DecryptToken receives base64 encoded ciphertext, decode it, decrypt it (AES-GCM) and produces []byte.

GetCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled if the authentication succeed *credentials.Login object is returned and we continue with the normal STSAssumeRole flow.

GetTokenFromRequest returns a token from a http Request either defined on a cookie `token` or on Authorization header.

IsSessionTokenValid returns true or false depending upon the provided session if the token is valid or not.

NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first encrypts the claims and the sign them.

ParseClaimsFromToken receive token claims in string format, then unmarshal them to produce a *TokenClaims object.

SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature if the session token claims are valid we proceed to decrypt the information inside returns claims after validation in the following format: type TokenClaims struct { STSAccessKeyID STSSecretAccessKey STSSessionToken AccountAccessKey }.

Session token errors.

Session token errors.

Session token errors.

Interface implementation Define the structure of a IdentityProvider with Client inside and define the functions that are used during the authentication flow.

SessionFeatures represents features stored in the session.

STSClaims claims struct for STS Token.

TokenClaims claims struct for decrypted credentials.

IdentityProviderI interface with all functions to be implemented by mock when testing, it should include all IdentityProvider respective api calls that are used within this project.