github.com/minio/console@v1.4.1/pkg/auth/idp.go

github.com/minio/console@v1.4.1/pkg/auth/idp.go (about)

     1  // This file is part of MinIO Console Server
     2  // Copyright (c) 2021 MinIO, Inc.
     3  //
     4  // This program is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Affero General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // This program is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12  // GNU Affero General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Affero General Public License
    15  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package auth
    18  
    19  import (
    20  	"context"
    21  
    22  	"github.com/minio/console/pkg/auth/idp/oauth2"
    23  	"github.com/minio/minio-go/v7/pkg/credentials"
    24  	xoauth2 "golang.org/x/oauth2"
    25  )
    26  
    27  // IdentityProviderI interface with all functions to be implemented
    28  // by mock when testing, it should include all IdentityProvider respective api calls
    29  // that are used within this project.
    30  type IdentityProviderI interface {
    31  	VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)
    32  	VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error)
    33  	GenerateLoginURL() string
    34  }
    35  
    36  // Interface implementation
    37  //
    38  // Define the structure of a IdentityProvider with Client inside and define the functions that are used
    39  // during the authentication flow.
    40  type IdentityProvider struct {
    41  	KeyFunc oauth2.StateKeyFunc
    42  	Client  *oauth2.Provider
    43  	RoleARN string
    44  }
    45  
    46  // VerifyIdentity will verify the user identity against the idp using the authorization code flow
    47  func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error) {
    48  	return c.Client.VerifyIdentity(ctx, code, state, c.RoleARN, c.KeyFunc)
    49  }
    50  
    51  // VerifyIdentityForOperator will verify the user identity against the idp using the authorization code flow
    52  func (c IdentityProvider) VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error) {
    53  	return c.Client.VerifyIdentityForOperator(ctx, code, state, c.KeyFunc)
    54  }
    55  
    56  // GenerateLoginURL returns a new URL used by the user to login against the idp
    57  func (c IdentityProvider) GenerateLoginURL() string {
    58  	return c.Client.GenerateLoginURL(c.KeyFunc, c.Client.IDPName)
    59  }