idpsession

package
v0.0.0-...-1fb332c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2026 License: Apache-2.0 Imports: 28 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(StoreRedis), "*"),
	wire.Bind(new(Store), new(*StoreRedis)),

	wire.Value(Rand(corerand.SecureRand)),
	wire.Struct(new(Provider), "*"),
	wire.Struct(new(Resolver), "*"),
	wire.Struct(new(Manager), "*"),
	wire.Bind(new(resolverProvider), new(*Provider)),
)
View Source 
var ErrSessionNotFound = errors.New("session is not found")
View Source 
var StoreRedisLogger = slogutil.NewLogger("redis-session-store")

Functions

func E2EEncodeToken 

func E2EEncodeToken(idpSessionID string, token string) string

Only for e2e use. Do not use it in other packages.

func E2EHashToken 

func E2EHashToken(token string) string

Only for e2e use. Do not use it in other packages.

Types

type AccessEventProvider 

type AccessEventProvider interface {
	InitStream(ctx context.Context, sessionID string, expiry time.Time, event *access.Event) error
	RecordAccess(ctx context.Context, sessionID string, expiry time.Time, event *access.Event) error
}

type CookieManager 

type CookieManager interface {
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type IDPSession 

type IDPSession struct {
	ID    string `json:"id"`
	AppID string `json:"app_id"`

	// CreatedAt is the timestamp that the user was initially authenticated at.
	CreatedAt time.Time `json:"created_at"`
	// Authenticated is the timestamp that the user was authenticated at.
	// It is equal to CreatedAt if the user has not reauthenticated at all.
	AuthenticatedAt time.Time     `json:"authenticated_at"`
	Attrs           session.Attrs `json:"attrs"`

	AccessInfo access.Info `json:"access_info"`

	TokenHash string `json:"token_hash"`

	ParticipatedSAMLServiceProviderIDs []string `json:"participated_saml_service_provider_ids,omitempty"`

	// ExpireAtForResolvedSession is a transient field that tells when the session will exire at, computed now.
	// Note that ExpireAtForResolvedSession will keep changing if idle timeout is enabled.
	// This is NOT supposed to be stored, hence it is json-ignored.
	ExpireAtForResolvedSession time.Time `json:"-"`
}

func (*IDPSession) CreateNewAuthenticationInfoByThisSession 

func (s *IDPSession) CreateNewAuthenticationInfoByThisSession() authenticationinfo.T

func (*IDPSession) EqualSession 

func (s *IDPSession) EqualSession(ss session.SessionBase) bool

func (*IDPSession) GetAccessInfo 

func (s *IDPSession) GetAccessInfo() *access.Info

func (*IDPSession) GetAuthenticatedAt 

func (s *IDPSession) GetAuthenticatedAt() time.Time

func (*IDPSession) GetAuthenticationInfo 

func (s *IDPSession) GetAuthenticationInfo() authenticationinfo.T

func (*IDPSession) GetClientID 

func (s *IDPSession) GetClientID() string

func (*IDPSession) GetCreatedAt 

func (s *IDPSession) GetCreatedAt() time.Time

func (*IDPSession) GetDeviceInfo 

func (s *IDPSession) GetDeviceInfo() (map[string]interface{}, bool)

func (*IDPSession) GetExpireAt 

func (s *IDPSession) GetExpireAt() time.Time

func (*IDPSession) GetOIDCAMR 

func (s *IDPSession) GetOIDCAMR() ([]string, bool)

func (*IDPSession) GetParticipatedSAMLServiceProviderIDsSet 

func (s *IDPSession) GetParticipatedSAMLServiceProviderIDsSet() setutil.Set[string]

func (*IDPSession) GetUserID 

func (s *IDPSession) GetUserID() string

func (*IDPSession) IsSameSSOGroup 

func (s *IDPSession) IsSameSSOGroup(ss session.SessionBase) bool

IsSameSSOGroup returns true when the session argument - is the same idp session - is sso enabled offline grant that in the same sso group

func (*IDPSession) ListableSession 

func (s *IDPSession) ListableSession()

func (*IDPSession) SSOGroupIDPSessionID 

func (s *IDPSession) SSOGroupIDPSessionID() string

func (*IDPSession) Session 

func (s *IDPSession) Session()

func (*IDPSession) SessionID 

func (s *IDPSession) SessionID() string

func (*IDPSession) SessionType 

func (s *IDPSession) SessionType() session.Type

func (*IDPSession) ToAPIModel 

func (s *IDPSession) ToAPIModel() *model.Session

type Manager 

type Manager struct {
	Store     Store
	Config    *config.SessionConfig
	Cookies   CookieManager
	CookieDef session.CookieDef
}

func (*Manager) CleanUpForDeletingUserID 

func (m *Manager) CleanUpForDeletingUserID(ctx context.Context, userID string) error

func (*Manager) ClearCookie 

func (m *Manager) ClearCookie() []*http.Cookie

func (*Manager) Delete 

func (m *Manager) Delete(ctx context.Context, session session.ListableSession) error

func (*Manager) Get 

func (m *Manager) Get(ctx context.Context, id string) (session.ListableSession, error)

func (*Manager) List 

func (m *Manager) List(ctx context.Context, userID string) ([]session.ListableSession, error)

func (*Manager) TerminateAllExcept 

func (m *Manager) TerminateAllExcept(ctx context.Context, userID string, currentSession session.ResolvedSession) ([]session.ListableSession, error)

type Provider 

type Provider struct {
	RemoteIP        httputil.RemoteIP
	UserAgentString httputil.UserAgentString
	AppID           config.AppID
	Redis           *appredis.Handle
	Store           Store
	AccessEvents    AccessEventProvider
	MeterService    ProviderMeterService
	TrustProxy      config.TrustProxy
	Config          *config.SessionConfig
	Clock           clock.Clock
	Random          Rand
}

func (*Provider) AccessWithID 

func (p *Provider) AccessWithID(ctx context.Context, id string, accessEvent access.Event) (*IDPSession, error)

func (*Provider) AccessWithToken 

func (p *Provider) AccessWithToken(ctx context.Context, token string, accessEvent access.Event) (*IDPSession, error)

func (*Provider) AddSAMLServiceProviderParticipant 

func (p *Provider) AddSAMLServiceProviderParticipant(ctx context.Context, session *IDPSession, serviceProviderID string) (*IDPSession, error)

func (*Provider) CheckSessionExpired 

func (p *Provider) CheckSessionExpired(session *IDPSession) (expired bool)

func (*Provider) Create 

func (p *Provider) Create(ctx context.Context, session *IDPSession) error

func (*Provider) Get 

func (p *Provider) Get(ctx context.Context, id string) (*IDPSession, error)

func (*Provider) GetByToken 

func (p *Provider) GetByToken(ctx context.Context, token string) (*IDPSession, error)

func (*Provider) MakeSession 

func (p *Provider) MakeSession(attrs *session.Attrs) (*IDPSession, string)

func (*Provider) Reauthenticate 

func (p *Provider) Reauthenticate(ctx context.Context, id string, amr []string) (err error)

type ProviderMeterService 

type ProviderMeterService interface {
	TrackActiveUser(ctx context.Context, userID string) error
}

type Rand 

type Rand *rand.Rand

type Resolver 

type Resolver struct {
	Cookies         ResolverCookieManager
	CookieDef       session.CookieDef
	Provider        resolverProvider
	RemoteIP        httputil.RemoteIP
	UserAgentString httputil.UserAgentString
	TrustProxy      config.TrustProxy
	Clock           clock.Clock
}

func (*Resolver) Resolve 

func (re *Resolver) Resolve(ctx context.Context, rw http.ResponseWriter, r *http.Request) (session.ResolvedSession, error)

type ResolverCookieManager 

type ResolverCookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
}

type Store 

type Store interface {
	// Create creates a session in the Store. It must not allow overwriting existing sessions.
	Create(ctx context.Context, s *IDPSession, expireAt time.Time) error
	// Update updates a session in the Store. It must return `ErrSessionNotFound` when the session does not exist.
	Update(ctx context.Context, s *IDPSession, expireAt time.Time) error
	// Get returns the session with id in the Store. It must return `ErrSessionNotFound` when the session does not exist.
	Get(ctx context.Context, id string) (*IDPSession, error)
	// Delete deletes the session with id in the Store. It must treat deleting non-existent session as successful.
	Delete(ctx context.Context, s *IDPSession) error
	// List lists the sessions belonging to the user, in ascending creation time order
	List(ctx context.Context, userID string) ([]*IDPSession, error)
	// CleanUpForDeletingUserID cleans up for a deleting user ID.
	CleanUpForDeletingUserID(ctx context.Context, userID string) error
}

Store represents the backing store for IdP sessions. Note that the returned sessions may not be valid (e.g. can be expired)

type StoreRedis 

type StoreRedis struct {
	Redis *appredis.Handle
	AppID config.AppID
	Clock clock.Clock
}

func (*StoreRedis) CleanUpForDeletingUserID 

func (s *StoreRedis) CleanUpForDeletingUserID(ctx context.Context, userID string) (err error)

func (*StoreRedis) Create 

func (s *StoreRedis) Create(ctx context.Context, sess *IDPSession, expireAt time.Time) (err error)

func (*StoreRedis) Delete 

func (s *StoreRedis) Delete(ctx context.Context, session *IDPSession) (err error)

func (*StoreRedis) Get 

func (s *StoreRedis) Get(ctx context.Context, id string) (*IDPSession, error)

func (*StoreRedis) List 

func (s *StoreRedis) List(ctx context.Context, userID string) (sessions []*IDPSession, err error)

func (*StoreRedis) Unmarshal 

func (s *StoreRedis) Unmarshal(data []byte) (*IDPSession, error)

func (*StoreRedis) Update 

func (s *StoreRedis) Update(ctx context.Context, sess *IDPSession, expireAt time.Time) (err error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.