identityprovider

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2026 License: GPL-3.0 Imports: 3 Imported by: 0

Documentation

Overview

Package identityprovider provides the domain model for tenant-scoped identity provider configurations (Entra ID, Okta, Google Workspace, etc.).

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotFound         = errors.New("identity provider not found")
	ErrAlreadyExists    = errors.New("identity provider already configured for this tenant")
	ErrInvalidProvider  = errors.New("invalid identity provider type")
	ErrDomainNotAllowed = errors.New("email domain not allowed for this identity provider")
	ErrProviderInactive = errors.New("identity provider is not active")
	ErrInvalidConfig    = errors.New("invalid identity provider configuration")
)

Functions

This section is empty.

Types

type IdentityProvider 

type IdentityProvider struct {
	// contains filtered or unexported fields
}

IdentityProvider represents a tenant-scoped SSO configuration.

func New 

func New(
	id, tenantID string,
	provider Provider,
	displayName, clientID, clientSecretEncrypted string,
) *IdentityProvider

New creates a new IdentityProvider.

func Reconstruct 

func Reconstruct(
	id, tenantID string,
	provider Provider,
	displayName, clientID, clientSecretEncrypted string,
	issuerURL, tenantIdentifier string,
	scopes, allowedDomains []string,
	autoProvision bool,
	defaultRole string,
	isActive bool,
	metadata map[string]any,
	createdAt, updatedAt time.Time,
	createdBy string,
) *IdentityProvider

Reconstruct rebuilds an IdentityProvider from persistence.

func (*IdentityProvider) AllowedDomains 

func (ip *IdentityProvider) AllowedDomains() []string

func (*IdentityProvider) AutoProvision 

func (ip *IdentityProvider) AutoProvision() bool

func (*IdentityProvider) ClientID 

func (ip *IdentityProvider) ClientID() string

func (*IdentityProvider) ClientSecretEncrypted 

func (ip *IdentityProvider) ClientSecretEncrypted() string

func (*IdentityProvider) CreatedAt 

func (ip *IdentityProvider) CreatedAt() time.Time

func (*IdentityProvider) CreatedBy 

func (ip *IdentityProvider) CreatedBy() string

func (*IdentityProvider) DefaultRole 

func (ip *IdentityProvider) DefaultRole() string

func (*IdentityProvider) DisplayName 

func (ip *IdentityProvider) DisplayName() string

func (*IdentityProvider) ID 

func (ip *IdentityProvider) ID() string

Getters

func (*IdentityProvider) IsActive 

func (ip *IdentityProvider) IsActive() bool

func (*IdentityProvider) IsDomainAllowed 

func (ip *IdentityProvider) IsDomainAllowed(emailDomain string) bool

IsDomainAllowed checks if an email domain is allowed. Returns true if no domain restrictions are configured.

func (*IdentityProvider) IssuerURL 

func (ip *IdentityProvider) IssuerURL() string

func (*IdentityProvider) Metadata 

func (ip *IdentityProvider) Metadata() map[string]any

func (*IdentityProvider) Provider 

func (ip *IdentityProvider) Provider() Provider

func (*IdentityProvider) Scopes 

func (ip *IdentityProvider) Scopes() []string

func (*IdentityProvider) SetActive 

func (ip *IdentityProvider) SetActive(active bool)

func (*IdentityProvider) SetAllowedDomains 

func (ip *IdentityProvider) SetAllowedDomains(domains []string)

func (*IdentityProvider) SetAutoProvision 

func (ip *IdentityProvider) SetAutoProvision(auto bool)

func (*IdentityProvider) SetClientID 

func (ip *IdentityProvider) SetClientID(clientID string)

func (*IdentityProvider) SetClientSecretEncrypted 

func (ip *IdentityProvider) SetClientSecretEncrypted(secret string)

func (*IdentityProvider) SetCreatedBy 

func (ip *IdentityProvider) SetCreatedBy(userID string)

func (*IdentityProvider) SetDefaultRole 

func (ip *IdentityProvider) SetDefaultRole(role string)

func (*IdentityProvider) SetDisplayName 

func (ip *IdentityProvider) SetDisplayName(name string)

Setters

func (*IdentityProvider) SetIssuerURL 

func (ip *IdentityProvider) SetIssuerURL(url string)

func (*IdentityProvider) SetMetadata 

func (ip *IdentityProvider) SetMetadata(metadata map[string]any)

func (*IdentityProvider) SetScopes 

func (ip *IdentityProvider) SetScopes(scopes []string)

func (*IdentityProvider) SetTenantIdentifier 

func (ip *IdentityProvider) SetTenantIdentifier(tid string)

func (*IdentityProvider) TenantID 

func (ip *IdentityProvider) TenantID() string

func (*IdentityProvider) TenantIdentifier 

func (ip *IdentityProvider) TenantIdentifier() string

func (*IdentityProvider) UpdatedAt 

func (ip *IdentityProvider) UpdatedAt() time.Time

type Provider 

type Provider string

Provider represents a supported identity provider type. 

const (
	ProviderEntraID         Provider = "entra_id"
	ProviderOkta            Provider = "okta"
	ProviderGoogleWorkspace Provider = "google_workspace"
)

func (Provider) AuthEndpoints 

func (p Provider) AuthEndpoints(tenantIdentifier string) (authURL, tokenURL, userInfoURL string)

AuthEndpoints returns the authorization and token URLs for the provider.

func (Provider) IsValid 

func (p Provider) IsValid() bool

IsValid checks if the provider is supported.

type Repository 

type Repository interface {
	Create(ctx context.Context, ip *IdentityProvider) error
	GetByID(ctx context.Context, tenantID, id string) (*IdentityProvider, error)
	GetByTenantAndProvider(ctx context.Context, tenantID string, provider Provider) (*IdentityProvider, error)
	Update(ctx context.Context, ip *IdentityProvider) error
	Delete(ctx context.Context, tenantID, id string) error
	ListByTenant(ctx context.Context, tenantID string) ([]*IdentityProvider, error)
	ListActiveByTenant(ctx context.Context, tenantID string) ([]*IdentityProvider, error)
}

Repository defines persistence operations for identity providers.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.