gopenidclient

package module

v0.0.0-...-36f99de Latest Latest Go to latest Published: Aug 12, 2024 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

codeberg.org/pfad.fr/gopenidclient

Links

Open Source Insights

README ¶

gopenidclient

This package is an attempt to provide nice OAuth2 / OpenID Connect (OIDC) interface.

OAuth2 integration is provided in the static package. An OpenID Connect (OIDC) provider is provided under coreos.

Documentation ¶

Overview ¶

package gopenidclient is an attempt to provide nice OAuth2 / OpenID Connect (OIDC) interface.

OAuth2 integration is provided in the "static" package. An OpenID Connect (OIDC) provider backed by github.com/coreos/go-oidc/v3/oidc is available under code.pfad.fr/gopenidclient/coreos.

Index ¶

type Assertion
type CallbackResult
type CookieManager
type ExchangeHandler
- func (s ExchangeHandler) HandleCallback(w http.ResponseWriter, r *http.Request, provider Provider) (cr CallbackResult, clearCookies func(), err error)
- func (s ExchangeHandler) RedirectToAuthCodeURL(w http.ResponseWriter, r *http.Request, provider Provider) error
type Provider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Assertion ¶

type Assertion interface {
	Type() string
	Assert(aud string) (string, error)
}

Assertion allows the usage of client_assertion instead of client_secret for better security. The code.pfad.fr/gopenidclient/coreos provider supports it. See code.pfad.fr/gopenidclient/assertion.RS256 for an implementation based on RSA+SHA256.

type CallbackResult ¶

type CallbackResult struct {
	// UnmarshalUser will unmarshal the JSON user returned by the provider
	//      var user struct {
	//      	ID    string `json:"sub"`
	//      	Email string `json:"email"`
	//      	Name  string `json:"name"`
	//      }
	//      err = UnmarshalUser(&user)
	UnmarshalUser func(interface{}) error
	Token         *oauth2.Token
	// IntendedPath contains the URL before the login flow took place
	IntendedPath string
}

CallbackResult is returned at the end of the login flow

type CookieManager ¶

type CookieManager struct {
	Prefix    string
	Encrypter interface {
		Seal(name, cleartext string) string
		Open(name, cyphertext string) (string, error)
	}
}

func (CookieManager) Clear ¶

func (cm CookieManager) Clear(w http.ResponseWriter)

func (CookieManager) GetState ¶

func (cm CookieManager) GetState(r *http.Request) (string, error)

GetState gets the state cookie (which stores the intended URL of the user before authentication).

func (CookieManager) SetState ¶

func (cm CookieManager) SetState(w http.ResponseWriter, state string)

SetState sets the state cookie (which stores the intended URL of the user before authentication).

type ExchangeHandler ¶

type ExchangeHandler struct {
	CookieManager CookieManager
}

ExchangeHandler implements the exchange-code flow (including PKCE challenge).

func (ExchangeHandler) HandleCallback ¶

func (s ExchangeHandler) HandleCallback(w http.ResponseWriter, r *http.Request, provider Provider) (cr CallbackResult, clearCookies func(), err error)

HandleCallback should be called after the user logged in at the provider.

func (ExchangeHandler) RedirectToAuthCodeURL ¶

func (s ExchangeHandler) RedirectToAuthCodeURL(w http.ResponseWriter, r *http.Request, provider Provider) error

RedirectToAuthCodeURL should be called to redirect the user to the provider for login.

type Provider ¶

type Provider interface {
	// SetRedirectURL sets the local callback URL.
	SetRedirectURL(url string)

	// AuthCodeURL returns the Provider URL to redirect the user to.
	AuthCodeURL(state string) (url, pkceVerifier string, err error)

	// Exchange exchanges the code and provides a way to unmarshal the user info.
	//
	//      var user struct {
	//      	ID    string `json:"sub"`
	//      	Email string `json:"email"`
	//      	Name  string `json:"name"`
	//      }
	//      err = unmarshalUser(&user)
	Exchange(code, pkceVerifier string) (token *oauth2.Token, unmarshalUser func(interface{}) error, err error)

	// EndSessionURL is a URL where the RP can perform a redirect to request that the End-User be logged out at the OP.
	EndSessionURL() (*url.URL, error)
}

Provider is an interface suitable for OAuth2 and OIDC flows.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
assertion package assertion authenticate OpenID Connect clients using [private_key_jwt] (private/public certificates instead of a shared secret), via OAuth 2.0 assertions specified in [RFC 7521].	package assertion authenticate OpenID Connect clients using [private_key_jwt] (private/public certificates instead of a shared secret), via OAuth 2.0 assertions specified in [RFC 7521].
common package common gather methods used by the provider implementation	package common gather methods used by the provider implementation
tester package tester should be used to test the different providers	package tester should be used to test the different providers
coreos package coreos provides a Provider for OpenID Connect (code.pfad.fr/gopenidclient), backed by the github.com/coreos/go-oidc/v3/oidc package.	package coreos provides a Provider for OpenID Connect (code.pfad.fr/gopenidclient), backed by the github.com/coreos/go-oidc/v3/oidc package.
refresh package refresh uses the refresh-token as a remember token (stored encrypted in a dedicated cookie).	package refresh uses the refresh-token as a remember token (stored encrypted in a dedicated cookie).
static package static uses golang.org/x/oauth2 to implement a Provider for the OAuth2 flow with a static config.	package static uses golang.org/x/oauth2 to implement a Provider for the OAuth2 flow with a static config.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL