Documentation
¶
Index ¶
- type Manager
- func (m *Manager) Auth(ctx context.Context, tenantID, fingerprint, requestURI string) (string, error)
- func (m *Manager) FinaliseOIDCLogin(ctx context.Context, stateID, code, fingerprint string) (OIDCSessionData, error)
- func (m *Manager) RefreshExpiringSessions(ctx context.Context) error
- func (m *Manager) RefreshSession(ctx context.Context, s *Session, provider oidc.Provider) error
- func (m *Manager) ValidateCSRFToken(token, sessionID string) bool
- type OIDCSessionData
- type Repository
- type Session
- type State
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager( oidc oidc.ProviderRepository, sessions Repository, auditLogger *otlpaudit.AuditLogger, sessionDuration time.Duration, redirectURI, clientID string, csrfHMACSecret string, jwsSigAlgs []string, ) *Manager
func (*Manager) Auth ¶
func (m *Manager) Auth(ctx context.Context, tenantID, fingerprint, requestURI string) (string, error)
Auth returns an OIDC authorise URI.
func (*Manager) FinaliseOIDCLogin ¶ added in v0.1.0
func (*Manager) RefreshExpiringSessions ¶ added in v0.1.0
func (*Manager) RefreshSession ¶ added in v0.1.0
RefreshSession refreshes the access token using the given refresh token for the tenant.
func (*Manager) ValidateCSRFToken ¶ added in v0.1.0
type OIDCSessionData ¶ added in v0.1.0
OIDCSessionData represents a data from the last step of the OIDC flow.
type Repository ¶
type Repository interface {
LoadState(ctx context.Context, stateID string) (State, error)
StoreState(ctx context.Context, state State) error
LoadSession(ctx context.Context, sessionID string) (Session, error)
StoreSession(ctx context.Context, session Session) error
DeleteState(ctx context.Context, stateID string) error
ListSessions(ctx context.Context) ([]Session, error)
}
type Session ¶
type Session struct {
ID string // Session ID in our system
TenantID string // Tenant ID for which the session is created
Fingerprint string // Fingerprint to bind the session to a specific client
CSRFToken string // CSRF token to prevent CSRF attacks
Issuer string // Issuer of the OIDC tokens
Claims string // JSON string of claims from the ID token
AccessToken string // Access token from the identity provider
RefreshToken string // Refresh token from the identity provider
Expiry time.Time // Expiry time of the session
AccessTokenExpiry time.Time // Expiry time of the Access Token
}
Session represents a user session in our system.
type State ¶
type State struct {
ID string // State ID to align the auth request with the callback
TenantID string // Tenant ID for which the login is done
Fingerprint string // Fingerprint to bind the login to a specific client
PKCEVerifier string // PKCE verifier to validate the PKCE challenge
RequestURI string // Request URI for the eventual redirect
Expiry time.Time // Expiry time of the login process
}
State represents the state of an authentication process according to the OIDC spec. It is used to align the auth request with the callback and to store necessary information for completing the authentication process.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.