mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
authenticate: support reloading IDP settings (#1273)
* identity: add name method to provider * authenticate: support dynamically loading the provider
This commit is contained in:
parent
332324fa2d
commit
045c10edc6
14 changed files with 146 additions and 69 deletions
|
@ -95,10 +95,6 @@ type Authenticate struct {
|
|||
// a user's session state from
|
||||
sessionLoaders []sessions.SessionLoader
|
||||
|
||||
// provider is the interface to interacting with the identity provider (IdP)
|
||||
provider identity.Authenticator
|
||||
providerName string
|
||||
|
||||
// dataBrokerClient is used to retrieve sessions
|
||||
dataBrokerClient databroker.DataBrokerServiceClient
|
||||
|
||||
|
@ -111,45 +107,46 @@ type Authenticate struct {
|
|||
|
||||
templates *template.Template
|
||||
|
||||
options *config.AtomicOptions
|
||||
options *config.AtomicOptions
|
||||
provider *identity.AtomicAuthenticator
|
||||
}
|
||||
|
||||
// New validates and creates a new authenticate service from a set of Options.
|
||||
func New(opts *config.Options) (*Authenticate, error) {
|
||||
if err := ValidateOptions(opts); err != nil {
|
||||
func New(cfg *config.Config) (*Authenticate, error) {
|
||||
if err := ValidateOptions(cfg.Options); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// shared state encoder setup
|
||||
sharedCipher, _ := cryptutil.NewAEADCipherFromBase64(opts.SharedKey)
|
||||
sharedEncoder, err := jws.NewHS256Signer([]byte(opts.SharedKey), opts.GetAuthenticateURL().Host)
|
||||
sharedCipher, _ := cryptutil.NewAEADCipherFromBase64(cfg.Options.SharedKey)
|
||||
sharedEncoder, err := jws.NewHS256Signer([]byte(cfg.Options.SharedKey), cfg.Options.GetAuthenticateURL().Host)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// private state encoder setup, used to encrypt oauth2 tokens
|
||||
decodedCookieSecret, _ := base64.StdEncoding.DecodeString(opts.CookieSecret)
|
||||
decodedCookieSecret, _ := base64.StdEncoding.DecodeString(cfg.Options.CookieSecret)
|
||||
cookieCipher, _ := cryptutil.NewAEADCipher(decodedCookieSecret)
|
||||
encryptedEncoder := ecjson.New(cookieCipher)
|
||||
|
||||
cookieOptions := &cookie.Options{
|
||||
Name: opts.CookieName,
|
||||
Domain: opts.CookieDomain,
|
||||
Secure: opts.CookieSecure,
|
||||
HTTPOnly: opts.CookieHTTPOnly,
|
||||
Expire: opts.CookieExpire,
|
||||
Name: cfg.Options.CookieName,
|
||||
Domain: cfg.Options.CookieDomain,
|
||||
Secure: cfg.Options.CookieSecure,
|
||||
HTTPOnly: cfg.Options.CookieHTTPOnly,
|
||||
Expire: cfg.Options.CookieExpire,
|
||||
}
|
||||
|
||||
dataBrokerConn, err := grpc.NewGRPCClientConn(
|
||||
&grpc.Options{
|
||||
Addr: opts.DataBrokerURL,
|
||||
OverrideCertificateName: opts.OverrideCertificateName,
|
||||
CA: opts.CA,
|
||||
CAFile: opts.CAFile,
|
||||
RequestTimeout: opts.GRPCClientTimeout,
|
||||
ClientDNSRoundRobin: opts.GRPCClientDNSRoundRobin,
|
||||
WithInsecure: opts.GRPCInsecure,
|
||||
ServiceName: opts.Services,
|
||||
Addr: cfg.Options.DataBrokerURL,
|
||||
OverrideCertificateName: cfg.Options.OverrideCertificateName,
|
||||
CA: cfg.Options.CA,
|
||||
CAFile: cfg.Options.CAFile,
|
||||
RequestTimeout: cfg.Options.GRPCClientTimeout,
|
||||
ClientDNSRoundRobin: cfg.Options.GRPCClientDNSRoundRobin,
|
||||
WithInsecure: cfg.Options.GRPCInsecure,
|
||||
ServiceName: cfg.Options.Services,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -160,20 +157,8 @@ func New(opts *config.Options) (*Authenticate, error) {
|
|||
qpStore := queryparam.NewStore(encryptedEncoder, urlutil.QueryProgrammaticToken)
|
||||
headerStore := header.NewStore(encryptedEncoder, httputil.AuthorizationTypePomerium)
|
||||
|
||||
redirectURL, _ := urlutil.DeepCopy(opts.AuthenticateURL)
|
||||
redirectURL.Path = opts.AuthenticateCallbackPath
|
||||
// configure our identity provider
|
||||
provider, err := identity.NewAuthenticator(
|
||||
oauth.Options{
|
||||
RedirectURL: redirectURL,
|
||||
ProviderName: opts.Provider,
|
||||
ProviderURL: opts.ProviderURL,
|
||||
ClientID: opts.ClientID,
|
||||
ClientSecret: opts.ClientSecret,
|
||||
Scopes: opts.Scopes,
|
||||
ServiceAccount: opts.ServiceAccount,
|
||||
AuthCodeOptions: opts.RequestParams,
|
||||
})
|
||||
redirectURL, _ := urlutil.DeepCopy(cfg.Options.AuthenticateURL)
|
||||
redirectURL.Path = cfg.Options.AuthenticateCallbackPath
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -182,7 +167,7 @@ func New(opts *config.Options) (*Authenticate, error) {
|
|||
a := &Authenticate{
|
||||
RedirectURL: redirectURL,
|
||||
// shared state
|
||||
sharedKey: opts.SharedKey,
|
||||
sharedKey: cfg.Options.SharedKey,
|
||||
sharedCipher: sharedCipher,
|
||||
sharedEncoder: sharedEncoder,
|
||||
// private state
|
||||
|
@ -190,14 +175,17 @@ func New(opts *config.Options) (*Authenticate, error) {
|
|||
cookieCipher: cookieCipher,
|
||||
cookieOptions: cookieOptions,
|
||||
encryptedEncoder: encryptedEncoder,
|
||||
// IdP
|
||||
provider: provider,
|
||||
providerName: opts.Provider,
|
||||
// grpc client for cache
|
||||
dataBrokerClient: dataBrokerClient,
|
||||
jwk: &jose.JSONWebKeySet{},
|
||||
templates: template.Must(frontend.NewTemplates()),
|
||||
options: config.NewAtomicOptions(),
|
||||
provider: identity.NewAtomicAuthenticator(),
|
||||
}
|
||||
|
||||
err = a.updateProvider(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cookieStore, err := cookie.NewStore(func() cookie.Options {
|
||||
|
@ -217,8 +205,8 @@ func New(opts *config.Options) (*Authenticate, error) {
|
|||
a.sessionStore = cookieStore
|
||||
a.sessionLoaders = []sessions.SessionLoader{qpStore, headerStore, cookieStore}
|
||||
|
||||
if opts.SigningKey != "" {
|
||||
decodedCert, err := base64.StdEncoding.DecodeString(opts.SigningKey)
|
||||
if cfg.Options.SigningKey != "" {
|
||||
decodedCert, err := base64.StdEncoding.DecodeString(cfg.Options.SigningKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("authenticate: failed to decode signing key: %w", err)
|
||||
}
|
||||
|
@ -251,4 +239,31 @@ func (a *Authenticate) OnConfigChange(cfg *config.Config) {
|
|||
log.Info().Str("checksum", fmt.Sprintf("%x", cfg.Options.Checksum())).Msg("authenticate: updating options")
|
||||
a.options.Store(cfg.Options)
|
||||
a.setAdminUsers(cfg.Options)
|
||||
if err := a.updateProvider(cfg); err != nil {
|
||||
log.Error().Err(err).Msg("authenticate: failed to update identity provider")
|
||||
}
|
||||
}
|
||||
|
||||
func (a *Authenticate) updateProvider(cfg *config.Config) error {
|
||||
redirectURL, _ := urlutil.DeepCopy(cfg.Options.AuthenticateURL)
|
||||
redirectURL.Path = cfg.Options.AuthenticateCallbackPath
|
||||
|
||||
// configure our identity provider
|
||||
provider, err := identity.NewAuthenticator(
|
||||
oauth.Options{
|
||||
RedirectURL: redirectURL,
|
||||
ProviderName: cfg.Options.Provider,
|
||||
ProviderURL: cfg.Options.ProviderURL,
|
||||
ClientID: cfg.Options.ClientID,
|
||||
ClientSecret: cfg.Options.ClientSecret,
|
||||
Scopes: cfg.Options.Scopes,
|
||||
ServiceAccount: cfg.Options.ServiceAccount,
|
||||
AuthCodeOptions: cfg.Options.RequestParams,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
a.provider.Store(provider)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -124,7 +124,7 @@ func TestNew(t *testing.T) {
|
|||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
_, err := New(tt.opts)
|
||||
_, err := New(&config.Config{Options: tt.opts})
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("New() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
|
@ -151,7 +151,7 @@ func TestIsAdmin(t *testing.T) {
|
|||
t.Parallel()
|
||||
opts := newTestOptions(t)
|
||||
opts.Administrators = tc.admins
|
||||
a, err := New(opts)
|
||||
a, err := New(&config.Config{Options: opts})
|
||||
a.OnConfigChange(&config.Config{Options: opts})
|
||||
require.NoError(t, err)
|
||||
assert.True(t, a.isAdmin(tc.user) == tc.isAdmin)
|
||||
|
|
|
@ -256,7 +256,7 @@ func (a *Authenticate) SignOut(w http.ResponseWriter, r *http.Request) error {
|
|||
sessionState, err := a.getSessionFromCtx(ctx)
|
||||
if err == nil {
|
||||
if s, _ := session.Get(ctx, a.dataBrokerClient, sessionState.ID); s != nil && s.OauthToken != nil {
|
||||
if err := a.provider.Revoke(ctx, manager.FromOAuthToken(s.OauthToken)); err != nil {
|
||||
if err := a.provider.Load().Revoke(ctx, manager.FromOAuthToken(s.OauthToken)); err != nil {
|
||||
log.Warn().Err(err).Msg("failed to revoke access token")
|
||||
}
|
||||
}
|
||||
|
@ -269,7 +269,7 @@ func (a *Authenticate) SignOut(w http.ResponseWriter, r *http.Request) error {
|
|||
// no matter what happens, we want to clear the session store
|
||||
a.sessionStore.ClearSession(w, r)
|
||||
redirectString := r.FormValue(urlutil.QueryRedirectURI)
|
||||
endSessionURL, err := a.provider.LogOut()
|
||||
endSessionURL, err := a.provider.Load().LogOut()
|
||||
if err == nil {
|
||||
params := url.Values{}
|
||||
params.Add("post_logout_redirect_uri", redirectString)
|
||||
|
@ -331,7 +331,7 @@ func (a *Authenticate) reauthenticateOrFail(w http.ResponseWriter, r *http.Reque
|
|||
enc := cryptutil.Encrypt(a.cookieCipher, []byte(redirectURL.String()), b)
|
||||
b = append(b, enc...)
|
||||
encodedState := base64.URLEncoding.EncodeToString(b)
|
||||
httputil.Redirect(w, r, a.provider.GetSignInURL(encodedState), http.StatusFound)
|
||||
httputil.Redirect(w, r, a.provider.Load().GetSignInURL(encodedState), http.StatusFound)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -377,7 +377,7 @@ func (a *Authenticate) getOAuthCallback(w http.ResponseWriter, r *http.Request)
|
|||
//
|
||||
// Exchange the supplied Authorization Code for a valid user session.
|
||||
s := sessions.State{ID: uuid.New().String()}
|
||||
accessToken, err := a.provider.Authenticate(ctx, code, &s)
|
||||
accessToken, err := a.provider.Load().Authenticate(ctx, code, &s)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error redeeming authenticate code: %w", err)
|
||||
}
|
||||
|
@ -538,7 +538,7 @@ func (a *Authenticate) saveSessionToDataBroker(ctx context.Context, sessionState
|
|||
|
||||
s := &session.Session{
|
||||
Id: sessionState.ID,
|
||||
UserId: sessionState.UserID(a.providerName),
|
||||
UserId: sessionState.UserID(a.provider.Load().Name()),
|
||||
ExpiresAt: sessionExpiry,
|
||||
IdToken: &session.IDToken{
|
||||
Issuer: sessionState.Issuer,
|
||||
|
@ -557,7 +557,7 @@ func (a *Authenticate) saveSessionToDataBroker(ctx context.Context, sessionState
|
|||
Id: s.GetUserId(),
|
||||
},
|
||||
}
|
||||
err := a.provider.UpdateUserInfo(ctx, accessToken, &mu)
|
||||
err := a.provider.Load().UpdateUserInfo(ctx, accessToken, &mu)
|
||||
if err != nil {
|
||||
return fmt.Errorf("authenticate: error retrieving user info: %w", err)
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@ import (
|
|||
"google.golang.org/grpc"
|
||||
"google.golang.org/protobuf/types/known/emptypb"
|
||||
|
||||
"github.com/pomerium/pomerium/config"
|
||||
"github.com/pomerium/pomerium/internal/encoding"
|
||||
"github.com/pomerium/pomerium/internal/encoding/jws"
|
||||
"github.com/pomerium/pomerium/internal/encoding/mock"
|
||||
|
@ -147,7 +148,6 @@ func TestAuthenticate_SignIn(t *testing.T) {
|
|||
|
||||
a := &Authenticate{
|
||||
sessionStore: tt.session,
|
||||
provider: tt.provider,
|
||||
RedirectURL: uriParseHelper("https://some.example"),
|
||||
sharedKey: "secret",
|
||||
sharedEncoder: tt.encoder,
|
||||
|
@ -176,7 +176,9 @@ func TestAuthenticate_SignIn(t *testing.T) {
|
|||
}, nil
|
||||
},
|
||||
},
|
||||
provider: identity.NewAtomicAuthenticator(),
|
||||
}
|
||||
a.provider.Store(tt.provider)
|
||||
uri := &url.URL{Scheme: tt.scheme, Host: tt.host}
|
||||
|
||||
queryString := uri.Query()
|
||||
|
@ -234,7 +236,6 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
defer ctrl.Finish()
|
||||
a := &Authenticate{
|
||||
sessionStore: tt.sessionStore,
|
||||
provider: tt.provider,
|
||||
encryptedEncoder: mock.Encoder{},
|
||||
templates: template.Must(frontend.NewTemplates()),
|
||||
sharedEncoder: mock.Encoder{},
|
||||
|
@ -260,7 +261,9 @@ func TestAuthenticate_SignOut(t *testing.T) {
|
|||
}, nil
|
||||
},
|
||||
},
|
||||
provider: identity.NewAtomicAuthenticator(),
|
||||
}
|
||||
a.provider.Store(tt.provider)
|
||||
u, _ := url.Parse("/sign_out")
|
||||
params, _ := url.ParseQuery(u.RawQuery)
|
||||
params.Add("sig", tt.sig)
|
||||
|
@ -344,10 +347,11 @@ func TestAuthenticate_OAuthCallback(t *testing.T) {
|
|||
a := &Authenticate{
|
||||
RedirectURL: authURL,
|
||||
sessionStore: tt.session,
|
||||
provider: tt.provider,
|
||||
cookieCipher: aead,
|
||||
encryptedEncoder: signer,
|
||||
provider: identity.NewAtomicAuthenticator(),
|
||||
}
|
||||
a.provider.Store(tt.provider)
|
||||
u, _ := url.Parse("/oauthGet")
|
||||
params, _ := url.ParseQuery(u.RawQuery)
|
||||
params.Add("error", tt.paramErr)
|
||||
|
@ -466,7 +470,6 @@ func TestAuthenticate_SessionValidatorMiddleware(t *testing.T) {
|
|||
cookieSecret: cryptutil.NewKey(),
|
||||
RedirectURL: uriParseHelper("https://authenticate.corp.beyondperimeter.com"),
|
||||
sessionStore: tt.session,
|
||||
provider: tt.provider,
|
||||
cookieCipher: aead,
|
||||
encryptedEncoder: signer,
|
||||
sharedEncoder: signer,
|
||||
|
@ -489,7 +492,9 @@ func TestAuthenticate_SessionValidatorMiddleware(t *testing.T) {
|
|||
}, nil
|
||||
},
|
||||
},
|
||||
provider: identity.NewAtomicAuthenticator(),
|
||||
}
|
||||
a.provider.Store(tt.provider)
|
||||
r := httptest.NewRequest("GET", "/", nil)
|
||||
state, err := tt.session.LoadSession(r)
|
||||
if err != nil {
|
||||
|
@ -535,7 +540,7 @@ func TestWellKnownEndpoint(t *testing.T) {
|
|||
func TestJwksEndpoint(t *testing.T) {
|
||||
o := newTestOptions(t)
|
||||
o.SigningKey = "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUpCMFZkbko1VjEvbVlpYUlIWHhnd2Q0Yzd5YWRTeXMxb3Y0bzA1b0F3ekdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVUc1eENQMEpUVDFINklvbDhqS3VUSVBWTE0wNENnVzlQbEV5cE5SbVdsb29LRVhSOUhUMwpPYnp6aktZaWN6YjArMUt3VjJmTVRFMTh1dy82MXJVQ0JBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
|
||||
auth, err := New(o)
|
||||
auth, err := New(&config.Config{Options: o})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
|
|
@ -135,7 +135,7 @@ func setupAuthenticate(src config.Source, cfg *config.Config, controlPlane *cont
|
|||
return nil
|
||||
}
|
||||
|
||||
svc, err := authenticate.New(cfg.Options)
|
||||
svc, err := authenticate.New(cfg)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error creating authenticate service: %w", err)
|
||||
}
|
||||
|
|
|
@ -45,3 +45,8 @@ func (mp MockProvider) LogOut() (*url.URL, error) { return &mp.LogOutResponse, m
|
|||
func (mp MockProvider) UpdateUserInfo(ctx context.Context, t *oauth2.Token, v interface{}) error {
|
||||
return mp.UpdateUserInfoError
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (mp MockProvider) Name() string {
|
||||
return "mock"
|
||||
}
|
||||
|
|
|
@ -238,3 +238,8 @@ func (p *Provider) GetSignInURL(state string) string {
|
|||
func (p *Provider) LogOut() (*url.URL, error) {
|
||||
return nil, oidc.ErrSignoutNotImplemented
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (p *Provider) Name() string {
|
||||
return Name
|
||||
}
|
||||
|
|
|
@ -47,3 +47,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
|
|||
|
||||
return &p, nil
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (p *Provider) Name() string {
|
||||
return Name
|
||||
}
|
||||
|
|
|
@ -45,3 +45,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
|
|||
|
||||
return &p, nil
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (p *Provider) Name() string {
|
||||
return Name
|
||||
}
|
||||
|
|
|
@ -53,3 +53,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
|
|||
}
|
||||
return &p, nil
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (p *Provider) Name() string {
|
||||
return Name
|
||||
}
|
||||
|
|
|
@ -239,3 +239,8 @@ func (p *Provider) GetSubject(v interface{}) (string, error) {
|
|||
}
|
||||
return s.Subject, nil
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (p *Provider) Name() string {
|
||||
return Name
|
||||
}
|
||||
|
|
|
@ -33,3 +33,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
|
|||
|
||||
return &p, nil
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (p *Provider) Name() string {
|
||||
return Name
|
||||
}
|
||||
|
|
|
@ -44,3 +44,8 @@ func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
|
|||
p.Provider = genericOidc
|
||||
return &p, nil
|
||||
}
|
||||
|
||||
// Name returns the provider name.
|
||||
func (p *Provider) Name() string {
|
||||
return Name
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"sync/atomic"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
|
@ -19,24 +20,13 @@ import (
|
|||
"github.com/pomerium/pomerium/internal/identity/oidc/onelogin"
|
||||
)
|
||||
|
||||
var (
|
||||
// compile time assertions that providers are satisfying the interface
|
||||
_ Authenticator = &azure.Provider{}
|
||||
_ Authenticator = &github.Provider{}
|
||||
_ Authenticator = &gitlab.Provider{}
|
||||
_ Authenticator = &google.Provider{}
|
||||
_ Authenticator = &MockProvider{}
|
||||
_ Authenticator = &oidc.Provider{}
|
||||
_ Authenticator = &okta.Provider{}
|
||||
_ Authenticator = &onelogin.Provider{}
|
||||
)
|
||||
|
||||
// Authenticator is an interface representing the ability to authenticate with an identity provider.
|
||||
type Authenticator interface {
|
||||
Authenticate(context.Context, string, interface{}) (*oauth2.Token, error)
|
||||
Refresh(context.Context, *oauth2.Token, interface{}) (*oauth2.Token, error)
|
||||
Revoke(context.Context, *oauth2.Token) error
|
||||
GetSignInURL(state string) string
|
||||
Name() string
|
||||
LogOut() (*url.URL, error)
|
||||
UpdateUserInfo(ctx context.Context, t *oauth2.Token, v interface{}) error
|
||||
}
|
||||
|
@ -67,3 +57,30 @@ func NewAuthenticator(o oauth.Options) (a Authenticator, err error) {
|
|||
}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
// wrap the Authenticator for the AtomicAuthenticator to support a nil default value.
|
||||
type authenticatorValue struct {
|
||||
Authenticator
|
||||
}
|
||||
|
||||
// An AtomicAuthenticator is a strongly-typed atomic.Value for storing an authenticator.
|
||||
type AtomicAuthenticator struct {
|
||||
current atomic.Value
|
||||
}
|
||||
|
||||
// NewAtomicAuthenticator creates a new AtomicAuthenticator.
|
||||
func NewAtomicAuthenticator() *AtomicAuthenticator {
|
||||
a := &AtomicAuthenticator{}
|
||||
a.current.Store(authenticatorValue{})
|
||||
return a
|
||||
}
|
||||
|
||||
// Load loads the current authenticator.
|
||||
func (a *AtomicAuthenticator) Load() Authenticator {
|
||||
return a.current.Load().(authenticatorValue)
|
||||
}
|
||||
|
||||
// Store stores the authenticator.
|
||||
func (a *AtomicAuthenticator) Store(value Authenticator) {
|
||||
a.current.Store(authenticatorValue{value})
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue