This repository has been archived by the owner on Oct 9, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 63
/
context.go
69 lines (56 loc) · 2.14 KB
/
context.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package interfaces
import (
"context"
"net/http"
"net/url"
"time"
"github.com/flyteorg/flyteidl/gen/pb-go/flyteidl/service"
"k8s.io/apimachinery/pkg/util/sets"
"github.com/lestrrat-go/jwx/jwk"
"github.com/ory/fosite"
fositeOAuth2 "github.com/ory/fosite/handler/oauth2"
"github.com/coreos/go-oidc"
"github.com/flyteorg/flyteadmin/auth/config"
"golang.org/x/oauth2"
)
//go:generate mockery -all -case=underscore
type HandlerRegisterer interface {
HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
}
// OAuth2Provider represents an OAuth2 Provider that can be used to issue OAuth2 tokens.
type OAuth2Provider interface {
fosite.OAuth2Provider
OAuth2ResourceServer
NewJWTSessionToken(subject, appID, issuer, audience string, userInfoClaims *service.UserInfoResponse) *fositeOAuth2.JWTSession
KeySet() jwk.Set
}
// OAuth2ResourceServer represents a resource server that can be accessed through an access token.
type OAuth2ResourceServer interface {
ValidateAccessToken(ctx context.Context, expectedAudience, tokenStr string) (IdentityContext, error)
}
// AuthenticationContext is a convenience wrapper object that holds all the utilities necessary to run Flyte Admin behind authentication
// It is constructed at the root server layer, and passed around to the various auth handlers and utility functions/objects.
type AuthenticationContext interface {
OAuth2Provider() OAuth2Provider
OAuth2ResourceServer() OAuth2ResourceServer
OAuth2ClientConfig(requestURL *url.URL) *oauth2.Config
OidcProvider() *oidc.Provider
CookieManager() CookieHandler
Options() *config.Config
GetOAuth2MetadataURL() *url.URL
GetOIdCMetadataURL() *url.URL
GetHTTPClient() *http.Client
AuthMetadataService() service.AuthMetadataServiceServer
IdentityService() service.IdentityServiceServer
}
// IdentityContext represents the authenticated identity and can be used to abstract the way the user/app authenticated
// to the platform.
type IdentityContext interface {
UserID() string
AppID() string
UserInfo() *service.UserInfoResponse
AuthenticatedAt() time.Time
Scopes() sets.String
IsEmpty() bool
WithContext(ctx context.Context) context.Context
}