AuthoritiesToTrustedCerts serializes authorities to TrustedCerts data structure.

ClientCertPool returns trusted x509 certificate authority pool with CAs provided as caType.

ClientParamIdleConnTimeout sets idle connection header timeout of the HTTP transport used by the client.

ClientParamResponseHeaderTimeout sets response header timeout of the HTTP transport used by the client.

ClientParamRequestTimeout sets request timeout of the HTTP transport used by the client.

Connect creates a valid client connection to the auth service.

DefaultClientCertPool returns default trusted x509 certificate authority pool.

HostFQDN consists of host UUID and cluster name joined via '.'.

IsInvalidLocalCredentialError checks if an error resulted from an incorrect username, password, or second factor.

NewClient creates a new API client with a connection to a Teleport server.

NewHTTPClient creates a new HTTP client with TLS authentication and the given dialer.

UserAttestationStatements is a helper for the transition from clients sending a single attestation statement for both SSH and TLS, to separate public keys and attestation statements for each protocol.

UserPublicKeys is a helper for the transition from clients sending a single public key for both SSH and TLS, to separate public keys for each protocol.

WithClusterCAs returns a TLS hello callback that returns a copy of the provided TLS config with client CAs pool of the specified cluster.

CurrentVersion is a current API version.

MissingNamespaceError indicates that the client failed to provide the namespace in the request.

UserTokenTypePrivilege describes a token type that grants access to a privileged action that requires users to re-authenticate with their second factor while looged in.

UserTokenTypePrivilegeException describes a token type that allowed a user to bypass second factor re-authentication which in other cases would be required eg: allowing user to add a mfa device if they don't have any registered.

UserTokenTypeRecoveryApproved describes a recovery token issued to users who successfully verified their second auth credential (either password or a second factor) and can now start changing their password or add a new second factor device.

UserTokenTypeRecoveryStart describes a recovery token issued to users who successfully verified their recovery code.

UserTokenTypeResetPassword is a token type used for the UI flow where user re-sets their password and second factor (if enabled).

UserTokenTypeResetPasswordInvite is a token type used for the UI invite flow that allows users to change their password and set second factor (if enabled).

ErrNoMFADevices is returned when an MFA ceremony is performed without possible devices to complete the challenge with.

InvalidUserPass2FError is the error for when either the provided username, password, or second factor is incorrect.

InvalidUserPassError is the error for when either the provided username or password is incorrect.

AuthenticateSSHRequest is a request to authenticate SSH client user via CLI.

AuthenticateUserRequest is a request to authenticate interactive user.

CATypeInfo indicates whether the CA is a host or user CA, or both.

Client is the Auth API client.

Config holds configuration parameters for connecting to the auth service.

CreateUserTokenRequest is a request to create a new user token.

ForwardedClientMetadata can be used by the proxy web API to forward information about the client to the auth service.

GithubAuthRequest is an Github auth request that supports standard json marshaling.

GithubAuthResponse represents Github auth callback validation response.

HTTPClient is a teleport HTTP API client.

HTTPClientConfig contains configuration for an HTTP client.

KubeCSR is a kubernetes CSR request.

KubeCSRResponse is a response to kubernetes CSR request.

OIDCAuthRawResponse is returned when auth server validated callback parameters returned from OIDC provider.

OIDCAuthRequest is an OIDC auth request that supports standard json marshaling.

OIDCAuthResponse is returned when auth server validated callback parameters returned from OIDC provider.

OTPCreds is a two-factor authentication credentials.

PassCreds is a password credential.

SAMLAuthRawResponse is returned when auth server validated callback parameters returned from SAML provider.

SAMLAuthRequest is a SAML auth request that supports standard json marshaling.

SAMLAuthResponse is returned when auth server validated callback parameters returned from SAML identity provider.

SessionCreds is a web session credentials.

SSHLoginResponse is a response returned by web proxy, it preserves backwards compatibility on the wire, which is the primary reason for non-matching json tags.

TrustedCerts contains host certificates, it preserves backwards compatibility on the wire, which is the primary reason for non-matching json tags.

ValidateOIDCAuthCallbackReq is the request made by the proxy to validate and activate a login via OIDC.

ValidateSAMLResponseReq is the request made by the proxy to validate and activate a login via SAML.

AccessCache is a subset of the interface working on the certificate authorities.

Announcer specifies interface responsible for announcing presence.

AppsAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentApp.

Cache is a subset of the auth interface handling access to the discovery API and static tokens.

CAGetter is an interface for retrieving certificate authorities.

ClientI is a client to Auth service.

DatabaseAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentDatabase.

DiscoveryAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentDiscovery.

ExpiryAccessPoint is the API used by the expiry service.

IdentityService manages identities and users.

KubernetesAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentKube.

NodeAccessPoint is an API interface implemented by a certificate authority (CA) to be used by teleport.ComponentNode.

OktaAccessPoint is a read caching interface used by an Okta component.

ProvisioningService is a service in control of adding new nodes, auth servers and proxies to the cluster.

ProxyAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentProxy.

ReadAppsAccessPoint is a read only API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentApp.

ReadDatabaseAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentDatabase.

ReadDiscoveryAccessPoint is a read only API interface to be used by a teleport.ComponentDiscovery.

ReadKubernetesAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentKube.

ReadNodeAccessPoint is a read only API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentNode.

ReadOktaAccessPoint is a read only API interface to be used by an Okta component.

ReadProxyAccessPoint is a read only API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentProxy.

ReadRemoteProxyAccessPoint is a read only API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentProxy.

ReadWindowsDesktopAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentWindowsDesktop.

RemoteProxyAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentProxy.

SnowflakeSessionWatcher is watcher interface used by Snowflake web session watcher.

WebService implements features used by Web UI clients.

WindowsDesktopAccessPoint is an API interface implemented by a certificate authority (CA) to be used by a teleport.ComponentWindowsDesktop.

APIClient is aliased here so that it can be embedded in Client.

HostAndUserCAInfo is a map of CA raw subjects and type info for Host and User CAs.

NewRemoteProxyCachingAccessPoint returns new caching access point using access point policy.