oidcauthenticate

package
v9.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Authenticate OpenID Connect.

Exchange an OpenID Connect authentication response message for an Elasticsearch internal access token and refresh token that can be subsequently used for authentication.

Elasticsearch exposes all the necessary OpenID Connect related functionality with the OpenID Connect APIs. These APIs are used internally by Kibana in order to provide OpenID Connect based authentication, but can also be used by other, custom web applications or other clients.

Index

Constants

This section is empty.

Variables

View Source 
var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")

ErrBuildPath is returned in case of missing parameters within the build of the request.

Functions

This section is empty.

Types

type NewOidcAuthenticate 

type NewOidcAuthenticate func() *OidcAuthenticate

NewOidcAuthenticate type alias for index.

func NewOidcAuthenticateFunc 

func NewOidcAuthenticateFunc(tp elastictransport.Interface) NewOidcAuthenticate

NewOidcAuthenticateFunc returns a new instance of OidcAuthenticate with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.

type OidcAuthenticate 

type OidcAuthenticate struct {
	// contains filtered or unexported fields
}

func New 

func New(tp elastictransport.Interface) *OidcAuthenticate

Authenticate OpenID Connect.

Exchange an OpenID Connect authentication response message for an Elasticsearch internal access token and refresh token that can be subsequently used for authentication.

Elasticsearch exposes all the necessary OpenID Connect related functionality with the OpenID Connect APIs. These APIs are used internally by Kibana in order to provide OpenID Connect based authentication, but can also be used by other, custom web applications or other clients.

https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-security-oidc-authenticate

func (OidcAuthenticate) Do 

func (r OidcAuthenticate) Do(providedCtx context.Context) (*Response, error)

Do runs the request through the transport, handle the response and returns a oidcauthenticate.Response

func (*OidcAuthenticate) ErrorTrace 

func (r *OidcAuthenticate) ErrorTrace(errortrace bool) *OidcAuthenticate

ErrorTrace When set to `true` Elasticsearch will include the full stack trace of errors when they occur. API name: error_trace

func (*OidcAuthenticate) FilterPath 

func (r *OidcAuthenticate) FilterPath(filterpaths ...string) *OidcAuthenticate

FilterPath Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch. API name: filter_path

func (*OidcAuthenticate) Header 

func (r *OidcAuthenticate) Header(key, value string) *OidcAuthenticate

Header set a key, value pair in the OidcAuthenticate headers map.

func (*OidcAuthenticate) HttpRequest 

func (r *OidcAuthenticate) HttpRequest(ctx context.Context) (*http.Request, error)

HttpRequest returns the http.Request object built from the given parameters.

func (*OidcAuthenticate) Human 

func (r *OidcAuthenticate) Human(human bool) *OidcAuthenticate

Human When set to `true` will return statistics in a format suitable for humans. For example `"exists_time": "1h"` for humans and `"eixsts_time_in_millis": 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines. API name: human

func (*OidcAuthenticate) Nonce 

func (r *OidcAuthenticate) Nonce(nonce string) *OidcAuthenticate

Associate a client session with an ID token and mitigate replay attacks. This value needs to be the same as the one that was provided to the `/_security/oidc/prepare` API or the one that was generated by Elasticsearch and included in the response to that call. API name: nonce

func (OidcAuthenticate) Perform 

func (r OidcAuthenticate) Perform(providedCtx context.Context) (*http.Response, error)

Perform runs the http.Request through the provided transport and returns an http.Response.

func (*OidcAuthenticate) Pretty 

func (r *OidcAuthenticate) Pretty(pretty bool) *OidcAuthenticate

Pretty If set to `true` the returned JSON will be "pretty-formatted". Only use this option for debugging only. API name: pretty

func (*OidcAuthenticate) Raw 

func (r *OidcAuthenticate) Raw(raw io.Reader) *OidcAuthenticate

Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.

func (*OidcAuthenticate) Realm 

func (r *OidcAuthenticate) Realm(realm string) *OidcAuthenticate

The name of the OpenID Connect realm. This property is useful in cases where multiple realms are defined. API name: realm

func (*OidcAuthenticate) RedirectUri 

func (r *OidcAuthenticate) RedirectUri(redirecturi string) *OidcAuthenticate

The URL to which the OpenID Connect Provider redirected the User Agent in response to an authentication request after a successful authentication. This URL must be provided as-is (URL encoded), taken from the body of the response or as the value of a location header in the response from the OpenID Connect Provider. API name: redirect_uri

func (*OidcAuthenticate) Request 

func (r *OidcAuthenticate) Request(req *Request) *OidcAuthenticate

Request allows to set the request property with the appropriate payload.

func (*OidcAuthenticate) State 

func (r *OidcAuthenticate) State(state string) *OidcAuthenticate

Maintain state between the authentication request and the response. This value needs to be the same as the one that was provided to the `/_security/oidc/prepare` API or the one that was generated by Elasticsearch and included in the response to that call. API name: state

type Request 

type Request struct {

	// Nonce Associate a client session with an ID token and mitigate replay attacks.
	// This value needs to be the same as the one that was provided to the
	// `/_security/oidc/prepare` API or the one that was generated by Elasticsearch
	// and included in the response to that call.
	Nonce string `json:"nonce"`
	// Realm The name of the OpenID Connect realm.
	// This property is useful in cases where multiple realms are defined.
	Realm *string `json:"realm,omitempty"`
	// RedirectUri The URL to which the OpenID Connect Provider redirected the User Agent in
	// response to an authentication request after a successful authentication.
	// This URL must be provided as-is (URL encoded), taken from the body of the
	// response or as the value of a location header in the response from the OpenID
	// Connect Provider.
	RedirectUri string `json:"redirect_uri"`
	// State Maintain state between the authentication request and the response.
	// This value needs to be the same as the one that was provided to the
	// `/_security/oidc/prepare` API or the one that was generated by Elasticsearch
	// and included in the response to that call.
	State string `json:"state"`
}

Request holds the request body struct for the package oidcauthenticate

https://github.com/elastic/elasticsearch-specification/blob/52c473efb1fb5320a5bac12572d0b285882862fb/specification/security/oidc_authenticate/Request.ts#L22-L61

func NewRequest 

func NewRequest() *Request

NewRequest returns a Request

func (*Request) FromJSON 

func (r *Request) FromJSON(data string) (*Request, error)

FromJSON allows to load an arbitrary json into the request structure

type Response 

type Response struct {

	// AccessToken The Elasticsearch access token.
	AccessToken string `json:"access_token"`
	// ExpiresIn The duration (in seconds) of the tokens.
	ExpiresIn int `json:"expires_in"`
	// RefreshToken The Elasticsearch refresh token.
	RefreshToken string `json:"refresh_token"`
	// Type The type of token.
	Type string `json:"type"`
}

Response holds the response body struct for the package oidcauthenticate

https://github.com/elastic/elasticsearch-specification/blob/52c473efb1fb5320a5bac12572d0b285882862fb/specification/security/oidc_authenticate/Response.ts#L22-L41

func NewResponse 

func NewResponse() *Response

NewResponse returns a Response

Source Files

View all Source files
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.