idp

package
v0.70.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2026 License: BSD-3-Clause, AGPL-3.0 Imports: 34 Imported by: 10

Documentation

Index

Constants

View Source 
const (
	// UnsetAccountID is a special key to map users without an account ID
	UnsetAccountID = "unset"
)

Variables

This section is empty.

Functions

func GeneratePassword added in v0.9.8 

func GeneratePassword(passwordLength, minSpecialChar, minNum, minUpperCase int) string

GeneratePassword generates user password

Types

type AppMetadata 

type AppMetadata struct {
	// WTAccountID is a NetBird (previously Wiretrustee) account id to update in the IDP
	// maps to wt_account_id when json.marshal
	WTAccountID     string `json:"wt_account_id,omitempty"`
	WTPendingInvite *bool  `json:"wt_pending_invite,omitempty"`
	WTInvitedBy     string `json:"wt_invited_by_email,omitempty"`
}

AppMetadata user app metadata to associate with a profile

type Auth0ClientConfig 

type Auth0ClientConfig struct {
	Audience     string
	AuthIssuer   string
	ClientID     string
	ClientSecret string
	GrantType    string
}

Auth0ClientConfig auth0 manager client configurations

type Auth0Credentials 

type Auth0Credentials struct {
	// contains filtered or unexported fields
}

Auth0Credentials auth0 authentication information

func (*Auth0Credentials) Authenticate 

func (c *Auth0Credentials) Authenticate(ctx context.Context) (JWTToken, error)

Authenticate retrieves access token to use the Auth0 Management API

type Auth0Manager 

type Auth0Manager struct {
	// contains filtered or unexported fields
}

Auth0Manager auth0 manager client instance

func NewAuth0Manager 

func NewAuth0Manager(config Auth0ClientConfig, appMetrics telemetry.AppMetrics) (*Auth0Manager, error)

NewAuth0Manager creates a new instance of the Auth0Manager

func (*Auth0Manager) CreateUser added in v0.9.8 

func (am *Auth0Manager) CreateUser(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)

CreateUser creates a new user in Auth0 Idp and sends an invite

func (*Auth0Manager) DeleteUser added in v0.23.2 

func (am *Auth0Manager) DeleteUser(ctx context.Context, userID string) error

DeleteUser from Auth0

func (*Auth0Manager) GetAccount added in v0.6.4 

func (am *Auth0Manager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given profile. Calls Auth0 API.

func (*Auth0Manager) GetAllAccounts added in v0.6.4 

func (am *Auth0Manager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*Auth0Manager) GetAllConnections added in v0.26.3 

func (am *Auth0Manager) GetAllConnections(ctx context.Context, strategy []string) ([]Connection, error)

GetAllConnections returns detailed list of all connections filtered by given params. Note this method is not part of the IDP Manager interface as this is Auth0 specific.

func (*Auth0Manager) GetUserByEmail added in v0.9.8 

func (am *Auth0Manager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list. This function can return multiple users. This is due to the Auth0 internals - there could be multiple users with the same email but different connections that are considered as separate accounts (e.g., Google and username/password).

func (*Auth0Manager) GetUserDataByID 

func (am *Auth0Manager) GetUserDataByID(ctx context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from auth0 via ID

func (*Auth0Manager) InviteUserByID added in v0.21.9 

func (am *Auth0Manager) InviteUserByID(ctx context.Context, userID string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*Auth0Manager) UpdateUserAppMetadata 

func (am *Auth0Manager) UpdateUserAppMetadata(ctx context.Context, userID string, appMetadata AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userId and metadata map

type AuthentikClientConfig added in v0.21.0 

type AuthentikClientConfig struct {
	Issuer        string
	ClientID      string
	Username      string
	Password      string
	TokenEndpoint string
	GrantType     string
}

AuthentikClientConfig authentik manager client configurations.

type AuthentikCredentials added in v0.21.0 

type AuthentikCredentials struct {
	// contains filtered or unexported fields
}

AuthentikCredentials authentik authentication information.

func (*AuthentikCredentials) Authenticate added in v0.21.0 

func (ac *AuthentikCredentials) Authenticate(ctx context.Context) (JWTToken, error)

Authenticate retrieves access token to use the authentik management API.

type AuthentikManager added in v0.21.0 

type AuthentikManager struct {
	// contains filtered or unexported fields
}

AuthentikManager authentik manager client instance.

func NewAuthentikManager added in v0.21.0 

func NewAuthentikManager(config AuthentikClientConfig, appMetrics telemetry.AppMetrics) (*AuthentikManager, error)

NewAuthentikManager creates a new instance of the AuthentikManager.

func (*AuthentikManager) CreateUser added in v0.21.0 

func (am *AuthentikManager) CreateUser(_ context.Context, _, _, _, _ string) (*UserData, error)

CreateUser creates a new user in authentik Idp and sends an invitation.

func (*AuthentikManager) DeleteUser added in v0.23.2 

func (am *AuthentikManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser from Authentik

func (*AuthentikManager) GetAccount added in v0.21.0 

func (am *AuthentikManager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given profile.

func (*AuthentikManager) GetAllAccounts added in v0.21.0 

func (am *AuthentikManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*AuthentikManager) GetUserByEmail added in v0.21.0 

func (am *AuthentikManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*AuthentikManager) GetUserDataByID added in v0.21.0 

func (am *AuthentikManager) GetUserDataByID(ctx context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from authentik via ID.

func (*AuthentikManager) InviteUserByID added in v0.21.9 

func (am *AuthentikManager) InviteUserByID(_ context.Context, _ string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*AuthentikManager) UpdateUserAppMetadata added in v0.21.0 

func (am *AuthentikManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map.

type AzureClientConfig added in v0.19.0 

type AzureClientConfig struct {
	ClientID         string
	ClientSecret     string
	ObjectID         string
	GraphAPIEndpoint string
	TokenEndpoint    string
	GrantType        string
}

AzureClientConfig azure manager client configurations.

type AzureCredentials added in v0.19.0 

type AzureCredentials struct {
	// contains filtered or unexported fields
}

AzureCredentials azure authentication information.

func (*AzureCredentials) Authenticate added in v0.19.0 

func (ac *AzureCredentials) Authenticate(ctx context.Context) (JWTToken, error)

Authenticate retrieves access token to use the azure Management API.

type AzureManager added in v0.19.0 

type AzureManager struct {
	ClientID         string
	ObjectID         string
	GraphAPIEndpoint string
	// contains filtered or unexported fields
}

AzureManager azure manager client instance.

func NewAzureManager added in v0.19.0 

func NewAzureManager(config AzureClientConfig, appMetrics telemetry.AppMetrics) (*AzureManager, error)

NewAzureManager creates a new instance of the AzureManager.

func (*AzureManager) CreateUser added in v0.19.0 

func (am *AzureManager) CreateUser(_ context.Context, _, _, _, _ string) (*UserData, error)

CreateUser creates a new user in azure AD Idp.

func (*AzureManager) DeleteUser added in v0.23.2 

func (am *AzureManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser from Azure.

func (*AzureManager) GetAccount added in v0.19.0 

func (am *AzureManager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given profile.

func (*AzureManager) GetAllAccounts added in v0.19.0 

func (am *AzureManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*AzureManager) GetUserByEmail added in v0.19.0 

func (am *AzureManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*AzureManager) GetUserDataByID added in v0.19.0 

func (am *AzureManager) GetUserDataByID(ctx context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from keycloak via ID.

func (*AzureManager) InviteUserByID added in v0.21.9 

func (am *AzureManager) InviteUserByID(_ context.Context, _ string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*AzureManager) UpdateUserAppMetadata added in v0.19.0 

func (am *AzureManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID.

type ClientConfig added in v0.21.0 

type ClientConfig struct {
	Issuer        string
	TokenEndpoint string
	ClientID      string
	ClientSecret  string
	GrantType     string
}

ClientConfig defines common client configuration for all IdP manager

type Config 

type Config struct {
	ManagerType               string
	ClientConfig              *ClientConfig
	ExtraConfig               ExtraConfig
	Auth0ClientCredentials    *Auth0ClientConfig
	AzureClientCredentials    *AzureClientConfig
	KeycloakClientCredentials *KeycloakClientConfig
	ZitadelClientCredentials  *ZitadelClientConfig
}

Config an idp configuration struct to be loaded from management server's config file

type Connection added in v0.26.3 

type Connection struct {
	Id                 string            `json:"id"`
	Name               string            `json:"name"`
	DisplayName        string            `json:"display_name"`
	IsDomainConnection bool              `json:"is_domain_connection"`
	Realms             []string          `json:"realms"`
	Metadata           map[string]string `json:"metadata"`
	Options            ConnectionOptions `json:"options"`
}

Connections represents a single Auth0 connection https://auth0.com/docs/api/management/v2/connections/get-connections

type ConnectionOptions added in v0.26.3 

type ConnectionOptions struct {
	DomainAliases []string `json:"domain_aliases"`
}

type DexClientConfig added in v0.61.1 

type DexClientConfig struct {
	// GRPCAddr is the address of Dex's gRPC API (e.g., "localhost:5557")
	GRPCAddr string
	// Issuer is the Dex issuer URL (e.g., "https://dex.example.com/dex")
	Issuer string
}

DexClientConfig Dex manager client configuration.

type DexManager added in v0.61.1 

type DexManager struct {
	// contains filtered or unexported fields
}

DexManager implements the Manager interface for Dex IDP. It uses Dex's gRPC API to manage users in the password database.

func NewDexManager added in v0.61.1 

func NewDexManager(config DexClientConfig, appMetrics telemetry.AppMetrics) (*DexManager, error)

NewDexManager creates a new instance of DexManager.

func (*DexManager) CreateUser added in v0.61.1 

func (dm *DexManager) CreateUser(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)

CreateUser creates a new user in Dex's password database.

func (*DexManager) DeleteUser added in v0.61.1 

func (dm *DexManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes a user from Dex by user ID.

func (*DexManager) GetAccount added in v0.61.1 

func (dm *DexManager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given account. Since Dex doesn't have account concepts, this returns all users.

func (*DexManager) GetAllAccounts added in v0.61.1 

func (dm *DexManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. Since Dex doesn't have account concepts, all users are returned under UnsetAccountID.

func (*DexManager) GetUserByEmail added in v0.61.1 

func (dm *DexManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*DexManager) GetUserDataByID added in v0.61.1 

func (dm *DexManager) GetUserDataByID(ctx context.Context, userID string, _ AppMetadata) (*UserData, error)

GetUserDataByID requests user data from Dex via user ID.

func (*DexManager) InviteUserByID added in v0.61.1 

func (dm *DexManager) InviteUserByID(_ context.Context, _ string) error

InviteUserByID resends an invitation to a user. Dex doesn't support invitations, so this returns an error.

func (*DexManager) UpdateUserAppMetadata added in v0.61.1 

func (dm *DexManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map. Dex doesn't support app metadata, so this is a no-op.

type EmbeddedIdPConfig added in v0.62.0 

type EmbeddedIdPConfig struct {
	// Enabled indicates whether the embedded IDP is enabled
	Enabled bool
	// Issuer is the OIDC issuer URL (e.g., "https://management.netbird.io/oauth2")
	Issuer string
	// LocalAddress is the management server's local listen address (e.g., ":8080" or "localhost:8080")
	// Used for internal JWT validation to avoid external network calls
	LocalAddress string
	// Storage configuration for the IdP database
	Storage EmbeddedStorageConfig
	// DashboardRedirectURIs are the OAuth2 redirect URIs for the dashboard client
	DashboardRedirectURIs []string
	// DashboardRedirectURIs are the OAuth2 redirect URIs for the dashboard client
	CLIRedirectURIs []string
	// Owner is the initial owner/admin user (optional, can be nil)
	Owner *OwnerConfig
	// SignKeyRefreshEnabled enables automatic key rotation for signing keys
	SignKeyRefreshEnabled bool
	// LocalAuthDisabled disables the local (email/password) authentication connector.
	// When true, users cannot authenticate via email/password, only via external identity providers.
	// Existing local users are preserved and will be able to login again if re-enabled.
	// Cannot be enabled if no external identity provider connectors are configured.
	LocalAuthDisabled bool
	// StaticConnectors are additional connectors to seed during initialization
	StaticConnectors []dex.Connector
}

EmbeddedIdPConfig contains configuration for the embedded Dex OIDC identity provider

func (*EmbeddedIdPConfig) ToYAMLConfig added in v0.62.0 

func (c *EmbeddedIdPConfig) ToYAMLConfig() (*dex.YAMLConfig, error)

ToYAMLConfig converts EmbeddedIdPConfig to dex.YAMLConfig.

type EmbeddedIdPManager added in v0.62.0 

type EmbeddedIdPManager struct {
	// contains filtered or unexported fields
}

EmbeddedIdPManager implements the Manager interface using the embedded Dex IdP.

func NewEmbeddedIdPManager added in v0.62.0 

func NewEmbeddedIdPManager(ctx context.Context, config *EmbeddedIdPConfig, appMetrics telemetry.AppMetrics) (*EmbeddedIdPManager, error)

NewEmbeddedIdPManager creates a new instance of EmbeddedIdPManager from a configuration. It instantiates the underlying Dex provider internally. Note: Storage defaults are applied in config loading (applyEmbeddedIdPConfig) based on Datadir.

func (*EmbeddedIdPManager) CreateConnector added in v0.62.0 

func (m *EmbeddedIdPManager) CreateConnector(ctx context.Context, cfg *dex.ConnectorConfig) (*dex.ConnectorConfig, error)

CreateConnector creates a new identity provider connector in Dex. Returns the created connector config with the redirect URL populated.

func (*EmbeddedIdPManager) CreateUser added in v0.62.0 

func (m *EmbeddedIdPManager) CreateUser(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)

CreateUser creates a new user in the embedded IdP.

func (*EmbeddedIdPManager) CreateUserWithPassword added in v0.62.0 

func (m *EmbeddedIdPManager) CreateUserWithPassword(ctx context.Context, email, password, name string) (*UserData, error)

CreateUserWithPassword creates a new user in the embedded IdP with a provided password. Unlike CreateUser which auto-generates a password, this method uses the provided password. This is useful for instance setup where the user provides their own password.

func (*EmbeddedIdPManager) DeleteConnector added in v0.62.0 

func (m *EmbeddedIdPManager) DeleteConnector(ctx context.Context, id string) error

DeleteConnector removes an identity provider connector.

func (*EmbeddedIdPManager) DeleteUser added in v0.62.0 

func (m *EmbeddedIdPManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser deletes a user from the embedded IdP by user ID.

func (*EmbeddedIdPManager) GetAccount added in v0.62.0 

func (m *EmbeddedIdPManager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given account. Note: Embedded dex doesn't store account metadata, so this returns all users.

func (*EmbeddedIdPManager) GetAllAccounts added in v0.62.0 

func (m *EmbeddedIdPManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. Note: Embedded dex doesn't store account metadata, so all users are indexed under UnsetAccountID.

func (*EmbeddedIdPManager) GetAuthorizationEndpoint added in v0.62.0 

func (m *EmbeddedIdPManager) GetAuthorizationEndpoint() string

GetAuthorizationEndpoint returns the OAuth2 authorization endpoint URL.

func (*EmbeddedIdPManager) GetCLIClientID added in v0.62.0 

func (m *EmbeddedIdPManager) GetCLIClientID() string

GetCLIClientID returns the client ID for CLI authentication.

func (*EmbeddedIdPManager) GetCLIRedirectURLs added in v0.62.0 

func (m *EmbeddedIdPManager) GetCLIRedirectURLs() []string

GetCLIRedirectURLs returns the redirect URLs configured for the CLI client.

func (*EmbeddedIdPManager) GetClientIDs added in v0.62.0 

func (m *EmbeddedIdPManager) GetClientIDs() []string

GetClientIDs returns the OAuth2 client IDs configured for this provider.

func (*EmbeddedIdPManager) GetConnector added in v0.62.0 

func (m *EmbeddedIdPManager) GetConnector(ctx context.Context, id string) (*dex.ConnectorConfig, error)

GetConnector retrieves an identity provider connector by ID.

func (*EmbeddedIdPManager) GetDefaultScopes added in v0.62.0 

func (m *EmbeddedIdPManager) GetDefaultScopes() string

GetDefaultScopes returns the default OAuth2 scopes for authentication.

func (*EmbeddedIdPManager) GetDeviceAuthEndpoint added in v0.62.0 

func (m *EmbeddedIdPManager) GetDeviceAuthEndpoint() string

GetDeviceAuthEndpoint returns the OAuth2 device authorization endpoint URL.

func (*EmbeddedIdPManager) GetIssuer added in v0.62.0 

func (m *EmbeddedIdPManager) GetIssuer() string

GetIssuer returns the OIDC issuer URL.

func (*EmbeddedIdPManager) GetKeyFetcher added in v0.67.2 

func (m *EmbeddedIdPManager) GetKeyFetcher() nbjwt.KeyFetcher

GetKeyFetcher returns a KeyFetcher that reads keys directly from Dex storage.

func (*EmbeddedIdPManager) GetKeysLocation added in v0.62.0 

func (m *EmbeddedIdPManager) GetKeysLocation() string

GetKeysLocation returns the JWKS endpoint URL for token validation.

func (*EmbeddedIdPManager) GetLocalKeysLocation added in v0.62.2 

func (m *EmbeddedIdPManager) GetLocalKeysLocation() string

GetLocalKeysLocation returns the localhost JWKS endpoint URL for internal token validation. Uses the LocalAddress from config (management server's listen address) since embedded Dex is served by the management HTTP server, not a standalone Dex server.

func (*EmbeddedIdPManager) GetTokenEndpoint added in v0.62.0 

func (m *EmbeddedIdPManager) GetTokenEndpoint() string

GetTokenEndpoint returns the OAuth2 token endpoint URL.

func (*EmbeddedIdPManager) GetUserByEmail added in v0.62.0 

func (m *EmbeddedIdPManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email.

func (*EmbeddedIdPManager) GetUserDataByID added in v0.62.0 

func (m *EmbeddedIdPManager) GetUserDataByID(ctx context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from the embedded IdP via user ID.

func (*EmbeddedIdPManager) GetUserIDClaim added in v0.62.0 

func (m *EmbeddedIdPManager) GetUserIDClaim() string

GetUserIDClaim returns the JWT claim name used for user identification.

func (*EmbeddedIdPManager) Handler added in v0.62.0 

func (m *EmbeddedIdPManager) Handler() http.Handler

Handler returns the HTTP handler for serving OIDC requests.

func (*EmbeddedIdPManager) HasNonLocalConnectors added in v0.64.4 

func (m *EmbeddedIdPManager) HasNonLocalConnectors(ctx context.Context) (bool, error)

HasNonLocalConnectors checks if there are any identity provider connectors other than local.

func (*EmbeddedIdPManager) InviteUserByID added in v0.62.0 

func (m *EmbeddedIdPManager) InviteUserByID(ctx context.Context, userID string) error

InviteUserByID resends an invitation to a user.

func (*EmbeddedIdPManager) IsLocalAuthDisabled added in v0.64.4 

func (m *EmbeddedIdPManager) IsLocalAuthDisabled() bool

IsLocalAuthDisabled returns whether local authentication is disabled based on configuration.

func (*EmbeddedIdPManager) ListConnectors added in v0.62.0 

func (m *EmbeddedIdPManager) ListConnectors(ctx context.Context) ([]*dex.ConnectorConfig, error)

ListConnectors returns all identity provider connectors.

func (*EmbeddedIdPManager) Stop added in v0.62.0 

func (m *EmbeddedIdPManager) Stop(ctx context.Context) error

Stop gracefully shuts down the embedded IdP provider.

func (*EmbeddedIdPManager) UpdateConnector added in v0.62.0 

func (m *EmbeddedIdPManager) UpdateConnector(ctx context.Context, cfg *dex.ConnectorConfig) error

UpdateConnector updates an existing identity provider connector. Field preservation for partial updates is handled by Provider.UpdateConnector.

func (*EmbeddedIdPManager) UpdateUserAppMetadata added in v0.62.0 

func (m *EmbeddedIdPManager) UpdateUserAppMetadata(ctx context.Context, userID string, appMetadata AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map.

func (*EmbeddedIdPManager) UpdateUserPassword added in v0.64.0 

func (m *EmbeddedIdPManager) UpdateUserPassword(ctx context.Context, currentUserID, targetUserID string, oldPassword, newPassword string) error

UpdateUserPassword updates the password for a user in the embedded IdP. It verifies that the current user is changing their own password and validates the current password before updating to the new password.

type EmbeddedStorageConfig added in v0.62.0 

type EmbeddedStorageConfig struct {
	// Type is the storage type: "sqlite3" (default) or "postgres"
	Type string
	// Config contains type-specific configuration
	Config EmbeddedStorageTypeConfig
}

EmbeddedStorageConfig holds storage configuration for the embedded IdP.

type EmbeddedStorageTypeConfig added in v0.62.0 

type EmbeddedStorageTypeConfig struct {
	// File is the path to the SQLite database file (for sqlite3 type)
	File string
	// DSN is the connection string for postgres
	DSN string
}

EmbeddedStorageTypeConfig contains type-specific storage configuration.

type ExtraConfig added in v0.21.0 

type ExtraConfig map[string]string

ExtraConfig stores IdP specific config that are unique to individual IdPs

type GoogleWorkspaceClientConfig added in v0.21.5 

type GoogleWorkspaceClientConfig struct {
	ServiceAccountKey string
	CustomerID        string
}

GoogleWorkspaceClientConfig Google Workspace manager client configurations.

type GoogleWorkspaceCredentials added in v0.21.5 

type GoogleWorkspaceCredentials struct {
	// contains filtered or unexported fields
}

GoogleWorkspaceCredentials Google Workspace authentication information.

func (*GoogleWorkspaceCredentials) Authenticate added in v0.21.5 

func (gc *GoogleWorkspaceCredentials) Authenticate(_ context.Context) (JWTToken, error)

type GoogleWorkspaceManager added in v0.21.5 

type GoogleWorkspaceManager struct {
	CustomerID string
	// contains filtered or unexported fields
}

GoogleWorkspaceManager Google Workspace manager client instance.

func NewGoogleWorkspaceManager added in v0.21.5 

func NewGoogleWorkspaceManager(ctx context.Context, config GoogleWorkspaceClientConfig, appMetrics telemetry.AppMetrics) (*GoogleWorkspaceManager, error)

NewGoogleWorkspaceManager creates a new instance of the GoogleWorkspaceManager.

func (*GoogleWorkspaceManager) CreateUser added in v0.21.5 

func (gm *GoogleWorkspaceManager) CreateUser(_ context.Context, _, _, _, _ string) (*UserData, error)

CreateUser creates a new user in Google Workspace and sends an invitation.

func (*GoogleWorkspaceManager) DeleteUser added in v0.23.2 

func (gm *GoogleWorkspaceManager) DeleteUser(_ context.Context, userID string) error

DeleteUser from GoogleWorkspace.

func (*GoogleWorkspaceManager) GetAccount added in v0.21.5 

func (gm *GoogleWorkspaceManager) GetAccount(_ context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given profile.

func (*GoogleWorkspaceManager) GetAllAccounts added in v0.21.5 

func (gm *GoogleWorkspaceManager) GetAllAccounts(_ context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*GoogleWorkspaceManager) GetUserByEmail added in v0.21.5 

func (gm *GoogleWorkspaceManager) GetUserByEmail(_ context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*GoogleWorkspaceManager) GetUserDataByID added in v0.21.5 

func (gm *GoogleWorkspaceManager) GetUserDataByID(_ context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from Google Workspace via ID.

func (*GoogleWorkspaceManager) InviteUserByID added in v0.21.9 

func (gm *GoogleWorkspaceManager) InviteUserByID(_ context.Context, _ string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*GoogleWorkspaceManager) UpdateUserAppMetadata added in v0.21.5 

func (gm *GoogleWorkspaceManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map.

type JWTToken 

type JWTToken struct {
	AccessToken string `json:"access_token"`
	ExpiresIn   int    `json:"expires_in"`

	Scope     string `json:"scope"`
	TokenType string `json:"token_type"`
	// contains filtered or unexported fields
}

JWTToken a JWT object that holds information of a token

type JsonParser 

type JsonParser struct{}

func (JsonParser) Marshal 

func (JsonParser) Marshal(v interface{}) ([]byte, error)

func (JsonParser) Unmarshal 

func (JsonParser) Unmarshal(data []byte, v interface{}) error

type JumpCloudClientConfig added in v0.23.7 

type JumpCloudClientConfig struct {
	APIToken string
	ApiUrl   string
}

JumpCloudClientConfig JumpCloud manager client configurations.

type JumpCloudCredentials added in v0.23.7 

type JumpCloudCredentials struct {
	// contains filtered or unexported fields
}

JumpCloudCredentials JumpCloud authentication information.

func (*JumpCloudCredentials) Authenticate added in v0.23.7 

func (jc *JumpCloudCredentials) Authenticate(_ context.Context) (JWTToken, error)

Authenticate retrieves access token to use the JumpCloud user API.

type JumpCloudManager added in v0.23.7 

type JumpCloudManager struct {
	// contains filtered or unexported fields
}

JumpCloudManager JumpCloud manager client instance.

func NewJumpCloudManager added in v0.23.7 

func NewJumpCloudManager(config JumpCloudClientConfig, appMetrics telemetry.AppMetrics) (*JumpCloudManager, error)

NewJumpCloudManager creates a new instance of the JumpCloudManager.

func (*JumpCloudManager) CreateUser added in v0.23.7 

func (jm *JumpCloudManager) CreateUser(_ context.Context, _, _, _, _ string) (*UserData, error)

CreateUser creates a new user in JumpCloud Idp and sends an invitation.

func (*JumpCloudManager) DeleteUser added in v0.23.7 

func (jm *JumpCloudManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser from jumpCloud directory

func (*JumpCloudManager) GetAccount added in v0.23.7 

func (jm *JumpCloudManager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given profile.

func (*JumpCloudManager) GetAllAccounts added in v0.23.7 

func (jm *JumpCloudManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*JumpCloudManager) GetUserByEmail added in v0.23.7 

func (jm *JumpCloudManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*JumpCloudManager) GetUserDataByID added in v0.23.7 

func (jm *JumpCloudManager) GetUserDataByID(ctx context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from JumpCloud via ID.

func (*JumpCloudManager) InviteUserByID added in v0.23.7 

func (jm *JumpCloudManager) InviteUserByID(_ context.Context, _ string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*JumpCloudManager) UpdateUserAppMetadata added in v0.23.7 

func (jm *JumpCloudManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map.

type KeycloakClientConfig added in v0.14.5 

type KeycloakClientConfig struct {
	ClientID      string
	ClientSecret  string
	AdminEndpoint string
	TokenEndpoint string
	GrantType     string
}

KeycloakClientConfig keycloak manager client configurations.

type KeycloakCredentials added in v0.14.5 

type KeycloakCredentials struct {
	// contains filtered or unexported fields
}

KeycloakCredentials keycloak authentication information.

func (*KeycloakCredentials) Authenticate added in v0.14.5 

func (kc *KeycloakCredentials) Authenticate(ctx context.Context) (JWTToken, error)

Authenticate retrieves access token to use the keycloak Management API.

type KeycloakManager added in v0.14.5 

type KeycloakManager struct {
	// contains filtered or unexported fields
}

KeycloakManager keycloak manager client instance.

func NewKeycloakManager added in v0.14.5 

func NewKeycloakManager(config KeycloakClientConfig, appMetrics telemetry.AppMetrics) (*KeycloakManager, error)

NewKeycloakManager creates a new instance of the KeycloakManager.

func (*KeycloakManager) CreateUser added in v0.14.5 

func (km *KeycloakManager) CreateUser(_ context.Context, _, _, _, _ string) (*UserData, error)

CreateUser creates a new user in keycloak Idp and sends an invite.

func (*KeycloakManager) DeleteUser added in v0.23.2 

func (km *KeycloakManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser from Keycloak by user ID.

func (*KeycloakManager) GetAccount added in v0.14.5 

func (km *KeycloakManager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given account profile.

func (*KeycloakManager) GetAllAccounts added in v0.14.5 

func (km *KeycloakManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*KeycloakManager) GetUserByEmail added in v0.14.5 

func (km *KeycloakManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*KeycloakManager) GetUserDataByID added in v0.14.5 

func (km *KeycloakManager) GetUserDataByID(ctx context.Context, userID string, _ AppMetadata) (*UserData, error)

GetUserDataByID requests user data from keycloak via ID.

func (*KeycloakManager) InviteUserByID added in v0.21.9 

func (km *KeycloakManager) InviteUserByID(_ context.Context, _ string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*KeycloakManager) UpdateUserAppMetadata added in v0.14.5 

func (km *KeycloakManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map.

type Manager 

type Manager interface {
	UpdateUserAppMetadata(ctx context.Context, userId string, appMetadata AppMetadata) error
	GetUserDataByID(ctx context.Context, userId string, appMetadata AppMetadata) (*UserData, error)
	GetAccount(ctx context.Context, accountId string) ([]*UserData, error)
	GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)
	CreateUser(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)
	GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)
	InviteUserByID(ctx context.Context, userID string) error
	DeleteUser(ctx context.Context, userID string) error
}

Manager idp manager interface

func NewManager 

func NewManager(ctx context.Context, config Config, appMetrics telemetry.AppMetrics) (Manager, error)

NewManager returns a new idp manager based on the configuration that it receives

type ManagerCredentials 

type ManagerCredentials interface {
	Authenticate(ctx context.Context) (JWTToken, error)
}

ManagerCredentials interface that authenticates using the credential of each type of idp

type ManagerHTTPClient 

type ManagerHTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

ManagerHTTPClient http client interface for API calls

type ManagerHelper 

type ManagerHelper interface {
	Marshal(v interface{}) ([]byte, error)
	Unmarshal(data []byte, v interface{}) error
}

ManagerHelper helper

type MockIDP added in v0.24.4 

type MockIDP struct {
	UpdateUserAppMetadataFunc func(ctx context.Context, userId string, appMetadata AppMetadata) error
	GetUserDataByIDFunc       func(ctx context.Context, userId string, appMetadata AppMetadata) (*UserData, error)
	GetAccountFunc            func(ctx context.Context, accountId string) ([]*UserData, error)
	GetAllAccountsFunc        func(ctx context.Context) (map[string][]*UserData, error)
	CreateUserFunc            func(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)
	GetUserByEmailFunc        func(ctx context.Context, email string) ([]*UserData, error)
	InviteUserByIDFunc        func(ctx context.Context, userID string) error
	DeleteUserFunc            func(ctx context.Context, userID string) error
}

MockIDP is a mock implementation of the IDP interface

func (*MockIDP) CreateUser added in v0.24.4 

func (m *MockIDP) CreateUser(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)

CreateUser is a mock implementation of the IDP interface CreateUser method

func (*MockIDP) DeleteUser added in v0.24.4 

func (m *MockIDP) DeleteUser(ctx context.Context, userID string) error

DeleteUser is a mock implementation of the IDP interface DeleteUser method

func (*MockIDP) GetAccount added in v0.24.4 

func (m *MockIDP) GetAccount(ctx context.Context, accountId string) ([]*UserData, error)

GetAccount is a mock implementation of the IDP interface GetAccount method

func (*MockIDP) GetAllAccounts added in v0.24.4 

func (m *MockIDP) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts is a mock implementation of the IDP interface GetAllAccounts method

func (*MockIDP) GetUserByEmail added in v0.24.4 

func (m *MockIDP) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail is a mock implementation of the IDP interface GetUserByEmail method

func (*MockIDP) GetUserDataByID added in v0.24.4 

func (m *MockIDP) GetUserDataByID(ctx context.Context, userId string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID is a mock implementation of the IDP interface GetUserDataByID method

func (*MockIDP) InviteUserByID added in v0.24.4 

func (m *MockIDP) InviteUserByID(ctx context.Context, userID string) error

InviteUserByID is a mock implementation of the IDP interface InviteUserByID method

func (*MockIDP) UpdateUserAppMetadata added in v0.24.4 

func (m *MockIDP) UpdateUserAppMetadata(ctx context.Context, userId string, appMetadata AppMetadata) error

UpdateUserAppMetadata is a mock implementation of the IDP interface UpdateUserAppMetadata method

type OAuthConfigProvider added in v0.62.0 

type OAuthConfigProvider interface {
	GetIssuer() string
	// GetKeysLocation returns the public JWKS endpoint URL (uses external issuer URL)
	GetKeysLocation() string
	// GetLocalKeysLocation returns the localhost JWKS endpoint URL for internal use.
	// Management server has embedded Dex and can validate tokens via localhost,
	// avoiding external network calls and DNS resolution issues during startup.
	GetLocalKeysLocation() string
	// GetKeyFetcher returns a KeyFetcher that reads keys directly from the IDP storage,
	// or nil if direct key fetching is not supported (falls back to HTTP).
	GetKeyFetcher() nbjwt.KeyFetcher
	GetClientIDs() []string
	GetUserIDClaim() string
	GetTokenEndpoint() string
	GetDeviceAuthEndpoint() string
	GetAuthorizationEndpoint() string
	GetDefaultScopes() string
	GetCLIClientID() string
	GetCLIRedirectURLs() []string
}

OAuthConfigProvider defines the interface for OAuth configuration needed by auth flows.

type OktaClientConfig added in v0.21.0 

type OktaClientConfig struct {
	APIToken      string
	Issuer        string
	TokenEndpoint string
	GrantType     string
}

OktaClientConfig okta manager client configurations.

type OktaCredentials added in v0.21.0 

type OktaCredentials struct {
	// contains filtered or unexported fields
}

OktaCredentials okta authentication information.

func (*OktaCredentials) Authenticate added in v0.21.0 

func (oc *OktaCredentials) Authenticate(_ context.Context) (JWTToken, error)

Authenticate retrieves access token to use the okta user API.

type OktaManager added in v0.21.0 

type OktaManager struct {
	// contains filtered or unexported fields
}

OktaManager okta manager client instance.

func NewOktaManager added in v0.21.0 

func NewOktaManager(config OktaClientConfig, appMetrics telemetry.AppMetrics) (*OktaManager, error)

NewOktaManager creates a new instance of the OktaManager.

func (*OktaManager) CreateUser added in v0.21.0 

func (om *OktaManager) CreateUser(_ context.Context, _, _, _, _ string) (*UserData, error)

CreateUser creates a new user in okta Idp and sends an invitation.

func (*OktaManager) DeleteUser added in v0.23.2 

func (om *OktaManager) DeleteUser(_ context.Context, userID string) error

DeleteUser from Okta

func (*OktaManager) GetAccount added in v0.21.0 

func (om *OktaManager) GetAccount(_ context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given profile.

func (*OktaManager) GetAllAccounts added in v0.21.0 

func (om *OktaManager) GetAllAccounts(_ context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*OktaManager) GetUserByEmail added in v0.21.0 

func (om *OktaManager) GetUserByEmail(_ context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*OktaManager) GetUserDataByID added in v0.21.0 

func (om *OktaManager) GetUserDataByID(_ context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from keycloak via ID.

func (*OktaManager) InviteUserByID added in v0.21.9 

func (om *OktaManager) InviteUserByID(_ context.Context, _ string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*OktaManager) UpdateUserAppMetadata added in v0.21.0 

func (om *OktaManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map.

type OwnerConfig added in v0.62.0 

type OwnerConfig struct {
	// Email is the user's email address (required)
	Email string
	// Hash is the bcrypt hash of the user's password (required)
	Hash string
	// Username is the display name for the user (optional, defaults to email)
	Username string
}

OwnerConfig represents the initial owner/admin user for the embedded IdP.

type PocketIdClientConfig added in v0.59.7 

type PocketIdClientConfig struct {
	APIToken           string
	ManagementEndpoint string
}

type PocketIdCredentials added in v0.59.7 

type PocketIdCredentials struct {
	// contains filtered or unexported fields
}

func (PocketIdCredentials) Authenticate added in v0.59.7 

func (p PocketIdCredentials) Authenticate(_ context.Context) (JWTToken, error)

type PocketIdManager added in v0.59.7 

type PocketIdManager struct {
	// contains filtered or unexported fields
}

func NewPocketIdManager added in v0.59.7 

func NewPocketIdManager(config PocketIdClientConfig, appMetrics telemetry.AppMetrics) (*PocketIdManager, error)

func (*PocketIdManager) CreateUser added in v0.59.7 

func (p *PocketIdManager) CreateUser(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)

func (*PocketIdManager) DeleteUser added in v0.59.7 

func (p *PocketIdManager) DeleteUser(ctx context.Context, userID string) error

func (*PocketIdManager) GetAccount added in v0.59.7 

func (p *PocketIdManager) GetAccount(ctx context.Context, accountId string) ([]*UserData, error)

func (*PocketIdManager) GetAllAccounts added in v0.59.7 

func (p *PocketIdManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

func (*PocketIdManager) GetUserByEmail added in v0.59.7 

func (p *PocketIdManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

func (*PocketIdManager) GetUserDataByID added in v0.59.7 

func (p *PocketIdManager) GetUserDataByID(ctx context.Context, userId string, appMetadata AppMetadata) (*UserData, error)

func (*PocketIdManager) InviteUserByID added in v0.59.7 

func (p *PocketIdManager) InviteUserByID(ctx context.Context, userID string) error

func (*PocketIdManager) UpdateUserAppMetadata added in v0.59.7 

func (p *PocketIdManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

type UserData 

type UserData struct {
	Email       string      `json:"email"`
	Name        string      `json:"name"`
	ID          string      `json:"user_id"`
	AppMetadata AppMetadata `json:"app_metadata"`
	Password    string      `json:"-"` // Plain password, only set on user creation, excluded from JSON
}

func (*UserData) Marshal added in v0.39.0 

func (u *UserData) Marshal() (data string, err error)

func (*UserData) MarshalBinary added in v0.39.0 

func (u *UserData) MarshalBinary() (data []byte, err error)

func (*UserData) Unmarshal added in v0.39.0 

func (u *UserData) Unmarshal(data []byte) (err error)

func (*UserData) UnmarshalBinary added in v0.39.0 

func (u *UserData) UnmarshalBinary(data []byte) (err error)

type ZitadelClientConfig added in v0.20.0 

type ZitadelClientConfig struct {
	ClientID           string
	ClientSecret       string
	GrantType          string
	TokenEndpoint      string
	ManagementEndpoint string
	PAT                string
}

ZitadelClientConfig zitadel manager client configurations.

type ZitadelCredentials added in v0.20.0 

type ZitadelCredentials struct {
	// contains filtered or unexported fields
}

ZitadelCredentials zitadel authentication information.

func (*ZitadelCredentials) Authenticate added in v0.20.0 

func (zc *ZitadelCredentials) Authenticate(ctx context.Context) (JWTToken, error)

Authenticate retrieves access token to use the Zitadel Management API.

type ZitadelManager added in v0.20.0 

type ZitadelManager struct {
	// contains filtered or unexported fields
}

ZitadelManager zitadel manager client instance.

func NewZitadelManager added in v0.20.0 

func NewZitadelManager(config ZitadelClientConfig, appMetrics telemetry.AppMetrics) (*ZitadelManager, error)

NewZitadelManager creates a new instance of the ZitadelManager.

func (*ZitadelManager) CreateUser added in v0.20.0 

func (zm *ZitadelManager) CreateUser(ctx context.Context, email, name, accountID, invitedByEmail string) (*UserData, error)

CreateUser creates a new user in zitadel Idp and sends an invite via Zitadel.

func (*ZitadelManager) DeleteUser added in v0.23.2 

func (zm *ZitadelManager) DeleteUser(ctx context.Context, userID string) error

DeleteUser from Zitadel

func (*ZitadelManager) GetAccount added in v0.20.0 

func (zm *ZitadelManager) GetAccount(ctx context.Context, accountID string) ([]*UserData, error)

GetAccount returns all the users for a given profile.

func (*ZitadelManager) GetAllAccounts added in v0.20.0 

func (zm *ZitadelManager) GetAllAccounts(ctx context.Context) (map[string][]*UserData, error)

GetAllAccounts gets all registered accounts with corresponding user data. It returns a list of users indexed by accountID.

func (*ZitadelManager) GetUserByEmail added in v0.20.0 

func (zm *ZitadelManager) GetUserByEmail(ctx context.Context, email string) ([]*UserData, error)

GetUserByEmail searches users with a given email. If no users have been found, this function returns an empty list.

func (*ZitadelManager) GetUserDataByID added in v0.20.0 

func (zm *ZitadelManager) GetUserDataByID(ctx context.Context, userID string, appMetadata AppMetadata) (*UserData, error)

GetUserDataByID requests user data from zitadel via ID.

func (*ZitadelManager) InviteUserByID added in v0.21.9 

func (zm *ZitadelManager) InviteUserByID(ctx context.Context, userID string) error

InviteUserByID resend invitations to users who haven't activated, their accounts prior to the expiration period.

func (*ZitadelManager) UpdateUserAppMetadata added in v0.20.0 

func (zm *ZitadelManager) UpdateUserAppMetadata(_ context.Context, _ string, _ AppMetadata) error

UpdateUserAppMetadata updates user app metadata based on userID and metadata map. Metadata values are base64 encoded.

Source Files

View all Source files

Directories

Path Synopsis
Package migration provides utility functions for migrating from the external IdP solution in pre v0.62.0 to the new embedded IdP manager (Dex based), which is the default in v0.62.0 and later.
 Package migration provides utility functions for migrating from the external IdP solution in pre v0.62.0 to the new embedded IdP manager (Dex based), which is the default in v0.62.0 and later.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.