Documentation
¶
Index ¶
- type AccessTokenData
- type Authentication
- type AuthenticationDefs
- type AuthenticationType
- type Client
- type ClientType
- type ExtendedIdentifier
- type JwtCommonInfo
- type KeyCloakUser
- func (user *KeyCloakUser) GetFederationId() string
- func (user *KeyCloakUser) GetId() uuid.UUID
- func (user *KeyCloakUser) GetJsonString() string
- func (user *KeyCloakUser) GetPasswordHash() string
- func (user *KeyCloakUser) GetRawData() interface{}
- func (user *KeyCloakUser) GetUserInfo() interface{}
- func (user *KeyCloakUser) GetUsername() string
- func (user *KeyCloakUser) IsFederatedUser() bool
- func (user *KeyCloakUser) SetPassword(password string, encoder *encoding.PasswordJsonEncoder) error
- type OperationError
- type RawUserInfo
- type Realm
- type ServerData
- type TokenRefreshData
- type User
- type UserFederationServiceConfig
- type UserFederationServiceType
- type UserSession
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessTokenData ¶
type AccessTokenData struct {
ResultData map[string]interface{}
ResultJsonStr string
// contains filtered or unexported fields
}
AccessTokenData is a struct that stores data for build JWT access token (jwtCommonInfo, rawUserInfo) and result (ResultData, ResultJsonStr) this token = jwtCommonInfo + rawUserInfo
func CreateAccessToken ¶
func CreateAccessToken(commonData *JwtCommonInfo, userData User) *AccessTokenData
CreateAccessToken creates new AccessToken from common token data and public user info
func (*AccessTokenData) Init ¶
func (token *AccessTokenData) Init()
Init - combines 2 fields into map (ResultJsonStr) and simultaneously in a marshalled string ResultJsonStr
func (*AccessTokenData) Valid ¶
func (token *AccessTokenData) Valid() error
Valid is using for checking token fields values contains proper values, temporarily doesn't do anything
type Authentication ¶
type Authentication struct {
Type AuthenticationType
Value string
Attributes interface{}
}
Authentication struct for Clients authentication data, for ClientIdAndSecrets Value stores ClientSecret
type AuthenticationDefs ¶ added in v0.9.2
type AuthenticationType ¶
type AuthenticationType int
const (
ClientIdAndSecrets AuthenticationType = 1
)
ClientIdAndSecrets AuthenticationType represents Confidential Clients
type Client ¶
type Client struct {
Type ClientType
ID uuid.UUID
Name string
Auth Authentication
}
Client is a realm client, represents an application nad set of rules for interacting with Authorization server
type ClientType ¶
type ClientType string
ClientType is type of client security, Confidential clients must provide ClientSecret
const ( Public ClientType = "public" Confidential = "confidential" )
type ExtendedIdentifier ¶ added in v0.9.2
ExtendedIdentifier is a service struct that is using for association identifier and name of object like Client and User
type JwtCommonInfo ¶
type JwtCommonInfo struct {
IssuedAt time.Time `json:"iat"`
ExpiredAt time.Time `json:"exp"`
JwtId uuid.UUID `json:"jti"`
Type string `json:"typ"`
Issuer string `json:"iss"`
Audience string `json:"aud"`
Subject uuid.UUID `json:"sub"`
SessionState uuid.UUID `json:"session_state"`
SessionId uuid.UUID `json:"sid"`
Scope string `json:"scope"`
}
JwtCommonInfo - struct with all field for representing token in JWT format
type KeyCloakUser ¶
type KeyCloakUser struct {
// contains filtered or unexported fields
}
KeyCloakUser this structure is for user data that looks similar to KeyCloak, Users in Keycloak have info field with preferred_username and sub and others fields, Ferrum users have credentials built-in in user (temporary it stores in non encrypted mode)
func (*KeyCloakUser) GetFederationId ¶ added in v0.9.2
func (user *KeyCloakUser) GetFederationId() string
func (*KeyCloakUser) GetId ¶
func (user *KeyCloakUser) GetId() uuid.UUID
GetId returns unique user identifier
this function use internal map to navigate over info.sun keys to retrieve a user id * Parameters: no * Returns: user id
func (*KeyCloakUser) GetJsonString ¶ added in v0.9.2
func (user *KeyCloakUser) GetJsonString() string
func (*KeyCloakUser) GetPasswordHash ¶ added in v0.9.2
func (user *KeyCloakUser) GetPasswordHash() string
GetPasswordHash returns hash of password
this function use internal map to navigate over credentials.password keys to retrieve a hash of password * Parameters: no * Returns: hash of password
todo(UMV): we should consider case when User is External
func (*KeyCloakUser) GetRawData ¶ added in v0.9.2
func (user *KeyCloakUser) GetRawData() interface{}
func (*KeyCloakUser) GetUserInfo ¶
func (user *KeyCloakUser) GetUserInfo() interface{}
GetUserInfo returns Json with all non-confidential user data as KeyCloak do
this function use internal map to navigate over key info ant retrieve all public userinfo * Parameters: no * Returns: user info
func (*KeyCloakUser) GetUsername ¶
func (user *KeyCloakUser) GetUsername() string
GetUsername returns username as it stores in KeyCloak
this function use internal map to navigate over info.preferred_username keys, the last one key is a login key * We are expecting that username is unique in the Realm * Parameters: no * Returns: username
func (*KeyCloakUser) IsFederatedUser ¶ added in v0.9.2
func (user *KeyCloakUser) IsFederatedUser() bool
IsFederatedUser returns bool if user storing externally, if user is external, password can't be stored in storage
this function determines whether user stores outside the database i.e. in ActiveDirectory or other systems * navigation property for this federation.name * Parameters: no
func (*KeyCloakUser) SetPassword ¶ added in v0.9.2
func (user *KeyCloakUser) SetPassword(password string, encoder *encoding.PasswordJsonEncoder) error
SetPassword
this function changes a raw password to its hash in the user's rawData and jsonRawData and sets it * Parameters: * - password - new password * - encoder - encoder object with salt and hasher
type OperationError ¶
OperationError is a struct that represents Error and contains title of error (Msg) and detailed information (Description)
type RawUserInfo ¶
type RawUserInfo interface{}
RawUserInfo is a type that is using for place all public user data (in Keycloak - "info":{...} struct) into JWT encoded token
type Realm ¶
type Realm struct {
Name string `json:"name"`
Clients []Client `json:"clients"`
Users []interface{} `json:"users"`
TokenExpiration int `json:"token_expiration"`
RefreshTokenExpiration int `json:"refresh_expiration"`
UserFederationServices []UserFederationServiceConfig `json:"user_federation_services"`
PasswordSalt string `json:"password_salt"`
Encoder *encoding.PasswordJsonEncoder
}
Realm is a struct that describes typical Realm
It was originally designed to efficiently work in memory with small amount of data therefore it contains relations with Clients and Users * But in a systems with thousands of users working at the same time it is too expensive to fetch Realm with all relations therefore * in such systems Clients && Users would be empty, and we should to get User or Client separately
type ServerData ¶
type ServerData struct {
Realms []Realm
}
ServerData is used in managers.FileDataManager
type TokenRefreshData ¶
type TokenRefreshData struct {
JwtCommonInfo
}
TokenRefreshData is a JWT token with embedded just a common data (JwtCommonInfo)
func CreateRefreshToken ¶
func CreateRefreshToken(commonData *JwtCommonInfo) *TokenRefreshData
CreateRefreshToken creates Refresh token
func (*TokenRefreshData) Valid ¶
func (token *TokenRefreshData) Valid() error
Valid is using for checking token fields values contains proper values, temporarily doesn't do anything
type User ¶
type User interface {
GetUsername() string
GetPasswordHash() string
SetPassword(password string, encoder *encoding.PasswordJsonEncoder) error
GetId() uuid.UUID
GetUserInfo() interface{}
GetRawData() interface{}
GetJsonString() string
IsFederatedUser() bool
// GetFederationId actually Federation Name
GetFederationId() string
}
User is a common user interface with all Required methods to get information about user, in future we probably won't have GetPassword method because Password is not an only method for authentication
func CreateUser ¶
func CreateUser(rawData interface{}, encoder *encoding.PasswordJsonEncoder) User
CreateUser function creates User interface instance (KeyCloakUser) from raw json
Function create User instance from any json (interface{})
* Parameters:
* - rawData - any json
* Return: instance of User as KeyCloakUser
type UserFederationServiceConfig ¶ added in v0.9.2
type UserFederationServiceConfig struct {
Type UserFederationServiceType `json:"type"`
// Url is a base url to fetch data
Url string `json:"url"`
// Name is internal Unique identifier, MUST be unique across all providers
Name string `json:"name"`
// SysUser is a system User, if SysUser == "" then mode IsAnonymous
SysUser string `json:"sys_user"`
// SysPassword is a system password
SysPassword string `json:"sys_password"`
// TlsCfg is an HTTPS configuration options, use InsecureSkipVerify=true to allow to use self-signed certificate
// TlsCfg tls.Config `json:"tls_cfg"`
// EntryPoint is case of LDAP is a catalog where we should fetch data, i.e.
EntryPoint string `json:"entry_point"`
}
func (UserFederationServiceConfig) IsAnonymousAccess ¶ added in v0.9.2
func (u UserFederationServiceConfig) IsAnonymousAccess() bool
type UserFederationServiceType ¶ added in v0.9.2
type UserFederationServiceType string
const ( LDAP UserFederationServiceType = "ldap" FreeIPA UserFederationServiceType = "freeipa" )
type UserSession ¶
type UserSession struct {
Id uuid.UUID
UserId uuid.UUID
Started time.Time
Expired time.Time
RefreshExpired time.Time
JwtAccessToken string
JwtRefreshToken string
}
UserSession is a struct that is using for store info about users logged in a Ferrum authorization server
UserId - uuid representing unique user identifier * Started - time when token was Issued * Expired - time when session expires * RefreshExpired - time when refresh expires * JwtAccessToken and JwtRefreshToken - access and refresh tokens
Source Files