Documentation
¶
Overview ¶
Package appauth contains a helper to add basic OIDC authentication to a single-page application with API
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth contains the parts required for authentication and authorization against an OIDC server
func (*Auth) RequireAuth ¶
RequireAuth shields the given next Handler with the given auth requirements. The identified user is available through UserFromContext from the request context in the next Handler
func (*Auth) ServePopup ¶
func (a *Auth) ServePopup(w http.ResponseWriter, r *http.Request)
ServePopup is a mountable HTTP HandleFunc which initiates the redirect to the OIDC server and on return to the same URL exchanges the code for the token, then passes the token back to the requesting Javascript through the window.opener.PostMessage function.
type Config ¶
type Config struct {
IssuerURL string
// Popup client
ClientID string
ClientSecret string
PopupRedirectURL string // MUST be the same route you mount the handler on
Scopes []string // e.g. []string{oidc.ScopeOpenID, "profile", "email"}
// Who may receive tokens via postMessage (strict allowlist)
AllowedPostMessageOrigins []string
Logger Logger // optional
Cache cache.Cache // optional
}
Config holds the configuration for the Auth adapter
type Logger ¶
Logger defines what a log-provider must implement in order to be usable for this library
type User ¶
type User struct {
Sub string `json:"sub,omitempty"`
Email string `json:"email,omitempty"`
Name string `json:"name,omitempty"`
Groups []string `json:"groups,omitempty"`
Roles []string `json:"roles,omitempty"` // merged realm+client roles (best effort)
Raw map[string]any `json:"raw,omitempty"`
}
User holds information about a user after successful authentication
Source Files
Directories