Documentation
¶
Index ¶
- type Claims
- type Manager
- func (m *Manager) BCLogout(ctx context.Context, logoutJWT string) error
- func (m *Manager) FinaliseOIDCLogin(ctx context.Context, stateID, code, fingerprint string) (OIDCSessionData, error)
- func (m *Manager) Logout(ctx context.Context, sessionID string) (string, error)
- func (m *Manager) MakeAuthURI(ctx context.Context, tenantID, fingerprint, requestURI string) (string, error)
- func (m *Manager) MakeCSRFCookie(ctx context.Context, tenantID, value string) (*http.Cookie, error)
- func (m *Manager) MakeSessionCookie(ctx context.Context, tenantID, value string) (*http.Cookie, error)
- func (m *Manager) TriggerHousekeeping(ctx context.Context, concurrencyLimit int, ...) error
- func (m *Manager) ValidateCSRFToken(token, sessionID string) bool
- type OIDCSessionData
- type Repository
- type Session
- type State
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager( cfg *config.SessionManager, oidc oidc.ProviderRepository, sessions Repository, auditLogger *otlpaudit.AuditLogger, httpClient *http.Client, ) (*Manager, error)
func (*Manager) FinaliseOIDCLogin ¶
func (*Manager) MakeAuthURI ¶
func (m *Manager) MakeAuthURI(ctx context.Context, tenantID, fingerprint, requestURI string) (string, error)
MakeAuthURI returns an OIDC authentication URI.
func (*Manager) MakeCSRFCookie ¶
func (*Manager) MakeSessionCookie ¶
func (*Manager) TriggerHousekeeping ¶ added in v0.16.0
func (*Manager) ValidateCSRFToken ¶
type OIDCSessionData ¶
OIDCSessionData represents a data from the last step of the OIDC flow.
type Repository ¶
type Repository interface {
// State operations
LoadState(ctx context.Context, stateID string) (State, error)
StoreState(ctx context.Context, state State) error
DeleteState(ctx context.Context, stateID string) error
// Session operations
ListSessions(ctx context.Context) ([]Session, error)
LoadSession(ctx context.Context, sessionID string) (Session, error)
LoadSessionByProviderID(ctx context.Context, providerID string) (Session, error)
StoreSession(ctx context.Context, session Session) error
DeleteSession(ctx context.Context, session Session) error
IsActive(ctx context.Context, sessionID string) (bool, error)
BumpActive(ctx context.Context, sessionID string, timeout time.Duration) error
}
type Session ¶
type Session struct {
ID string // Session ID in our system
TenantID string // Tenant ID for which the session is created
ProviderID string // Provider session ID defined by the OIDC provider (`sid` claim)
Fingerprint string // Fingerprint to bind the session to a specific client
CSRFToken string // CSRF token to prevent CSRF attacks
Issuer string // Issuer of the OIDC tokens
Claims Claims // Claims from the ID token
AccessToken string // Access token from the identity provider
RefreshToken string // Refresh token from the identity provider
Expiry time.Time // Expiry time of the session
AccessTokenExpiry time.Time // Expiry time of the Access Token
AuthContext map[string]string // Additional authentication context
}
Session represents a user session in our system.
type State ¶
type State struct {
ID string // State ID to align the auth request with the callback
TenantID string // Tenant ID for which the login is done
Fingerprint string // Fingerprint to bind the login to a specific client
PKCEVerifier string // PKCE verifier to validate the PKCE challenge
RequestURI string // Request URI for the eventual redirect
Expiry time.Time // Expiry time of the login process
}
State represents the state of an authentication process according to the OIDC spec. It is used to align the auth request with the callback and to store necessary information for completing the authentication process.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.