authlink

package
v2.34.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 17, 2026 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Overview

Package authlink provides analysis and repair utilities for OIDC user link records stored in the user_links table.

When an OIDC provider is changed, the issuer (and possibly subject) in the linked_id column changes. Because linked_id is composed as "issuer||subject", existing users get locked out with "Account already linked" errors. The functions in this package let an administrator inspect which links are affected and reset the mismatched ones so users can re-authenticate under the new provider.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PrintAnalysis 

func PrintAnalysis(w io.Writer, analysis OIDCLinkAnalysis, issuer string)

PrintAnalysis writes a human-readable summary of the OIDC link analysis. Used for the cli command and debugging. 

func ResetMismatchedOIDCLinks(ctx context.Context, db database.Store, expectedIssuer string) (int64, error)

ResetMismatchedOIDCLinks resets linked_id to empty for all OIDC links whose issuer prefix does not match expectedIssuer. Returns the number of rows affected.

func ResolveIssuer 

func ResolveIssuer(ctx context.Context, cli *http.Client, issuerURL string) (string, error)

ResolveIssuer uses OIDC discovery to fetch the canonical issuer string from the provider's .well-known/openid-configuration endpoint. This does not require OIDC client credentials.

This works the same as `oidc.NewProvider`. The `oidc` package does not expose a method to extract the Issuer. So we have to manually make the http request.

Types

type OIDCLinkAnalysis 

type OIDCLinkAnalysis struct {
	Total            int            // Total OIDC user links
	Unlinked         int            // linked_id == ""
	CorrectIssuer    int            // linked_id starts with expectedIssuer||
	MismatchedCounts map[string]int // issuer -> count for non-matching issuers
}

OIDCLinkAnalysis contains the results of analyzing OIDC user links grouped by their issuer prefix. 

func AnalyzeOIDCLinks(ctx context.Context, db database.Store, expectedIssuer string) (OIDCLinkAnalysis, error)

AnalyzeOIDCLinks queries OIDC user links grouped by issuer prefix and categorizes them relative to expectedIssuer.

func (OIDCLinkAnalysis) MismatchedTotal 

func (a OIDCLinkAnalysis) MismatchedTotal() int

MismatchedTotal returns the total number of links with a non-matching issuer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.