
func (c IdentityProvider) GenerateLoginURL() string
GenerateLoginURL returns a new URL used by the user to login against the idp
func (IdentityProvider) VerifyIdentity ¶
func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)
VerifyIdentity will verify the user identity against the idp using the authorization code flow
func (IdentityProvider) VerifyIdentityForOperator ¶ added in v0.12.3
func (c IdentityProvider) VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error)
VerifyIdentityForOperator will verify the user identity against the idp using the authorization code flow
type IdentityProviderI ¶ added in v0.5.0
type IdentityProviderI interface {
	VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)
	VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error)
	GenerateLoginURL() string
}
    IdentityProviderI interface with all functions to be implemented by mock when testing, it should include all IdentityProvider respective api calls that are used within this project.
type STSClaims ¶ added in v0.19.1
type STSClaims struct {
	AccessKey string `json:"accessKey,omitempty"`
}
    STSClaims claims struct for STS Token
type SessionFeatures ¶ added in v0.14.8
SessionFeatures represents features stored in the session
type TokenClaims ¶ added in v0.5.0
type TokenClaims struct {
	STSAccessKeyID     string `json:"stsAccessKeyID,omitempty"`
	STSSecretAccessKey string `json:"stsSecretAccessKey,omitempty"`
	STSSessionToken    string `json:"stsSessionToken,omitempty"`
	AccountAccessKey   string `json:"accountAccessKey,omitempty"`
	HideMenu           bool   `json:"hm,omitempty"`
	ObjectBrowser      bool   `json:"ob,omitempty"`
	CustomStyleOB      string `json:"customStyleOb,omitempty"`
}
    TokenClaims claims struct for decrypted credentials
func ParseClaimsFromToken ¶ added in v0.16.1
func ParseClaimsFromToken(claims string) (*TokenClaims, error)
ParseClaimsFromToken receive token claims in string format, then unmarshal them to produce a *TokenClaims object
func SessionTokenAuthenticate ¶ added in v0.3.4
func SessionTokenAuthenticate(token string) (*TokenClaims, error)
SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature if the session token claims are valid we proceed to decrypt the information inside
returns claims after validation in the following format:
type TokenClaims struct {
	STSAccessKeyID
	STSSecretAccessKey
	STSSessionToken
	AccountAccessKey
}