openid

package
v0.1.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidSession = errors.New("Session type mismatch")
)
View Source 
var ErrNoSessionFound = oauth2.ErrNotFound

Functions

This section is empty.

Types

type DefaultSession 

type DefaultSession struct {
	Claims    *jwt.IDTokenClaims             `json:"id_token_claims"`
	Headers   *jwt.Headers                   `json:"headers"`
	ExpiresAt map[oauth2.TokenType]time.Time `json:"expires_at"`
	Username  string                         `json:"username"`
	Subject   string                         `json:"subject"`
}

DefaultSession is a session container for the id token.

func NewDefaultSession 

func NewDefaultSession() *DefaultSession

func (*DefaultSession) Clone 

func (s *DefaultSession) Clone() oauth2.Session

func (*DefaultSession) GetExpiresAt 

func (s *DefaultSession) GetExpiresAt(key oauth2.TokenType) time.Time

func (*DefaultSession) GetSubject 

func (s *DefaultSession) GetSubject() string

func (*DefaultSession) GetUsername 

func (s *DefaultSession) GetUsername() string

func (*DefaultSession) IDTokenClaims 

func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims

func (*DefaultSession) IDTokenHeaders 

func (s *DefaultSession) IDTokenHeaders() *jwt.Headers

func (*DefaultSession) SetExpiresAt 

func (s *DefaultSession) SetExpiresAt(key oauth2.TokenType, exp time.Time)

func (*DefaultSession) SetSubject 

func (s *DefaultSession) SetSubject(subject string)

type DefaultStrategy 

type DefaultStrategy struct {
	jwt.Signer

	Config interface {
		oauth2.IDTokenIssuerProvider
		oauth2.IDTokenLifespanProvider
		oauth2.MinParameterEntropyProvider
	}
}

func (DefaultStrategy) GenerateIDToken 

func (h DefaultStrategy) GenerateIDToken(ctx context.Context, lifespan time.Duration, requester oauth2.Requester) (token string, err error)

GenerateIDToken returns a JWT string.

lifespan is ignored if requester.GetSession().IDTokenClaims().ExpiresAt is not zero.

TODO: Refactor time permitting.

type IDTokenHandleHelper 

type IDTokenHandleHelper struct {
	IDTokenStrategy OpenIDConnectTokenStrategy
}

func (*IDTokenHandleHelper) ComputeHash 

func (i *IDTokenHandleHelper) ComputeHash(ctx context.Context, sess Session, token string) (string, error)

ComputeHash computes the hash using the alg defined in the id_token header

func (*IDTokenHandleHelper) GetAccessTokenHash 

func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) string

func (*IDTokenHandleHelper) IssueExplicitIDToken 

func (i *IDTokenHandleHelper) IssueExplicitIDToken(ctx context.Context, lifespan time.Duration, ar oauth2.Requester, resp oauth2.AccessResponder) error

func (*IDTokenHandleHelper) IssueImplicitIDToken 

func (i *IDTokenHandleHelper) IssueImplicitIDToken(ctx context.Context, lifespan time.Duration, ar oauth2.Requester, resp oauth2.AuthorizeResponder) error

type OpenIDConnectDeviceAuthorizeHandler 

type OpenIDConnectDeviceAuthorizeHandler struct {
	OpenIDConnectRequestStorage   OpenIDConnectRequestStorage
	OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
	hoauth2.CodeTokenEndpointHandler

	Config interface {
		oauth2.IDTokenLifespanProvider
	}

	*IDTokenHandleHelper
}

func (*OpenIDConnectDeviceAuthorizeHandler) CanHandleTokenEndpointRequest 

func (c *OpenIDConnectDeviceAuthorizeHandler) CanHandleTokenEndpointRequest(_ context.Context, requester oauth2.AccessRequester) (handle bool)

func (*OpenIDConnectDeviceAuthorizeHandler) CanSkipClientAuth 

func (c *OpenIDConnectDeviceAuthorizeHandler) CanSkipClientAuth(_ context.Context, _ oauth2.AccessRequester) (skip bool)

func (*OpenIDConnectDeviceAuthorizeHandler) HandleRFC8628UserAuthorizeEndpointRequest 

func (c *OpenIDConnectDeviceAuthorizeHandler) HandleRFC8628UserAuthorizeEndpointRequest(_ context.Context, _ oauth2.DeviceAuthorizeRequester) (err error)

func (*OpenIDConnectDeviceAuthorizeHandler) HandleTokenEndpointRequest 

func (c *OpenIDConnectDeviceAuthorizeHandler) HandleTokenEndpointRequest(_ context.Context, _ oauth2.AccessRequester) (err error)

func (*OpenIDConnectDeviceAuthorizeHandler) PopulateRFC8628UserAuthorizeEndpointResponse 

func (c *OpenIDConnectDeviceAuthorizeHandler) PopulateRFC8628UserAuthorizeEndpointResponse(ctx context.Context, req oauth2.DeviceAuthorizeRequester, _ oauth2.DeviceUserAuthorizeResponder) (err error)

func (*OpenIDConnectDeviceAuthorizeHandler) PopulateTokenEndpointResponse 

func (c *OpenIDConnectDeviceAuthorizeHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) (err error)

type OpenIDConnectExplicitHandler 

type OpenIDConnectExplicitHandler struct {
	// OpenIDConnectRequestStorage is the storage for open id connect sessions.
	OpenIDConnectRequestStorage   OpenIDConnectRequestStorage
	OpenIDConnectRequestValidator *OpenIDConnectRequestValidator

	Config interface {
		oauth2.IDTokenLifespanProvider
	}

	*IDTokenHandleHelper
}

func (*OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest 

func (c *OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool

func (*OpenIDConnectExplicitHandler) CanSkipClientAuth 

func (c *OpenIDConnectExplicitHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool

func (*OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest 

func (c *OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

func (*OpenIDConnectExplicitHandler) HandleTokenEndpointRequest 

func (c *OpenIDConnectExplicitHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error

func (*OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse 

func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) error

type OpenIDConnectHybridHandler 

type OpenIDConnectHybridHandler struct {
	AuthorizeImplicitGrantTypeHandler *hoauth2.AuthorizeImplicitGrantTypeHandler
	AuthorizeExplicitGrantHandler     *hoauth2.AuthorizeExplicitGrantHandler
	IDTokenHandleHelper               *IDTokenHandleHelper
	OpenIDConnectRequestValidator     *OpenIDConnectRequestValidator
	OpenIDConnectRequestStorage       OpenIDConnectRequestStorage

	Enigma *jwt.DefaultSigner

	Config interface {
		oauth2.IDTokenLifespanProvider
		oauth2.MinParameterEntropyProvider
		oauth2.ScopeStrategyProvider
	}
}

func (*OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest 

func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

HandleAuthorizeEndpointRequest implements oauth2.AuthorizeEndpointHandler.

TODO: Refactor time permitting.

type OpenIDConnectImplicitHandler 

type OpenIDConnectImplicitHandler struct {
	*IDTokenHandleHelper

	AuthorizeImplicitGrantTypeHandler *hoauth2.AuthorizeImplicitGrantTypeHandler
	OpenIDConnectRequestValidator     *OpenIDConnectRequestValidator
	RS256JWTStrategy                  *jwt.DefaultSigner

	Config interface {
		oauth2.IDTokenLifespanProvider
		oauth2.MinParameterEntropyProvider
		oauth2.ScopeStrategyProvider
	}
}

func (*OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest 

func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

HandleAuthorizeEndpointRequest implements oauth2.AuthorizeEndpointHandler.

TODO: Refactor time permitting.

type OpenIDConnectRefreshHandler 

type OpenIDConnectRefreshHandler struct {
	*IDTokenHandleHelper

	Config interface {
		oauth2.IDTokenLifespanProvider
	}
}

func (*OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest 

func (c *OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool

func (*OpenIDConnectRefreshHandler) CanSkipClientAuth 

func (c *OpenIDConnectRefreshHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool

func (*OpenIDConnectRefreshHandler) HandleTokenEndpointRequest 

func (c *OpenIDConnectRefreshHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error

func (*OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse 

func (c *OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) error

type OpenIDConnectRequestStorage 

type OpenIDConnectRequestStorage interface {
	// CreateOpenIDConnectSession creates an open id connect session
	// for a given authorize code. This is relevant for explicit open id connect flow.
	CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester oauth2.Requester) error

	// GetOpenIDConnectSession returns error
	// - nil if a session was found,
	// - ErrNoSessionFound if no session was found
	// - or an arbitrary error if an error occurred.
	GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester oauth2.Requester) (oauth2.Requester, error)

	// DeleteOpenIDConnectSession deletes the OpenID Connect 1.0 session from storage.
	DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
}

type OpenIDConnectRequestValidator 

type OpenIDConnectRequestValidator struct {
	Strategy jwt.Signer
	Config   openIDConnectRequestValidatorConfigProvider
}

func NewOpenIDConnectRequestValidator 

func NewOpenIDConnectRequestValidator(strategy jwt.Signer, config openIDConnectRequestValidatorConfigProvider) *OpenIDConnectRequestValidator

func (*OpenIDConnectRequestValidator) ValidatePrompt 

func (v *OpenIDConnectRequestValidator) ValidatePrompt(ctx context.Context, req oauth2.AuthorizeRequester) error

ValidatePrompt ensures the prompt is valid for the OpenID Connect 1.0 Flows.

TODO: Refactor time permitting.

type OpenIDConnectTokenStrategy 

type OpenIDConnectTokenStrategy interface {
	GenerateIDToken(ctx context.Context, lifespan time.Duration, requester oauth2.Requester) (token string, err error)
}

type Session 

type Session interface {
	// IDTokenClaims returns a pointer to claims which will be modified in-place by handlers.
	// Session should store this pointer and return always the same pointer.
	IDTokenClaims() *jwt.IDTokenClaims
	// IDTokenHeaders returns a pointer to header values which will be modified in-place by handlers.
	// Session should store this pointer and return always the same pointer.
	IDTokenHeaders() *jwt.Headers

	oauth2.Session
}

type TokenValidationStrategy 

type TokenValidationStrategy interface {
	ValidateIDToken(ctx context.Context, requester oauth2.Requester, token string) (jwt.MapClaims, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.