idp

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2023 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthnType 

type AuthnType string

AuthnType defines the kinds of authentication factors 

const (
	AuthnTypePassword AuthnType = "password"
	AuthnTypeSocial   AuthnType = "social"

	// Used for filter queries; not a valid type
	AuthnTypeAll AuthnType = "all"
)

AuthnType constants

func (AuthnType) Validate 

func (a AuthnType) Validate() error

Validate implements Validateable

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client represents a client to talk to the Userclouds IDP

func NewClient 

func NewClient(url string, organizationID *uuid.UUID, opts ...jsonclient.Option) (*Client, error)

NewClient constructs a new IDP client

func (*Client) CreateAccessor added in v0.3.0 

func (c *Client) CreateAccessor(ctx context.Context, fa userstore.Accessor) (*userstore.Accessor, error)

CreateAccessor creates a new accessor for the associated tenant

func (*Client) CreateColumn added in v0.3.0 

func (c *Client) CreateColumn(ctx context.Context, column userstore.Column) (*userstore.Column, error)

CreateColumn creates a new column for the associated tenant

func (*Client) CreateMutator added in v0.4.0 

func (c *Client) CreateMutator(ctx context.Context, fa userstore.Mutator) (*userstore.Mutator, error)

CreateMutator creates a new mutator for the associated tenant

func (*Client) CreateUser added in v0.3.0 

func (c *Client) CreateUser(ctx context.Context,
	profile UserProfile,
	extendedProfile userstore.Record,
	externalAlias string) (uuid.UUID, error)

CreateUser creates a user without authn. extendedProfile & externalAlias are optional (nil is ok)

func (*Client) DeleteAccessor added in v0.3.0 

func (c *Client) DeleteAccessor(ctx context.Context, accessorID uuid.UUID) error

DeleteAccessor deletes the accessor specified by the accessor ID for the associated tenant

func (*Client) DeleteColumn added in v0.3.0 

func (c *Client) DeleteColumn(ctx context.Context, columnID uuid.UUID) error

DeleteColumn deletes the column specified by the column ID for the associated tenant

func (*Client) DeleteMutator added in v0.4.0 

func (c *Client) DeleteMutator(ctx context.Context, mutatorID uuid.UUID) error

DeleteMutator deletes the mutator specified by the mutator ID for the associated tenant

func (*Client) DeleteUser 

func (c *Client) DeleteUser(ctx context.Context, id uuid.UUID) error

DeleteUser deletes a user by ID

func (*Client) ExecuteAccessor added in v0.3.0 

func (c *Client) ExecuteAccessor(ctx context.Context, user UserSelector, accessorID uuid.UUID, clientContext policy.ClientContext) (string, error)

ExecuteAccessor accesses a column via an accessor for the associated tenant

func (*Client) GetAccessor added in v0.3.0 

func (c *Client) GetAccessor(ctx context.Context, accessorID uuid.UUID) (*userstore.Accessor, error)

GetAccessor returns the accessor specified by the accessor ID for the associated tenant

func (*Client) GetAccessorByVersion added in v0.4.0 

func (c *Client) GetAccessorByVersion(ctx context.Context, accessorID uuid.UUID, version int) (*userstore.Accessor, error)

GetAccessorByVersion returns the version of an accessor specified by the accessor ID and version for the associated tenant

func (*Client) GetColumn added in v0.3.0 

func (c *Client) GetColumn(ctx context.Context, columnID uuid.UUID) (*userstore.Column, error)

GetColumn returns the column specified by the column ID for the associated tenant

func (*Client) GetMutator added in v0.4.0 

func (c *Client) GetMutator(ctx context.Context, mutatorID uuid.UUID) (*userstore.Mutator, error)

GetMutator returns the mutator specified by the mutator ID for the associated tenant

func (*Client) GetUser 

func (c *Client) GetUser(ctx context.Context, id uuid.UUID) (*UserAndAuthnResponse, error)

GetUser gets a user by ID

func (*Client) GetUserByExternalAlias added in v0.3.0 

func (c *Client) GetUserByExternalAlias(ctx context.Context, alias string) (*UserAndAuthnResponse, error)

GetUserByExternalAlias gets a user by external alias

func (*Client) ListAccessors added in v0.3.0 

func (c *Client) ListAccessors(ctx context.Context) ([]userstore.Accessor, error)

ListAccessors lists all the available accessors for the associated tenant

func (*Client) ListColumns added in v0.3.0 

func (c *Client) ListColumns(ctx context.Context) ([]userstore.Column, error)

ListColumns lists all columns for the associated tenant

func (*Client) ListMutators added in v0.4.0 

func (c *Client) ListMutators(ctx context.Context) ([]userstore.Mutator, error)

ListMutators lists all the available mutators for the associated tenant

func (*Client) UpdateAccessor added in v0.3.0 

func (c *Client) UpdateAccessor(ctx context.Context, accessorID uuid.UUID, updatedAccessor userstore.Accessor) (*userstore.Accessor, error)

UpdateAccessor updates the accessor specified by the accessor ID with the specified data for the associated tenant

func (*Client) UpdateColumn added in v0.3.0 

func (c *Client) UpdateColumn(ctx context.Context, columnID uuid.UUID, updatedColumn userstore.Column) (*userstore.Column, error)

UpdateColumn updates the column specified by the column ID with the specified data for the associated tenant

func (*Client) UpdateMutator added in v0.4.0 

func (c *Client) UpdateMutator(ctx context.Context, mutatorID uuid.UUID, updatedMutator userstore.Mutator) (*userstore.Mutator, error)

UpdateMutator updates the mutator specified by the mutator ID with the specified data for the associated tenant

func (*Client) UpdateUser 

func (c *Client) UpdateUser(ctx context.Context, id uuid.UUID, req UpdateUserRequest) (*UserAndAuthnResponse, error)

UpdateUser updates user profile data for a given user ID

type CreateAccessorRequest added in v0.3.0 

type CreateAccessorRequest struct {
	Accessor userstore.Accessor `json:"accessor"`
}

CreateAccessorRequest is the request body for creating a new accessor

type CreateAccessorResponse added in v0.3.0 

type CreateAccessorResponse struct {
	Accessor userstore.Accessor `json:"accessor"`
}

CreateAccessorResponse is the response body for creating a new accessor

type CreateColumnRequest added in v0.3.0 

type CreateColumnRequest struct {
	Column userstore.Column `json:"column"`
}

CreateColumnRequest is the request body for creating a new column TODO: should this support multiple at once before we ship this API?

type CreateColumnResponse added in v0.3.0 

type CreateColumnResponse struct {
	Column userstore.Column `json:"column"`
}

CreateColumnResponse is the response body for creating a new column

type CreateMutatorRequest added in v0.4.0 

type CreateMutatorRequest struct {
	Mutator userstore.Mutator `json:"mutator"`
}

CreateMutatorRequest is the request body for creating a new mutator

type CreateMutatorResponse added in v0.4.0 

type CreateMutatorResponse struct {
	Mutator userstore.Mutator `json:"mutator"`
}

CreateMutatorResponse is the response body for creating a new mutator

type CreateUserAndAuthnRequest added in v0.3.0 

type CreateUserAndAuthnRequest struct {
	UserProfile `json:"profile"`

	// TODO: these fields really belong in a better client-facing User type
	ExternalAlias *string `json:"external_alias,omitempty"`
	RequireMFA    bool    `json:"require_mfa"`

	UserExtendedProfile userstore.Record `json:"profile_ext"`

	OrganizationID uuid.UUID `json:"organization_id"`

	UserAuthn
}

CreateUserAndAuthnRequest creates a user on the IDP

type ExecuteAccessorRequest added in v0.3.0 

type ExecuteAccessorRequest struct {
	User       UserSelector         `json:"user"`        // the user who's data you are accessing
	AccessorID uuid.UUID            `json:"accessor_id"` // the accessor that specifies what you're accessing
	Context    policy.ClientContext `json:"context"`     // context that is provided to the accessor Access Policy
}

ExecuteAccessorRequest is the request body for accessing a column

type ExecuteAccessorResponse added in v0.3.0 

type ExecuteAccessorResponse struct {
	Value string `json:"value"`
}

ExecuteAccessorResponse is the response body for accessing a column

type ListAccessorsResponse added in v0.3.0 

type ListAccessorsResponse struct {
	Accessors []userstore.Accessor `json:"accessors"`
}

ListAccessorsResponse is the response body for listing accessors

type ListColumnsResponse added in v0.3.0 

type ListColumnsResponse struct {
	Columns []userstore.Column `json:"columns"`
}

ListColumnsResponse is the response body for listing columns

type ListMutatorsResponse added in v0.4.0 

type ListMutatorsResponse struct {
	Mutators []userstore.Mutator `json:"mutators"`
}

ListMutatorsResponse is the response body for listing mutators

type MutableUserProfile 

type MutableUserProfile struct {
	EmailVerified *bool   `json:"email_verified,omitempty"`
	Name          *string `json:"name,omitempty"`
	Nickname      *string `json:"nickname,omitempty"`
	Picture       *string `json:"picture,omitempty"`
}

MutableUserProfile is used by UpdateUserRequest to update parts of the core user profile. Only non-nil fields in the underlying struct will be updated.

type UpdateAccessorRequest added in v0.3.0 

type UpdateAccessorRequest struct {
	Accessor userstore.Accessor `json:"accessor"`
}

UpdateAccessorRequest is the request body for updating an accessor

type UpdateAccessorResponse added in v0.3.0 

type UpdateAccessorResponse struct {
	Accessor userstore.Accessor `json:"accessor"`
}

UpdateAccessorResponse is the response body for updating an accessor

type UpdateColumnRequest added in v0.3.0 

type UpdateColumnRequest struct {
	Column userstore.Column `json:"column"`
}

UpdateColumnRequest is the request body for updating a column

type UpdateColumnResponse added in v0.3.0 

type UpdateColumnResponse struct {
	Column userstore.Column `json:"column"`
}

UpdateColumnResponse is the response body for updating a column

type UpdateMutatorRequest added in v0.4.0 

type UpdateMutatorRequest struct {
	Mutator userstore.Mutator `json:"mutator"`
}

UpdateMutatorRequest is the request body for updating a mutator

type UpdateMutatorResponse added in v0.4.0 

type UpdateMutatorResponse struct {
	Mutator userstore.Mutator `json:"mutator"`
}

UpdateMutatorResponse is the response body for updating a mutator

type UpdateUserRequest 

type UpdateUserRequest struct {
	UserProfile MutableUserProfile `json:"profile"`

	// TODO: add MFA factors
	RequireMFA *bool `json:"require_mfa,omitempty"`

	// Only fields set in the underlying map will be updated
	UserExtendedProfile userstore.Record `json:"profile_ext"`

	OrganizationID *uuid.UUID `json:"organization_id"`
}

UpdateUserRequest optionally updates some or all mutable fields of a user struct. Pointers are used to distinguish between unset vs. set to default value (false, "", etc). TODO: should we allow changing Email? That's a more complex one as there are more implications to changing email that may affect AuthNs and security (e.g. account hijacking, unverified emails, etc).

type UserAndAuthnResponse added in v0.3.0 

type UserAndAuthnResponse struct {
	ID        uuid.UUID `json:"id"`
	UpdatedAt int64     `json:"updated_at"` // seconds since the Unix Epoch (UTC)

	UserProfile `json:"profile"`

	ExternalAlias *string `json:"external_alias,omitempty"`
	RequireMFA    bool    `json:"require_mfa"`

	UserExtendedProfile userstore.Record `json:"profile_ext"`

	OrganizationID uuid.UUID `json:"organization_id"`

	Authns []UserAuthn `json:"authns"`
}

UserAndAuthnResponse is the response body for methods which return user data.

type UserAuthn 

type UserAuthn struct {
	AuthnType AuthnType `json:"authn_type"`

	// Fields specified if AuthnType == 'password'
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`

	// Fields specified if AuthnType == 'social'
	SocialProvider socialprovider.SocialProvider `json:"social_provider,omitempty"`
	OIDCSubject    string                        `json:"oidc_subject,omitempty"`
}

UserAuthn represents an authentication factor for a user. NOTE: some fields are not used in some circumstances, e.g. Password is only used when creating an account but never used when getting an account. TODO: use this for UpdateUser too.

type UserProfile 

type UserProfile struct {
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Name          string `json:"name,omitempty"`     // Full name in displayable form (incl titles, suffixes, etc) localized to end-user.
	Nickname      string `json:"nickname,omitempty"` // Casual name of the user, may or may not be same as Given Name.
	Picture       string `json:"picture,omitempty"`  // URL of the user's profile picture.

}

UserProfile is a collection of per-user properties stored in the DB as JSON since they are likely to be sparse and change more frequently. Follow conventions of https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for all standard fields.

func (*UserProfile) Validate 

func (o *UserProfile) Validate() error

Validate implements Validateable

type UserSelector added in v0.3.0 

type UserSelector struct {
	ID            uuid.UUID `json:"id"`
	ExternalAlias string    `json:"external_alias"` // TODO: using this here makes me think we should rename it
}

UserSelector lets you request the user to run an accessor on Currently we only support UserClouds ID or your own ID (ExternalAlias) but plan to enhance this soon.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.