idp

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2022 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthnType 

type AuthnType string

AuthnType defines the kinds of authentication factors 

const (
	AuthnTypePassword AuthnType = "password"
	AuthnTypeSocial   AuthnType = "social"

	// Used for filter queries; not a valid type
	AuthnTypeAll AuthnType = "all"
)

AuthnType constants

func (AuthnType) Validate 

func (a AuthnType) Validate() error

Validate implements Validateable

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client represents a client to talk to the Userclouds IDP

func NewClient 

func NewClient(url string, opts ...jsonclient.Option) (*Client, error)

NewClient constructs a new IDP client

func (*Client) CreateUserWithPassword 

func (c *Client) CreateUserWithPassword(ctx context.Context, username, password string, profile UserProfile) (uuid.UUID, error)

CreateUserWithPassword creates a user on the IDP

func (*Client) CreateUserWithSocial 

func (c *Client) CreateUserWithSocial(ctx context.Context, provider SocialProvider, subject string, profile UserProfile) (uuid.UUID, error)

CreateUserWithSocial creates a user on the IDP

func (*Client) DeleteUser 

func (c *Client) DeleteUser(ctx context.Context, id uuid.UUID) error

DeleteUser deletes a user by ID

func (*Client) GetUser 

func (c *Client) GetUser(ctx context.Context, id uuid.UUID) (*UserResponse, error)

GetUser gets a user by ID

func (*Client) GetUserForSocial 

func (c *Client) GetUserForSocial(ctx context.Context, provider SocialProvider, oidcSubject string) (*UserResponse, error)

GetUserForSocial gets a user by social provider / ID

func (*Client) ListUsers 

func (c *Client) ListUsers(ctx context.Context, opts ...pagination.Option) (*ListUsersResponse, error)

ListUsers lists all users

func (*Client) ListUsersForEmail 

func (c *Client) ListUsersForEmail(ctx context.Context, email string, authnType AuthnType) ([]UserResponse, error)

ListUsersForEmail gets all user accounts associated with an email and authn type

func (*Client) Login 

func (c *Client) Login(ctx context.Context, username, password string) (*LoginResponse, error)

Login supports username/password login to the UC IDP

func (*Client) LoginWithMFA 

func (c *Client) LoginWithMFA(ctx context.Context, sessionID, code string) (*LoginResponse, error)

LoginWithMFA sends the MFA code response

func (*Client) UpdateUser 

func (c *Client) UpdateUser(ctx context.Context, id uuid.UUID, req UpdateUserRequest) (*UserResponse, error)

UpdateUser updates user profile data for a given user ID

func (*Client) UpdateUsernamePassword 

func (c *Client) UpdateUsernamePassword(ctx context.Context, username, password string) error

UpdateUsernamePassword updates the stored password for a user for follower-sync purposes

type CreateUserRequest 

type CreateUserRequest struct {
	UserProfile `json:"profile"`

	RequireMFA bool `json:"require_mfa"`

	UserExtendedProfile userstore.Record `json:"profile_ext"`

	UserAuthn
}

CreateUserRequest creates a user on the IDP

type ListUsersResponse 

type ListUsersResponse struct {
	Data []UserResponse `json:"data"`
	pagination.ResponseFields
}

ListUsersResponse is the paginated response from listing users.

type LoginResponse 

type LoginResponse struct {
	Status LoginStatus `json:"status"`

	// UserID is set iff Status == LoginStatusSuccess (TODO: maybe also LoginStatusMFARequired?)
	UserID uuid.UUID `json:"user_id"`

	// MFAToken is set iff Status == LoginStatusMFARequired
	MFAToken string `json:"mfa_token,omitempty"`
}

LoginResponse is the full response returned from an IDP login API

type LoginStatus 

type LoginStatus string

LoginStatus indicates whether a login attempt succeeded, failed, or requires additional validation (e.g. MFA) 

const (
	LoginStatusSuccess     LoginStatus = "success"
	LoginStatusMFARequired LoginStatus = "mfa_required"
)

LoginStatus constants

type MFALoginRequest 

type MFALoginRequest struct {
	MFARequestID uuid.UUID
	MFACode      string
}

MFALoginRequest allows the client to submit an MFA code

type MutableUserProfile 

type MutableUserProfile struct {
	EmailVerified *bool   `json:"email_verified,omitempty"`
	Name          *string `json:"name,omitempty"`
	Nickname      *string `json:"nickname,omitempty"`
	Picture       *string `json:"picture,omitempty"`
}

MutableUserProfile is used by UpdateUserRequest to update parts of the core user profile. Only non-nil fields in the underlying struct will be updated.

type SocialProvider 

type SocialProvider int

SocialProvider defines the known External/Social Identity Providers 

const (
	// When sync'ing data from other IDPs, it's possible to encounter social auth providers not yet supported,
	// in which case we store SocialProviderUnsupported in the DB.
	SocialProviderUnsupported SocialProvider = -1

	// Not having a social provider is the "default", hence why SocialProviderNone is 0.
	SocialProviderNone SocialProvider = 0

	// Valid social auth providers are numbered starting with 1
	SocialProviderGoogle SocialProvider = 1
)

SocialProvider constants

func (SocialProvider) MarshalText 

func (t SocialProvider) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler (for JSON)

func (SocialProvider) String 

func (t SocialProvider) String() string

just here for easier debugging

func (*SocialProvider) UnmarshalText 

func (t *SocialProvider) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextMarshaler (for JSON)

func (SocialProvider) Validate 

func (s SocialProvider) Validate() error

Validate implements Validateable

type UpdateUserRequest 

type UpdateUserRequest struct {
	UserProfile MutableUserProfile `json:"profile"`

	// TODO: add MFA factors
	RequireMFA *bool `json:"require_mfa,omitempty"`

	// Only fields set in the underlying map will be updated
	UserExtendedProfile userstore.Record `json:"profile_ext"`
}

UpdateUserRequest optionally updates some or all mutable fields of a user struct. Pointers are used to distinguish between unset vs. set to default value (false, "", etc). TODO: should we allow changing Email? That's a more complex one as there are more implications to changing email that may affect AuthNs and security (e.g. account hijacking, unverified emails, etc).

type UpdateUsernamePasswordRequest 

type UpdateUsernamePasswordRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

UpdateUsernamePasswordRequest is used to keep the follower IDP(s) in sync

type UpdateUsernamePasswordResponse 

type UpdateUsernamePasswordResponse struct {
	Success bool `json:"success"`
}

UpdateUsernamePasswordResponse confirms an update succeeded (or not)

type UserAuthn 

type UserAuthn struct {
	AuthnType AuthnType `json:"authn_type"`

	// Fields specified if AuthnType == 'password'
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`

	// Fields specified if AuthnType == 'social'
	SocialProvider SocialProvider `json:"social_provider,omitempty"`
	OIDCSubject    string         `json:"oidc_subject,omitempty"`
}

UserAuthn represents an authentication factor for a user. NOTE: some fields are not used in some circumstances, e.g. Password is only used when creating an account but never used when getting an account. TODO: use this for UpdateUser too.

func NewPasswordAuthn 

func NewPasswordAuthn(username, password string) UserAuthn

NewPasswordAuthn creates a new UserAuthn for username + password.

func NewSocialAuthn 

func NewSocialAuthn(provider SocialProvider, oidcSubject string) UserAuthn

NewSocialAuthn creates a new UserAuthn for social / OIDC login.

type UserProfile 

type UserProfile struct {
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Name          string `json:"name,omitempty"`     // Full name in displayable form (incl titles, suffixes, etc) localized to end-user.
	Nickname      string `json:"nickname,omitempty"` // Casual name of the user, may or may not be same as Given Name.
	Picture       string `json:"picture,omitempty"`  // URL of the user's profile picture.

}

UserProfile is a collection of per-user properties stored in the DB as JSON since they are likely to be sparse and change more frequently. Follow conventions of https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for all standard fields.

func (*UserProfile) Validate 

func (o *UserProfile) Validate() error

Validate implements Validateable

type UserResponse 

type UserResponse struct {
	ID        uuid.UUID `json:"id"`
	UpdatedAt int64     `json:"updated_at"` // seconds since the Unix Epoch (UTC)

	UserProfile `json:"profile"`

	RequireMFA bool `json:"require_mfa"`

	UserExtendedProfile userstore.Record `json:"profile_ext"`

	Authns []UserAuthn `json:"authns"`
}

UserResponse is the response body for methods which return user data.

type UsernamePasswordLoginRequest 

type UsernamePasswordLoginRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

UsernamePasswordLoginRequest specifies the IDP request to login with username & password.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.