core/go-api
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
go-api/authentik.go
Snider 6cd3b7e7e0 feat(authentik): add AuthentikUser and AuthentikConfig types 
Introduce core types for the Authentik forward-auth integration:
- AuthentikConfig with Issuer, ClientID, TrustedProxy, PublicPaths
- AuthentikUser with Username, Email, Name, UID, Groups, Entitlements, JWT
- HasGroup helper for group membership checks

Co-Authored-By: Virgil <virgil@lethean.io>
2026-02-20 16:36:38 +00:00

42 lines
1.3 KiB
Go
Raw Blame History

// SPDX-License-Identifier: EUPL-1.2
package api
// AuthentikConfig holds settings for the Authentik forward-auth integration.
type AuthentikConfig struct {
// Issuer is the OIDC issuer URL (e.g. https://auth.example.com/application/o/my-app/).
Issuer string
// ClientID is the OAuth2 client identifier.
ClientID string
// TrustedProxy enables reading X-authentik-* headers set by a reverse proxy.
// When false, headers are ignored to prevent spoofing from untrusted sources.
TrustedProxy bool
// PublicPaths lists additional paths that do not require authentication.
// /health and /swagger are always public.
PublicPaths []string
}
// AuthentikUser represents an authenticated user extracted from Authentik
// forward-auth headers or a validated JWT.
type AuthentikUser struct {
Username string `json:"username"`
Email string `json:"email"`
Name string `json:"name"`
UID string `json:"uid"`
Groups []string `json:"groups,omitempty"`
Entitlements []string `json:"entitlements,omitempty"`
JWT string `json:"-"`
}
// HasGroup reports whether the user belongs to the named group.
func (u *AuthentikUser) HasGroup(group string) bool {
for _, g := range u.Groups {
if g == group {
return true
}
}
return false
}
Reference in a new issue View git blame Copy permalink