Documentation
¶
Index ¶
- type Claims
- type Manager
- func (m *Manager) CleanupIdleSessions(ctx context.Context, timeout time.Duration) error
- func (m *Manager) FinaliseOIDCLogin(ctx context.Context, stateID, code, fingerprint string) (OIDCSessionData, error)
- func (m *Manager) MakeAuthURI(ctx context.Context, tenantID, fingerprint, requestURI string) (string, error)
- func (m *Manager) MakeCSRFCookie(ctx context.Context, value string) (*http.Cookie, error)
- func (m *Manager) MakeSessionCookie(ctx context.Context, value string) (*http.Cookie, error)
- func (m *Manager) RefreshExpiringTokens(ctx context.Context, refreshTriggerInterval time.Duration) error
- func (m *Manager) ValidateCSRFToken(token, sessionID string) bool
- type OIDCSessionData
- type Repository
- type Session
- type State
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager( cfg *config.SessionManager, oidc oidc.ProviderRepository, sessions Repository, auditLogger *otlpaudit.AuditLogger, httpClient *http.Client, ) (*Manager, error)
func (*Manager) CleanupIdleSessions ¶ added in v0.13.0
CleanupIdleSessions deletes sessions that have been idle for longer than the specified timeout.
func (*Manager) FinaliseOIDCLogin ¶
func (*Manager) MakeAuthURI ¶
func (m *Manager) MakeAuthURI(ctx context.Context, tenantID, fingerprint, requestURI string) (string, error)
MakeAuthURI returns an OIDC authentication URI.
func (*Manager) MakeCSRFCookie ¶
func (*Manager) MakeSessionCookie ¶
func (*Manager) RefreshExpiringTokens ¶ added in v0.13.0
func (m *Manager) RefreshExpiringTokens(ctx context.Context, refreshTriggerInterval time.Duration) error
RefreshExpiringTokens refreshes access tokens that are nearing expiration.
func (*Manager) ValidateCSRFToken ¶
type OIDCSessionData ¶
OIDCSessionData represents a data from the last step of the OIDC flow.
type Repository ¶
type Repository interface {
// State operations
LoadState(ctx context.Context, stateID string) (State, error)
StoreState(ctx context.Context, state State) error
DeleteState(ctx context.Context, stateID string) error
// Session operations
LoadSession(ctx context.Context, sessionID string) (Session, error)
StoreSession(ctx context.Context, session Session) error
ListSessions(ctx context.Context) ([]Session, error)
DeleteSession(ctx context.Context, session Session) error
}
type Session ¶
type Session struct {
ID string // Session ID in our system
TenantID string // Tenant ID for which the session is created
ProviderID string // Provider session ID defined by the OIDC provider (`sid` claim)
Fingerprint string // Fingerprint to bind the session to a specific client
CSRFToken string // CSRF token to prevent CSRF attacks
Issuer string // Issuer of the OIDC tokens
Claims Claims // Claims from the ID token
AccessToken string // Access token from the identity provider
RefreshToken string // Refresh token from the identity provider
Expiry time.Time // Expiry time of the session
AccessTokenExpiry time.Time // Expiry time of the Access Token
LastVisited time.Time // The time the user last used the session
AuthContext map[string]string // Additional authentication context
}
Session represents a user session in our system.
type State ¶
type State struct {
ID string // State ID to align the auth request with the callback
TenantID string // Tenant ID for which the login is done
Fingerprint string // Fingerprint to bind the login to a specific client
PKCEVerifier string // PKCE verifier to validate the PKCE challenge
RequestURI string // Request URI for the eventual redirect
Expiry time.Time // Expiry time of the login process
}
State represents the state of an authentication process according to the OIDC spec. It is used to align the auth request with the callback and to store necessary information for completing the authentication process.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.