AuthenticationHeaderMatcher is a GRPC header matcher function, which provides a conversion from GRPC headers to HTTP headers.

ContextWithHTTPAuthInfo embeds the HTTP authentication details into a go context.

CreateAggregatedSessionCookieValue is used for multi-tenant login.

CreateAuthSecret creates a secret, hash pair to populate a session auth token.

CreateEmptySessionCookieWithImmediateExpiry constructs an HTTP cookie that clears the session cookie by setting an empty cookie with the same name and an expiry at the Unix epoch.

CreateEmptyTenantSelectCookieWithImmediateExpiry constructs an HTTP cookie that clears the tenant cookie by setting an empty cookie with the same name and an expiry at the Unix epoch.

CreateOIDCCookie constructs a cookie to hold the OIDC secret that's used to validate requests between `/login` and `/callback` requests.

CreateSessionCookie constructs an HTTP cookie that holds a DB Console session.

CreateTenantSelectCookie constructs an HTTP cookie that holds a DB Console tenant selection.

EncodeSessionCookie encodes a SessionCookie proto into an http.Cookie.

FindAndDecodeSessionCookie looks for multitenant-session and session cookies in the cookies slice.

FindSessionCookieValueForTenant finds the encoded session in the provided aggregated session cookie value established in multi-tenant clusters that's associated with the provided tenant name.

ForwardHTTPAuthInfoToRPCCalls converts an HTTP API (v1 or v2) context, to one that can issue outgoing RPC requests under the same logged-in user.

ForwardSQLIdentityThroughRPCCalls forwards the SQL identity of the original request (as populated by translateHTTPAuthInfoToGRPCMetadata in grpc-gateway) so it remains available to the remote node handling the request.

MakeSessionCookieValue creates a SessionCookieValue from the provided tenant name and set-cookie value.

MaybeUserFromHTTPAuthInfoContext is like userFromHTTPAuthInfoContext but it returns a boolean false if there is no user in the context.

NewRoleAuthzMux creates a new RoleAuthzMux.

NewV2Mux creates a new AuthV2Mux for the given ServerV2.

NewV2Server creates a new ServerV2 for the given outer Server, and base path.

TranslateHTTPAuthInfoToGRPCMetadata translates the context.Value that results from HTTP authentication into gRPC metadata suitable for use by RPC API handlers.

UserFromHTTPAuthInfoContext returns a SQL username from the request context of a HTTP route requiring login.

UserFromIncomingRPCContext is to be used in RPC API handlers.

APIV2UseCookieBasedAuth is a magic value of the auth header that tells us to look for the session in the cookie.

AuthorizationHeader is the 'Authorization' header in the HTTP request.

DemoLoginPath is the demo shell auto-login URL.

LoginPath is the URL path to the login handler.

LogoutPath is the URL path to the logout handler.

RegularRole is the default role for an APIv2 endpoint.

SessionCookieName is the name of the cookie used for HTTP auth.

TenantSelectCookieName is the name of the HTTP cookie used to select a particular tenant, if the custom header is not specified.

UsernameHeader is the HTTP request header to hold the SQL username.

ViewClusterMetadataRole is the role for an APIv2 endpoint that requires VIEWCLUSTERMETADATA privileges.

ConfigureOIDC is a hook for the `oidcccl` library to add OIDC login support.

WebSessionTimeout is the cluster setting for web session TTL.

SessionCookieValue defines the data needed to construct the aggregate session cookie in the order provided.

OIDC is an interface that an OIDC-based authentication module should implement to integrate with the rest of the node's functionality.

APIRole is an enum representing the authorization level needed for an APIv2 endpoint.