quarterdeck

package
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 16, 2025 License: BSD-3-Clause Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HXRequest  = "HX-Request"
	HXRedirect = "HX-Redirect"
)

HTMX Request Headers

View Source 
const (
	// Default timeout for synchronization requests to Quarterdeck.
	SyncTimeout = 20 * time.Second

	// Default interval for synchronization of JWKS and OpenID configuration if not
	// specified by the Expires header.
	SyncInterval = 1 * time.Hour
)

Variables

View Source 
var (
	ErrNoLoginURL = errors.New("no login URL specified or authentication endpoint set in OIDC discovery data")
)

Functions

func IsHTMXRequest added in v1.2.1 

func IsHTMXRequest(c *gin.Context) bool

Returns true if the request contains the HXRequest header.

func Redirect added in v1.2.1 

func Redirect(c *gin.Context, code int, location string)

Redirect determines if the request is an HTMX request, if so, it sets the HX-Redirect header and returns a 204 no content to allow HTMX to handle the redirect. Otherwise it sets the code and issues a normal gin redirect with the location in the headers.

Types

type LoginURL added in v1.2.1 

type LoginURL struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

LoginURL provides a thread-safe way to manage the login URL for Quarterdeck and tracks if the URL is set by the user (immutable) or if it is set by the OpenID configuration, which means it can be updated during synchronization.

func (*LoginURL) Location added in v1.2.1 

func (l *LoginURL) Location(c *gin.Context) string

func (*LoginURL) Update added in v1.2.1 

func (l *LoginURL) Update(uri string)

type OpenIDConfiguration 

type OpenIDConfiguration struct {
	Issuer                        string   `json:"issuer"`
	AuthorizationEP               string   `json:"authorization_endpoint"`
	TokenEP                       string   `json:"token_endpoint"`
	DeviceAuthorizationEP         string   `json:"device_authorization_endpoint"`
	UserInfoEP                    string   `json:"userinfo_endpoint"`
	MFAChallengeEP                string   `json:"mfa_challenge_endpoint"`
	JWKSURI                       string   `json:"jwks_uri"`
	RegistrationEP                string   `json:"registration_endpoint"`
	RevocationEP                  string   `json:"revocation_endpoint"`
	ScopesSupported               []string `json:"scopes_supported"`
	ResponseTypesSupported        []string `json:"response_types_supported"`
	CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
	ResponseModesSupported        []string `json:"response_modes_supported"`
	SubjectTypesSupported         []string `json:"subject_types_supported"`
	IDTokenSigningAlgValues       []string `json:"id_token_signing_alg_values_supported"`
	TokenEndpointAuthMethods      []string `json:"token_endpoint_auth_methods_supported"`
	ClaimsSupported               []string `json:"claims_supported"`
	RequestURIParameterSupported  bool     `json:"request_uri_parameter_supported"`
}

type Option 

type Option func(*Quarterdeck) error

func WithClient 

func WithClient(client *http.Client) Option

func WithIssuer 

func WithIssuer(issuer string) Option

func WithLoginURL added in v1.2.1 

func WithLoginURL(loginURL url.URL) Option

func WithSigningMethods 

func WithSigningMethods(methods []string) Option

type Quarterdeck 

type Quarterdeck struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Quarterdeck implements the Authenticator and Reauthenticator interface for the Authenticate middleware. It uses the JWKS endpoint exposed by Quarterdeck to verify access tokens and extract claims and the Quarterdeck API to reauthenticate valid refresh tokens.

func New 

func New(configURL, audience string, opts ...Option) (qd *Quarterdeck, err error)

func (*Quarterdeck) Config 

func (s *Quarterdeck) Config(ctx context.Context) (out *OpenIDConfiguration, err error)

Returns the OpenID configuration by performing a GET request to Quarterdeck.

func (*Quarterdeck) Do 

func (s *Quarterdeck) Do(req *http.Request, data interface{}) (rep *http.Response, err error)

func (*Quarterdeck) Expires 

func (s *Quarterdeck) Expires(url string) (expires time.Time, ok bool)

func (*Quarterdeck) GetKey 

func (s *Quarterdeck) GetKey(token *jwt.Token) (key interface{}, err error)

func (*Quarterdeck) JWKS 

func (s *Quarterdeck) JWKS(ctx context.Context) (out *jose.JSONWebKeySet, err error)

Returns the JWKS (JSON Web Key Set) by performing a GET request to Quarterdeck.

func (*Quarterdeck) NewRequest 

func (s *Quarterdeck) NewRequest(ctx context.Context, url string) (req *http.Request, err error)

func (*Quarterdeck) NotAuthorized added in v1.2.1 

func (s *Quarterdeck) NotAuthorized(c *gin.Context) error

Implements the Unauthenticator interface to redirect to the login URL when authentication fails.

func (*Quarterdeck) Run 

func (s *Quarterdeck) Run()

func (*Quarterdeck) Sync 

func (s *Quarterdeck) Sync() (err error)

Synchronizes the JWKS and OpenID configuration from Quarterdeck, respecting the cache-control headers and ETag for caching purposes.

func (*Quarterdeck) Verify 

func (s *Quarterdeck) Verify(accessToken string) (claims *auth.Claims, err error)

Implements the Authenticator interface to verify access tokens with the JWKS keys fetched from the Quarterdeck server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.