coreos

package

v0.0.0-...-36f99de Latest Latest Go to latest Published: Aug 12, 2024 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

codeberg.org/pfad.fr/gopenidclient

Links

Open Source Insights

Documentation ¶

Overview ¶

package coreos provides a Provider for OpenID Connect (code.pfad.fr/gopenidclient), backed by the github.com/coreos/go-oidc/v3/oidc package.

Example ¶

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"log"
	"net/http"
	"time"

	"code.pfad.fr/gopenidclient"
	"code.pfad.fr/gopenidclient/assertion"
	"code.pfad.fr/gopenidclient/coreos"
)

func main() {
	// persist the privateKey somewhere (can be serialized using x509.MarshalPKCS1PrivateKey for instance)
	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		log.Fatal(err)
	}

	// create the (downgradable) certificate
	certificate := assertion.NewSesquiennial(privateKey, "Example Org")
	rs256 := assertion.RS256{
		GetThumbprint: certificate.Thumbprint,
		Validity:      time.Minute,
		CliendID:      "<OAUTH2_CLIENT_ID from identity provider>",
		Key:           privateKey,
	}

	// setup the provider using the assertion (instead of the client secret)
	var provider gopenidclient.Provider = (&coreos.OIDC{
		Issuer:          "issuer_url",
		ClientID:        rs256.CliendID,
		Scopes:          []string{"openid", "email", "profile"},
		ClientAssertion: rs256,
		// ClientSecret can be omitted
	})

	// the provider can be used like any other provider
	provider.SetRedirectURL("http://localhost:8080/auth/callback")

	// the public certificate can be exposed to ease the transmission to the identity provider
	http.HandleFunc("/auth/certificate.pem", func(w http.ResponseWriter, r *http.Request) {
		certificate.ServeDER(w, r)
	})

	// the certificate can be downgraded on ExchangeHandler.HandleCallback error
}

Output:

Index ¶

type OIDC

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OIDC ¶

type OIDC struct {
	Issuer   string
	ClientID string
	// ClientAssertion is more secure than ClientSecret, see the example.
	ClientAssertion gopenidclient.Assertion
	// ClientSecret can be left blank, when ClientAssertion is used.
	ClientSecret string
	Scopes       []string
	HTTPClient   *http.Client // will use http.DefaultClient if let nil
	// contains filtered or unexported fields
}

OIDC implements a Provider for the OpenID Connect flow of code.pfad.fr/gopenidclient. The unexported fields have a suitable default values (hence no New method needed).

func (*OIDC) AuthCodeURL ¶

func (o *OIDC) AuthCodeURL(state string) (string, string, error)

AuthCodeURL returns the Auth-URL to redirect the user to

func (*OIDC) EndSessionURL ¶

func (o *OIDC) EndSessionURL() (*url.URL, error)

func (*OIDC) Exchange ¶

func (o *OIDC) Exchange(code, verifier string) (token *oauth2.Token, unmarshalUser func(interface{}) error, err error)

Exchange exchanges the code and provides a way to unmarshal the user info

func (*OIDC) Refresh ¶

func (o *OIDC) Refresh(refreshToken string) (token *oauth2.Token, unmarshalUser func(interface{}) error, err error)

func (*OIDC) SetRedirectURL ¶

func (o *OIDC) SetRedirectURL(url string)

SetRedirectURL sets the local callback URL.

Source Files ¶

View all Source files

oidc.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL