authentication

Documentation

Index

• Constants
• Variables
• func CalculateClientSecretBasicToken(clientID, clientSecret string) (string, error)
• func DefaultAuthMethod(openIDConfigAuthMethods []string, logger *logrus.Entry) string
• func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)
• type Certificate
  • func NewCertificate(publicKeyPem, privateKeyPem string) (Certificate, error)
• type OpenIDConfiguration
  • func OpenIdConfig(url string) (OpenIDConfiguration, error)
• type PSUConsentClaims

Constants

const (
	TlsClientAuth     = "tls_client_auth"
	PrivateKeyJwt     = "private_key_jwt"
	ClientSecretJwt   = "client_secret_jwt"
	ClientSecretPost  = "client_secret_post"
	ClientSecretBasic = "client_secret_basic"
)

Variables

var SuiteSupportedAuthMethodsMostSecureFirst = []string{
	TlsClientAuth, ClientSecretBasic,
}

SuiteSupportedAuthMethodsMostSecureFirst - We have made our own determination of security offered by each auth method. It is not from a formal definition.

Functions

func CalculateClientSecretBasicToken

func CalculateClientSecretBasicToken(clientID, clientSecret string) (string, error)

CalculateClientSecretBasicToken tests the generation of `client secret basic` value as a product of `client_id` and `client_secret` as per https://tools.ietf.org/html/rfc7617

func DefaultAuthMethod

func DefaultAuthMethod(openIDConfigAuthMethods []string, logger *logrus.Entry) string

func PSUURLGenerate

func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)

PSUURLGenerate generates a PSU Consent URL based on claims

Types

type Certificate

type Certificate interface {
	PublicKey() *rsa.PublicKey
	PrivateKey() *rsa.PrivateKey
	TLSCert() tls.Certificate
}

Certificate - create new Certificate.

func NewCertificate

func NewCertificate(publicKeyPem, privateKeyPem string) (Certificate, error)

NewCertificate - create new Certificate.

Parameters: * publicKeyPem=PEM encoded public key. * privateKeyPem=PEM encoded private key.

Returns Certificate, or nil with error set if something is invalid.

type OpenIDConfiguration

type OpenIDConfiguration struct {
	TokenEndpoint                          string   `json:"token_endpoint"`
	TokenEndpointAuthMethodsSupported      []string `json:"token_endpoint_auth_methods_supported"`
	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
	AuthorizationEndpoint                  string   `json:"authorization_endpoint"`
	Issuer                                 string   `json:"issuer"`
}

OpenIDConfiguration - The OpenID Connect discovery document retrieved by calling /.well-known/openid-configuration. https://openid.net/specs/openid-connect-discovery-1_0.html

func OpenIdConfig

func OpenIdConfig(url string) (OpenIDConfiguration, error)

type PSUConsentClaims

type PSUConsentClaims struct {
	AuthorizationEndpoint string
	Aud                   string // Audience
	Iss                   string // ClientID
	ResponseType          string // "code id_token"
	Scope                 string // "openid accounts"
	RedirectURI           string
	ConsentId             string
	State                 string // {test_id}
}