auth

package
v0.0.0-...-bb3b1dd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2025 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewOAuth2 

func NewOAuth2(providerType string, providerMetadata ProviderMetadata, opts NewOAuth2Options) (p oAuth2, err error)

NewOAuth2 returns a new OAuth2 provider

Types

type GitHub 

type GitHub struct {
	// contains filtered or unexported fields
}

GitHub manages authentication with GitHub. It is based on the OAuth 2 provider.

func NewGitHub 

func NewGitHub(opts NewGitHubOptions) (*GitHub, error)

NewGitHub returns a new GitHub provider

func (*GitHub) GetHTTPClient 

func (a *GitHub) GetHTTPClient() *http.Client

func (*GitHub) GetProviderType 

func (a *GitHub) GetProviderType() string

func (*GitHub) OAuth2AuthorizeURL 

func (a *GitHub) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (*GitHub) OAuth2ExchangeCode 

func (a *GitHub) OAuth2ExchangeCode(ctx context.Context, state string, code string, redirectURL string) (OAuth2AccessToken, error)

func (*GitHub) OAuth2RetrieveProfile 

func (a *GitHub) OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (*user.Profile, error)

func (*GitHub) PopulateAdditionalClaims 

func (a *GitHub) PopulateAdditionalClaims(token jwt.Token, setClaimFn func(key string, val any))

func (*GitHub) SetEndpoints 

func (a *GitHub) SetEndpoints(endpoints OAuth2Endpoints) error

type Google 

type Google struct {
	*OpenIDConnect
}

Google manages authentication with Google Identity. It is based on the OpenIDConnect provider.

func NewGoogle 

func NewGoogle(opts NewGoogleOptions) (*Google, error)

NewGoogle returns a new Google provider

func (Google) GetHTTPClient 

func (a Google) GetHTTPClient() *http.Client

func (Google) GetProviderType 

func (a Google) GetProviderType() string

func (Google) OAuth2AuthorizeURL 

func (a Google) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (Google) OAuth2ExchangeCode 

func (a Google) OAuth2ExchangeCode(ctx context.Context, state string, code string, redirectURL string) (OAuth2AccessToken, error)

func (*Google) PopulateAdditionalClaims 

func (a *Google) PopulateAdditionalClaims(token jwt.Token, setClaimFn func(key string, val any))

func (Google) SetEndpoints 

func (a Google) SetEndpoints(endpoints OAuth2Endpoints) error

type MicrosoftEntraID 

type MicrosoftEntraID struct {
	*OpenIDConnect
}

MicrosoftEntraID manages authentication with Microsoft Entra ID. It is based on the OpenIDConnect provider.

func NewMicrosoftEntraID 

func NewMicrosoftEntraID(opts NewMicrosoftEntraIDOptions) (*MicrosoftEntraID, error)

NewMicrosoftEntraID returns a new MicrosoftEntraID provider

func (MicrosoftEntraID) GetHTTPClient 

func (a MicrosoftEntraID) GetHTTPClient() *http.Client

func (MicrosoftEntraID) GetProviderType 

func (a MicrosoftEntraID) GetProviderType() string

func (MicrosoftEntraID) OAuth2AuthorizeURL 

func (a MicrosoftEntraID) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (MicrosoftEntraID) OAuth2ExchangeCode 

func (a MicrosoftEntraID) OAuth2ExchangeCode(ctx context.Context, state string, code string, redirectURL string) (OAuth2AccessToken, error)

func (*MicrosoftEntraID) PopulateAdditionalClaims 

func (a *MicrosoftEntraID) PopulateAdditionalClaims(token jwt.Token, setClaimFn func(key string, val any))

func (MicrosoftEntraID) SetEndpoints 

func (a MicrosoftEntraID) SetEndpoints(endpoints OAuth2Endpoints) error

type NewGitHubOptions 

type NewGitHubOptions struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewGitHubOptions is the options for NewGitHub

type NewGoogleOptions 

type NewGoogleOptions struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewGoogleOptions is the options for NewGoogle

func (NewGoogleOptions) ToNewOpenIDConnectOptions 

func (o NewGoogleOptions) ToNewOpenIDConnectOptions() NewOpenIDConnectOptions

type NewMicrosoftEntraIDOptions 

type NewMicrosoftEntraIDOptions struct {
	// Tenant ID
	TenantID string
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// Enables the use of Federated Identity Credentials
	AzureFederatedIdentity string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
	// Key for generating PKCE code verifiers
	// Enables the use of PKCE if non-empty
	PKCEKey []byte
}

NewMicrosoftEntraIDOptions is the options for NewMicrosoftEntraID

func (NewMicrosoftEntraIDOptions) ToNewOpenIDConnectOptions 

func (o NewMicrosoftEntraIDOptions) ToNewOpenIDConnectOptions() NewOpenIDConnectOptions

type NewOAuth2Options 

type NewOAuth2Options struct {
	Config OAuth2Config
	// Optional value for the issuer claim
	TokenIssuer string
	// Scopes for requesting the token
	// This is optional and defaults to "openid profile email"
	Scopes string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
	// Key for generating PKCE code verifiers
	// Enables the use of PKCE if non-empty
	PKCEKey []byte
	// Skip validating TLS certificates when connecting to the Identity Provider
	TLSSkipVerify bool
	// Optional, PEM-encoded CA certificate used when connecting to the Identity Provider
	TLSCACertificate []byte
	// contains filtered or unexported fields
}

NewOAuth2Options is the options for NewOAuth2

type NewOpenIDConnectOptions 

type NewOpenIDConnectOptions struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
	// Token issuer
	TokenIssuer string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
	// Key for generating PKCE code verifiers
	// Enables the use of PKCE if non-empty
	PKCEKey []byte
	// Skip validating TLS certificates when connecting to the Identity Provider
	TLSSkipVerify bool
	// Optional, PEM-encoded CA certificate used when connecting to the Identity Provider
	TLSCACertificate []byte
	// contains filtered or unexported fields
}

NewOpenIDConnectOptions is the options for NewOpenIDConnect

type NewTailscaleWhoisOptions 

type NewTailscaleWhoisOptions struct {
	// If non-empty, requires the Tailnet of the user to match this value
	AllowedTailnet string
	// Request timeout; defaults to 10s
	RequestTimeout time.Duration
}

NewTailscaleWhoisOptions is the options for NewTailscaleWhois

type OAuth2AccessToken 

type OAuth2AccessToken struct {
	Provider     string
	AccessToken  string
	Expires      time.Time
	IDToken      string
	RefreshToken string
	Scopes       []string
}

OAuth2AccessToken is a struct that represents an access token.

type OAuth2Config 

type OAuth2Config struct {
	// Client ID
	ClientID string
	// Client secret
	ClientSecret string
}

type OAuth2Endpoints 

type OAuth2Endpoints struct {
	// Authorization URL
	Authorization string `json:"authorization_endpoint"`
	// Token URL
	Token string `json:"token_endpoint"`
	// User Info URL
	UserInfo string `json:"userinfo_endpoint"`
}

func (OAuth2Endpoints) Valid 

func (e OAuth2Endpoints) Valid() bool

Valid returns true if all fields are set

type OAuth2Provider 

type OAuth2Provider interface {
	Provider

	// OAuth2AuthorizeURL returns the URL where to redirect users to for authorization.
	OAuth2AuthorizeURL(state string, redirectURL string) (string, error)
	// OAuth2ExchangeCode an authorization code for an access token
	OAuth2ExchangeCode(ctx context.Context, state string, code string, redirectURL string) (OAuth2AccessToken, error)
	// OAuth2RetrieveProfile retrieves the user's profile, using the id_token (if present) or requesting it from the user info endpoint.
	OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (*user.Profile, error)
}

OAuth2Provider is the interface that represents an auth provider that is based on OAuth2.

type OpenIDConnect 

type OpenIDConnect struct {
	// contains filtered or unexported fields
}

OpenIDConnect manages authentication with a generic OpenID Connect provider. It is based on the OAuth 2 provider.

func NewOpenIDConnect 

func NewOpenIDConnect(ctx context.Context, opts NewOpenIDConnectOptions) (*OpenIDConnect, error)

NewOpenIDConnect returns a new OpenIDConnect provider The endpoints are resolved by retrieving the openid-configuration document from the URL of the token issuer.

func (*OpenIDConnect) GetHTTPClient 

func (a *OpenIDConnect) GetHTTPClient() *http.Client

func (*OpenIDConnect) GetProviderType 

func (a *OpenIDConnect) GetProviderType() string

func (*OpenIDConnect) OAuth2AuthorizeURL 

func (a *OpenIDConnect) OAuth2AuthorizeURL(state string, redirectURL string) (string, error)

func (*OpenIDConnect) OAuth2ExchangeCode 

func (a *OpenIDConnect) OAuth2ExchangeCode(ctx context.Context, state string, code string, redirectURL string) (OAuth2AccessToken, error)

func (*OpenIDConnect) OAuth2RetrieveProfile 

func (a *OpenIDConnect) OAuth2RetrieveProfile(ctx context.Context, at OAuth2AccessToken) (profile *user.Profile, err error)

func (*OpenIDConnect) SetEndpoints 

func (a *OpenIDConnect) SetEndpoints(endpoints OAuth2Endpoints) error

type Provider 

type Provider interface {
	// GetProviderType returns the type of the provider
	GetProviderType() string
	// ValidateRequestClaims validates that claims are valid for the incoming request from the client.
	ValidateRequestClaims(r *http.Request, profile *user.Profile) error
	// PopulateAdditionalClaims allows a provider to populate the AdditionalClaims property of a Profile object.
	PopulateAdditionalClaims(token jwt.Token, setClaimFn func(key string, val any))

	// SetProviderMetadata sets the metadata for the provider.
	SetProviderMetadata(m ProviderMetadata)
	// GetProviderName returns the provider name.
	GetProviderName() string
	// GetProviderDisplayName returns the provider display name.
	GetProviderDisplayName() string
	// GetProviderIcon returns the provider icon.
	GetProviderIcon() string
	// GetProviderColor returns the provider color.
	GetProviderColor() string
}

Provider is the interface that represents an auth provider.

type ProviderMetadata 

type ProviderMetadata struct {
	Name        string
	DisplayName string
	Icon        string
	Color       string
}

ProviderMetadata includes metadata info for the auth provider.

type SeamlessProvider 

type SeamlessProvider interface {
	Provider

	// SeamlessAuth performs seamless authentication for the HTTP request.
	SeamlessAuth(r *http.Request) (*user.Profile, error)
}

SeamlessProvider is the interface that represents an auth provider that performs authentication based on flows that do not require user action, such as network.

type TailscaleWhois 

type TailscaleWhois struct {
	// contains filtered or unexported fields
}

TailscaleWhois is a Provider for authenticating with Tailscale Whois, for requests that are coming over a Tailscale network.

func NewTailscaleWhois 

func NewTailscaleWhois(opts NewTailscaleWhoisOptions) (*TailscaleWhois, error)

NewTailscaleWhois returns a new TailscaleWhois provider

func (*TailscaleWhois) GetProviderColor 

func (b *TailscaleWhois) GetProviderColor() string

func (*TailscaleWhois) GetProviderDisplayName 

func (b *TailscaleWhois) GetProviderDisplayName() string

func (*TailscaleWhois) GetProviderIcon 

func (b *TailscaleWhois) GetProviderIcon() string

func (*TailscaleWhois) GetProviderName 

func (b *TailscaleWhois) GetProviderName() string

func (*TailscaleWhois) GetProviderType 

func (a *TailscaleWhois) GetProviderType() string

func (*TailscaleWhois) PopulateAdditionalClaims 

func (a *TailscaleWhois) PopulateAdditionalClaims(token jwt.Token, setClaimFn func(key string, val any))

func (*TailscaleWhois) SeamlessAuth 

func (a *TailscaleWhois) SeamlessAuth(r *http.Request) (*user.Profile, error)

func (*TailscaleWhois) SetProviderMetadata 

func (b *TailscaleWhois) SetProviderMetadata(m ProviderMetadata)

func (*TailscaleWhois) ValidateRequestClaims 

func (a *TailscaleWhois) ValidateRequestClaims(r *http.Request, profile *user.Profile) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.