Documentation ¶
Index ¶
- Constants
- func CalcKid(modulus string) (string, error)
- func CalculateCHash(alg string, code string) (string, error)
- func CalculateClientSecretBasicToken(clientID, clientSecret string) (string, error)
- func DefaultAuthMethod(openIDConfigAuthMethods []string, logger *logrus.Entry) string
- func GetJWSIssuerString(ctx ContextInterface, cert Certificate) (string, error)
- func GetKID(ctx ContextInterface, modulus []byte) (string, error)
- func GetSigningAlg(alg string) (jwt.SigningMethod, error)
- func NewJWSSignature(requestBody string, ctx ContextInterface, alg jwt.SigningMethod) (string, error)
- func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)
- func SignedString(t *jwt.Token, key interface{}, body string) (string, error)
- func SigningString(t *jwt.Token, body string) (string, error)
- func SplitJWSWithBody(token string) string
- func SuiteSupportedAuthMethodsMostSecureFirst() []string
- type Certificate
- type ContextInterface
- type OpenIDConfiguration
- type PSUConsentClaims
Constants ¶
const ( TlsClientAuth = "tls_client_auth" PrivateKeyJwt = "private_key_jwt" ClientSecretBasic = "client_secret_basic" )
token_endpoint_auth_methods_supported
const ( ClientAssertionType = "client_assertion_type" ClientAssertionTypeValue = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" )
const ( GrantType = "grant_type" GrantTypeAuthorizationCode = "authorization_code" )
const (
ClientAssertion = "client_assertion"
)
Variables ¶
This section is empty.
Functions ¶
func CalculateCHash ¶ added in v1.1.16
CalculateCHash calculates the code hash (c_hash) value as described in section 3.3.2.11 (ID Token) https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken List of valid algorithms https://openid.net/specs/openid-financial-api-part-2.html#jws-algorithm-considerations At the time of writing, the list shows "PS256", "ES256" https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2#OpenBankingSecurityProfile-Implementer'sDraftv1.1.2-Step2:FormtheJOSEHeader
func CalculateClientSecretBasicToken ¶
CalculateClientSecretBasicToken tests the generation of `client secret basic` value as a product of `client_id` and `client_secret` as per https://tools.ietf.org/html/rfc7617
func DefaultAuthMethod ¶
func GetJWSIssuerString ¶ added in v1.1.15
func GetJWSIssuerString(ctx ContextInterface, cert Certificate) (string, error)
func GetKID ¶ added in v1.1.15
func GetKID(ctx ContextInterface, modulus []byte) (string, error)
GetKID determines the value of the JWS Key ID
func GetSigningAlg ¶ added in v1.1.15
func NewJWSSignature ¶ added in v1.1.15
func NewJWSSignature(requestBody string, ctx ContextInterface, alg jwt.SigningMethod) (string, error)
func PSUURLGenerate ¶
func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)
PSUURLGenerate generates a PSU Consent URL based on claims
func SignedString ¶ added in v1.1.15
SignedString Get the complete, signed token for jws usage
func SigningString ¶ added in v1.1.15
SigningString -
func SplitJWSWithBody ¶ added in v1.1.15
func SuiteSupportedAuthMethodsMostSecureFirst ¶
func SuiteSupportedAuthMethodsMostSecureFirst() []string
SuiteSupportedAuthMethodsMostSecureFirst - We have made our own determination of security offered by each auth method. It is not from a formal definition.
Types ¶
type Certificate ¶
type Certificate interface { PublicKey() *rsa.PublicKey PrivateKey() *rsa.PrivateKey TLSCert() tls.Certificate DN() (string, error) SignatureIssuer(bool) (string, error) }
Certificate - create new Certificate.
func NewCertificate ¶
func NewCertificate(publicKeyPem, privateKeyPem string) (Certificate, error)
NewCertificate - create new Certificate.
Parameters: * publicKeyPem=PEM encoded public key. * privateKeyPem=PEM encoded private key.
Returns Certificate, or nil with error set if something is invalid.
func SigningCertFromContext ¶ added in v1.1.15
func SigningCertFromContext(ctx ContextInterface) (Certificate, error)
type ContextInterface ¶ added in v1.1.15
type ContextInterface interface { // GetString get the string value associated with key GetString(key string) (string, error) // Get the key form the Context map - currently assumes value converts easily to a string! Get(key string) (interface{}, bool) }
ContextInterface - avoid cycling dependency to `model.Context`.
type OpenIDConfiguration ¶
type OpenIDConfiguration struct { TokenEndpoint string `json:"token_endpoint"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"` AuthorizationEndpoint string `json:"authorization_endpoint"` Issuer string `json:"issuer"` ResponseTypesSupported []string `json:"response_types_supported"` AcrValuesSupported []string `json:"acr_values_supported,omitempty"` }
OpenIDConfiguration - The OpenID Connect discovery document retrieved by calling /.well-known/openid-configuration. https://openid.net/specs/openid-connect-discovery-1_0.html
func OpenIdConfig ¶
func OpenIdConfig(url string) (OpenIDConfiguration, error)