Documentation
¶
Index ¶
- type AuthResponse
- type AuthorizationRule
- type ClaimRule
- type Config
- type Connector
- type Plugin
- func (p *Plugin) Doc() string
- func (p *Plugin) Enrich(swag *huma.OpenAPI) *huma.OpenAPI
- func (p *Plugin) HandleAuthorize(w http.ResponseWriter, r *http.Request)
- func (p *Plugin) HandleCallback(w http.ResponseWriter, r *http.Request)
- func (p *Plugin) RegisterRoutes(mux *http.ServeMux)
- func (p *Plugin) Wrap(connector connectors.Connector) (connectors.Connector, error)
- type PluginBundle
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthResponse ¶
type AuthorizationRule ¶
type AuthorizationRule struct { // Methods defines the list of methods to which the rule applies Methods []string `yaml:"methods"` // AllowPublic allows public access without a token AllowPublic bool `yaml:"allow_public"` // RequireAllClaims determines if all ClaimRules must be true (AND) // If false, one true rule is sufficient (OR) RequireAllClaims bool `yaml:"require_all_claims"` // ClaimRules list of claim validation rules ClaimRules []ClaimRule `yaml:"claim_rules"` }
AuthorizationRule defines an authorization rule for a method or group of methods
type ClaimRule ¶
type ClaimRule struct { // Claim defines the path to the value in JWT or user data (e.g., "email", "groups[0]", "org.name") Claim string `yaml:"claim"` // Operation defines the comparison operation ("eq", "ne", "contains", "regex", "exists") Operation string `yaml:"operation"` // Value is the expected value for comparison Value string `yaml:"value"` }
ClaimRule represents a rule for checking a claim value
type Config ¶
type Config struct { // Provider specifies the OAuth provider ("google", "github", "auth0", "keycloak", "okta") Provider string `yaml:"provider"` // ProviderAuthURL specifies oauth2.Endpoint AuthURL if Provider is unknown ProviderAuthURL string `yaml:"provider_auth_url"` // ProviderTokenURL specifies oauth2.Endpoint TokenURL if Provider is unknown ProviderTokenURL string `yaml:"provider_token_url"` // ClientID is the OAuth Client ID ClientID string `yaml:"client_id"` // ClientSecret is the OAuth Client Secret ClientSecret string `yaml:"client_secret"` // RedirectURL for OAuth flow RedirectURL string `yaml:"redirect_url"` // Scopes defines required access scopes Scopes []string `yaml:"scopes"` // TokenHeader defines the header name for the token (default: "Authorization") TokenHeader string `yaml:"token_header"` // AuthURL is the gateway's authorization endpoint path (default: "/oauth/authorize") AuthURL string `yaml:"auth_url"` // CallbackURL is the gateway's callback endpoint path (default: "/oauth/callback") CallbackURL string `yaml:"callback_url"` // UserInfoURL is the endpoint for retrieving user information (required for Auth0) UserInfoURL string `yaml:"user_info_url"` // IntrospectionURL is the token introspection endpoint (required for Keycloak and Okta) IntrospectionURL string `yaml:"introspection_url"` // AuthorizationRules defines authorization rules for methods AuthorizationRules []AuthorizationRule `yaml:"authorization_rules"` }
Config represents OAuth plugin configuration
func (Config) GetOAuthConfig ¶
GetOAuthConfig returns oauth2.Config for the specified provider
func (*Config) WithDefaults ¶
func (c *Config) WithDefaults()
WithDefaults sets default values for the config fields
type Connector ¶
type Connector struct { connectors.Connector // contains filtered or unexported fields }
type Plugin ¶
type Plugin struct {
// contains filtered or unexported fields
}
func (*Plugin) HandleAuthorize ¶
func (p *Plugin) HandleAuthorize(w http.ResponseWriter, r *http.Request)
func (*Plugin) HandleCallback ¶
func (p *Plugin) HandleCallback(w http.ResponseWriter, r *http.Request)
func (*Plugin) RegisterRoutes ¶
func (*Plugin) Wrap ¶
func (p *Plugin) Wrap(connector connectors.Connector) (connectors.Connector, error)
type PluginBundle ¶
func New ¶
func New(cfg Config) (PluginBundle, error)
Click to show internal directories.
Click to hide internal directories.