Documentation ¶
Index ¶
- Constants
- func ClearDb()
- func ClientCredenitalsAuth(issuer, clientID, clientSecret string)
- func CloseDb()
- func FatalOnError(err error)
- func InitDb()
- func PrettyPrintDecodedJWT(token string)
- func PrettyPrintJSON(jsonBytes []byte)
- func RefreshToken(issuer, clientID, refreshToken string)
- func ResourceOwnerCredentialsAuth(issuer, clientID, username, password string)
- type JOSEHeader
- type JWK
- type JWKSet
- type JWS
- type JWTRegisteredClaims
- type Metadata
- type OpenIDAddressClaim
- type OpenIDProviderMetadata
- type OpenIDStandardClaims
- type Token
Constants ¶
const SchemaVersion = "0.0.1"
SchemaVersion defines the database schema used by this version of actl. It will be increased on database schema changes in order to react conflicts.
Variables ¶
This section is empty.
Functions ¶
func ClientCredenitalsAuth ¶
func ClientCredenitalsAuth(issuer, clientID, clientSecret string)
func FatalOnError ¶
func FatalOnError(err error)
FatalOnError checks the err parameter and terminates the process if an error exists
func PrettyPrintDecodedJWT ¶
func PrettyPrintDecodedJWT(token string)
PrettyPrintDecodedJWT parses base64 encoded JWT and prints it's header and payload to stdout.
func PrettyPrintJSON ¶
func PrettyPrintJSON(jsonBytes []byte)
PrettyPrintJSON prints a given json object to stdout. With indentation and syntax highlighting.
func RefreshToken ¶
func RefreshToken(issuer, clientID, refreshToken string)
func ResourceOwnerCredentialsAuth ¶
func ResourceOwnerCredentialsAuth(issuer, clientID, username, password string)
Types ¶
type JOSEHeader ¶
type JOSEHeader struct { Typ string `json:"typ"` Alg string `json:"alg"` KeyID string `json:"kid"` }
JOSEHeader - the JSON Object Signing and Encryption Header is comprised of a set of Header Parameters. See RFC7515
type JWK ¶
type JWK struct { // Key ID Kid string `json:"kid" storm:"id"` // Key Type Kty string `json:"kty"` // Public Key Use (sig or enc) Use string `json:"use"` // Key Operations // sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits KeyOps string `json:"key_ops"` // Algorithm // See https://tools.ietf.org/html/rfc7518 Alg string `json:"alg"` // X.509 URL X5u string `json:"x5u"` // X.509 Certificate Chain X5c []string `json:"x5c"` // X.509 Certificate SHA-1 Thumbprint X5t string `json:"x5t"` // X.509 Certificate SHA-256 Thumbprint X5tS256 string `json:"x5t#S256"` Issuer string CreatedAt time.Time }
JWK - JSON Web Key A JWK is a JSON object that represents a cryptographic key. The members of the object represent properties of the key, including its value. See https://tools.ietf.org/html/rfc7517#section-4
type JWKSet ¶
type JWKSet struct {
Keys []JWK `json:"keys"`
}
JWKSet is a JSON object that represents a set of JWKs. See https://tools.ietf.org/html/rfc7517#section-5
type JWS ¶
type JWS struct{}
JWS (JSON Web Signature) represents digitally signed or MACed content using JSON data structures and base64url encoding.
type JWTRegisteredClaims ¶
type OpenIDAddressClaim ¶
type OpenIDAddressClaim struct { Formatted string `json:"formatted"` StreetAddress string `json:"street_address"` Locality string `json:"locality"` Region string `json:"region"` PostalCode string `json:"postal_code"` Country string `json:"country"` }
See https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
type OpenIDProviderMetadata ¶
type OpenIDProviderMetadata struct { Issuer string `json:"issuer" storm:"id"` AuthorizationEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` UserinfoEndpoint string `json:"userinfo_endpoint"` JwksURI string `json:"jwks_uri"` RegistrationEndpoint string `json:"registration_endpoint"` ScopesSupported []string `json:"scopes_supported"` ResponseTypesSupported []string `json:"response_types_supported"` ResponseModesSupported []string `json:"response_modes_supported"` GrantTypesSupported []string `json:"grant_types_supported"` AcrValuesSupported []string `json:"acr_values_supported"` SubjectTypesSupported []string `json:"subject_types_supported"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"` IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported"` IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported"` UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"` UserinfoEncryptionAlgValuesSupported []string `json:"userinfo_encryption_alg_values_supported"` UserinfoEncryptionEncValuesSupported []string `json:"userinfo_encryption_enc_values_supported"` RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"` RequestObjectEncryptionAlgValuesSupported []string `json:"request_object_encryption_alg_values_supported"` RequestObjectEncryptionEncValuesSupported []string `json:"request_object_encryption_enc_values_supported"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"` DisplayValuesSupported []string `json:"display_values_supported"` ClaimTypesSupported []string `json:"claim_types_supported"` ClaimsSupported []string `json:"claims_supported"` ServiceDocumentation string `json:"service_documentation"` ClaimsLocalesSupported bool `json:"claims_locales_supported"` UILocalesSupported []string `json:"ui_locales_supported"` ClaimsParameterSupported bool `json:"claims_parameter_supported"` RequestParameterSupported bool `json:"request_parameter_supported"` RequestURIParameterSupported bool `json:"request_uri_parameter_supported"` RequestURIRegistration []string `json:"require_request_uri_registration"` OpPolicyURI []string `json:"op_policy_uri"` OpTosURI []string `json:"op_tos_uri"` IntrospectionEndpoint string `json:"introspection_endpoint"` TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens"` EndSessionEndpoint string `json:"end_session_endpoint"` CheckSessionIframe string `json:"check_session_iframe"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"` }
OpenIDProviderMetadata is the description of the OpenID Providers configuration. This information can be fetched from a well known URL. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
func GetAllIssuer ¶
func GetAllIssuer() []OpenIDProviderMetadata
func GetOidcMetadata ¶
func GetOidcMetadata(issuer string, useCache bool) *OpenIDProviderMetadata
func UpsertIssuer ¶
func UpsertIssuer(oidcMetadata *OpenIDProviderMetadata) *OpenIDProviderMetadata
UpsertIssuer persists the OpenID Provider metadata fetched from an issuer URL
type OpenIDStandardClaims ¶
type OpenIDStandardClaims struct { Subject string `json:"sub"` Name string `json:"name"` GivenName string `json:"given_name"` FamilyName string `json:"family_name"` MiddleName string `json:"middle_name"` Nickname string `json:"nickname"` PreferredUsername string `json:"preferred_username"` Profile string `json:"profile"` Picture string `json:"picture"` Website string `json:"website"` Email string `json:"email"` EmailVerified bool `json:"email_verified"` Gender string `json:"gender"` Birthdate string `json:"birthdate"` Zoneinfo string `json:"zoneinfo"` Locale string `json:"locale"` PhoneNumber string `json:"phone_number"` PhoneNumberVerified string `json:"phone_number_verified"` Address OpenIDAddressClaim `json:"address"` UpdatedAt string `json:"updated_at"` }
See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
type Token ¶
type Token struct { Encoded string `storm:"id"` Header map[string]interface{} Payload map[string]interface{} }
Token is an OAuth Token
func AuthorizationCodeAuth ¶
func UpsertJWT ¶
UpsertJWT creates a Token object from a given JWT string and persists it in the local database.
func (*Token) GetJOSEHeader ¶
func (t *Token) GetJOSEHeader() *JOSEHeader
func (*Token) GetOidcStandardClaims ¶
func (t *Token) GetOidcStandardClaims() *OpenIDStandardClaims
func (*Token) GetRegisteredClaims ¶
func (t *Token) GetRegisteredClaims() *JWTRegisteredClaims