AllUserAuthMethods returns all the auth methods that can be configured via the auth-methods flag.

This is a function to mimic a const slice.

Groups is an option func for NewUserPrincipal that configures the groups.

ID is an option func for NewUserPrincipal that configures the groups.

InitAuthServer creates a new AuthServer and configures it for the correct authentication methods.

NewAuthServer creates a new AuthServer object.

NewAuthServerConfig creates and returns a new AuthServerConfig.

NewBearerTokenPassthroughPrincipalGetter creates a new implementation of the PrincipalGetter interface that can decode and verify OIDC Bearer tokens from a named request header.

NewJWTCookiePrincipalGetter looks for a cookie in the provided name and treats that as a JWT token that can be decoded to a Principal.

NewJWTPassthroughCookiePrincipalGetter creates and returns a new JWTPassthroughCookiePrincipalGetter.

NewOIDCConfigFromSecret takes a corev1.Secret and extracts the fields.

NewUserPrincipal creates a new Principal and applies the configuration options.

Principal gets the principal from the context.

RegisterAuthServer registers the /callback route under a specified prefix.

Token is an option func for NewUserPrincipal that sets the token.

WithAPIAuth middleware adds auth validation to API handlers.

WithPrincipal sets the principal into the context.

AccessTokenCookieName is the name of the cookie that holds the access token once the user has authenticated successfully with the OIDC Provider.

Anonymous.

AuthorizationTokenHeaderName is the name of the header that holds the bearer token used for token passthrough authentication.

ClaimGroups is the default claim for getting the groups from OIDC for auth.

ClaimUsername is the default claim for getting the user from OIDC for auth.

IDTokenCookieName is the name of the cookie that holds the ID Token once the user has authenticated successfully with the OIDC Provider.

OIDC authentication (recommended).

RefreshTokenCookieName is the name of the cookie that holds the refresh token once the user has authenticated successfully with the OIDC Provider.

ScopeEmail is the "email" scope.

ScopeGroups is the "groups" scope.

StateCookieName is the name of the cookie that holds state during auth flow.

EE CLI tokens.

User & password read from a secret.

DefaultScopes is the set of scopes that we require.

AnonymousPrincipalGetter will always succeed.

AuthParams provides the configuration for the AuthServer.

AuthServer interacts with an OIDC issuer to handle the OAuth2 process flow.

AuthServerConfig is used to configure an AuthServer.

BearerTokenPassthroughPrincipalGetter inspects the Authorization header (bearer token) and returns it within a principal object.

ClaimsConfig provides the keys to extract the details for a Principal from set of JWT claims.

JWTAuthorizationHeaderPrincipalGetter inspects the Authorization header (bearer token) for a JWT token and returns a principal object.

JWTCookiePrincipalGetter inspects a cookie for a JWT token and returns a principal object.

JWTPassthroughCookiePrincipalGetter inspects a cookie for a JWT token and returns a principal value.

LoginRequest represents the data submitted by client when the auth flow (non-OIDC) is used.

MultiAuthPrincipal looks for a principal in an array of principal getters and if it finds an error or a principal it returns, otherwise it returns (nil,nil).

OIDCConfig is used to configure an AuthServer to interact with an OIDC issuer.

SessionState represents the state that needs to be persisted between the AuthN request from the Relying Party (RP) to the authorization endpoint of the OpenID Provider (OP) and the AuthN response back from the OP to the RP's callback URL.

UserInfo represents the response returned from the user info handler.

UserPrincipal is a simple model for the user, including their ID and Groups.

PrincipalGetter implementations are responsible for extracting a named principal from an HTTP request.

SessionManager implementations provide session storage for requests.