Documentation
¶
Overview ¶
Package browserauth builds the browser-facing authentication stack for the portal and admin web UI: the OIDC login/callback flow and the cookie authenticator, held together behind one Session handle.
New takes an explicit Config so the stack can be built and tested on its own; the package imports only pkg/browsersession, not pkg/platform.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Cookie settings.
CookieName string
Domain string
SameSite string
Secure bool
TTL time.Duration
SigningKey []byte
// OIDC / login-flow settings.
Issuer string
ClientID string
ClientSecret string
Scopes []string
RoleClaim string
RolePrefix string
RedirectURI string
PostLogoutRedirect string
// OnLogin records a user at login; may be nil.
OnLogin func(email, firstName, lastName string)
}
Config carries the values needed to build a Session. Callers translate their own config into it so this package stays free of platform config types.
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session holds the login flow and cookie authenticator for the browser UI.
func NewSession ¶
func NewSession(flow *browsersession.Flow, auth *browsersession.Authenticator) *Session
NewSession wraps an already-built login flow and cookie authenticator into a Session. New uses it after constructing both; it is also the seam for wiring a pre-built authenticator (e.g. in tests) without a live OIDC flow.
func (*Session) Authenticator ¶
func (s *Session) Authenticator() *browsersession.Authenticator
Authenticator returns the cookie authenticator, or nil when browser sessions are disabled (a nil Session).
func (*Session) Flow ¶
func (s *Session) Flow() *browsersession.Flow
Flow returns the OIDC login flow, or nil when browser sessions are disabled (a nil Session).