Documentation
¶
Index ¶
- Constants
- func AccessTokenToClipboard(tokenSet *TokenSet)
- func ClearDb()
- func CloseDb()
- func FatalOnError(err error)
- func InitDb()
- func IntrospectToken(token string)
- func IsJSON(str string) bool
- func Logout(issuer string)
- func PrettyPrintDecodedJWT(token string)
- func PrettyPrintJSON(jsonBytes []byte)
- func PrintTokenSet(tokenSet *TokenSet)
- func TokenRevocation()
- type JOSEHeader
- type JWK
- type JWKSet
- type JWS
- type JWTRegisteredClaims
- type Metadata
- type OpenIDAddressClaim
- type OpenIDProviderMetadata
- type OpenIDStandardClaims
- type Token
- type TokenErrorResponse
- type TokenSet
- func AuthorizationCodeAuth(clientID, clientSecret, openidIssuerURL string) *TokenSet
- func ClientCredenitalsAuth(issuer, clientID, clientSecret string) *TokenSet
- func ImplicitAuth(clientID, clientSecret, openidIssuerURL string) *TokenSet
- func RefreshToken(issuer, clientID, refreshToken string) *TokenSet
- func ResourceOwnerCredentialsAuth(issuer, clientID, username, password string) *TokenSet
Constants ¶
const SchemaVersion = "0.0.1"
SchemaVersion defines the database schema used by this version of actl. It will be increased on database schema changes in order to react conflicts.
Variables ¶
This section is empty.
Functions ¶
func AccessTokenToClipboard ¶ added in v0.1.1
func AccessTokenToClipboard(tokenSet *TokenSet)
AccessTokenToClipboard copies the access token from a given tokenset to users system clipboard.
func ClearDb ¶
func ClearDb()
ClearDb closes and deletes the whole database. Be careful with this method, it is dangerous!
func FatalOnError ¶
func FatalOnError(err error)
FatalOnError checks the err parameter and terminates the process if an error exists
func IntrospectToken ¶ added in v0.1.1
func IntrospectToken(token string)
IntrospectToken implements token introspection as defined in RFC7662 See https://tools.ietf.org/html/rfc7662
func Logout ¶ added in v0.1.1
func Logout(issuer string)
Logout performs a logout based on the OpenID Connect "end_session_endpoint". The spec of "end_session_endpoint" is still a draft and could be changed in future. Therefore, it is advisable not to depend too much on it :-) See https://openid.net/specs/openid-connect-session-1_0.html
func PrettyPrintDecodedJWT ¶
func PrettyPrintDecodedJWT(token string)
PrettyPrintDecodedJWT parses base64 encoded JWT and prints it's header and payload to stdout.
func PrettyPrintJSON ¶
func PrettyPrintJSON(jsonBytes []byte)
PrettyPrintJSON prints a given json object to stdout. With indentation and syntax highlighting.
func PrintTokenSet ¶ added in v0.1.1
func PrintTokenSet(tokenSet *TokenSet)
PrintTokenSet prints a given TokenSet to stdout
func TokenRevocation ¶ added in v0.1.1
func TokenRevocation()
TokenRevocation as defined in RFC7009. Not yet supported by a wide range of OIDC providers. See https://tools.ietf.org/html/rfc7009
Types ¶
type JOSEHeader ¶
type JOSEHeader struct {
Typ string `json:"typ"`
Alg string `json:"alg"`
KeyID string `json:"kid"`
}
JOSEHeader - the JSON Object Signing and Encryption Header is comprised of a set of Header Parameters. See RFC7515
type JWK ¶
type JWK struct {
// Key ID
Kid string `json:"kid" storm:"id"`
// Key Type
Kty string `json:"kty"`
// Public Key Use (sig or enc)
Use string `json:"use"`
// Key Operations
// sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits
KeyOps string `json:"key_ops"`
// Algorithm
// See https://tools.ietf.org/html/rfc7518
Alg string `json:"alg"`
// X.509 URL
X5u string `json:"x5u"`
// X.509 Certificate Chain
X5c []string `json:"x5c"`
// X.509 Certificate SHA-1 Thumbprint
X5t string `json:"x5t"`
// X.509 Certificate SHA-256 Thumbprint
X5tS256 string `json:"x5t#S256"`
Issuer string
CreatedAt time.Time
}
JWK - JSON Web Key A JWK is a JSON object that represents a cryptographic key. The members of the object represent properties of the key, including its value. See https://tools.ietf.org/html/rfc7517#section-4
type JWKSet ¶
type JWKSet struct {
Keys []JWK `json:"keys"`
}
JWKSet is a JSON object that represents a set of JWKs. See https://tools.ietf.org/html/rfc7517#section-5
type JWS ¶
type JWS struct{}
JWS (JSON Web Signature) represents digitally signed or MACed content using JSON data structures and base64url encoding.
type JWTRegisteredClaims ¶
type JWTRegisteredClaims struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
Audience string `json:"aud"`
ExpirationTime int `json:"exp"`
NotBefore string `json:"nbf"`
IssuedAt int `json:"iat"`
JWTID string `json:"jit"`
}
JWTRegisteredClaims is a struct containing all registered JWT claims defined by RFC7519. See https://tools.ietf.org/html/rfc7519#section-4.1
type OpenIDAddressClaim ¶
type OpenIDAddressClaim struct {
Formatted string `json:"formatted"`
StreetAddress string `json:"street_address"`
Locality string `json:"locality"`
Region string `json:"region"`
PostalCode string `json:"postal_code"`
Country string `json:"country"`
}
OpenIDAddressClaim is a struct containing the address datatype as defined in the openid spec. See https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
type OpenIDProviderMetadata ¶
type OpenIDProviderMetadata struct {
Issuer string `json:"issuer" storm:"id"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
JwksURI string `json:"jwks_uri"`
RegistrationEndpoint string `json:"registration_endpoint"`
ScopesSupported []string `json:"scopes_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
ResponseModesSupported []string `json:"response_modes_supported"`
GrantTypesSupported []string `json:"grant_types_supported"`
AcrValuesSupported []string `json:"acr_values_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported"`
IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported"`
UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
UserinfoEncryptionAlgValuesSupported []string `json:"userinfo_encryption_alg_values_supported"`
UserinfoEncryptionEncValuesSupported []string `json:"userinfo_encryption_enc_values_supported"`
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
RequestObjectEncryptionAlgValuesSupported []string `json:"request_object_encryption_alg_values_supported"`
RequestObjectEncryptionEncValuesSupported []string `json:"request_object_encryption_enc_values_supported"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
DisplayValuesSupported []string `json:"display_values_supported"`
ClaimTypesSupported []string `json:"claim_types_supported"`
ClaimsSupported []string `json:"claims_supported"`
ServiceDocumentation string `json:"service_documentation"`
ClaimsLocalesSupported bool `json:"claims_locales_supported"`
UILocalesSupported []string `json:"ui_locales_supported"`
ClaimsParameterSupported bool `json:"claims_parameter_supported"`
RequestParameterSupported bool `json:"request_parameter_supported"`
RequestURIParameterSupported bool `json:"request_uri_parameter_supported"`
RequestURIRegistration []string `json:"require_request_uri_registration"`
OpPolicyURI []string `json:"op_policy_uri"`
OpTosURI []string `json:"op_tos_uri"`
IntrospectionEndpoint string `json:"introspection_endpoint"`
TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens"`
EndSessionEndpoint string `json:"end_session_endpoint"`
CheckSessionIframe string `json:"check_session_iframe"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
}
OpenIDProviderMetadata is the description of the OpenID Providers configuration. This information can be fetched from a well known URL. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
func GetAllIssuer ¶
func GetAllIssuer() []OpenIDProviderMetadata
GetAllIssuer fetches all known OpenID Connect issuers from the local database
func GetOidcMetadata ¶
func GetOidcMetadata(issuer string, useCache bool) *OpenIDProviderMetadata
GetOidcMetadata returns the OpenID Connect Provider Metadata of a given issuer
func UpsertIssuer ¶
func UpsertIssuer(oidcMetadata *OpenIDProviderMetadata) *OpenIDProviderMetadata
UpsertIssuer persists the OpenID Provider metadata fetched from an issuer URL
type OpenIDStandardClaims ¶
type OpenIDStandardClaims struct {
Subject string `json:"sub"`
Name string `json:"name"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
MiddleName string `json:"middle_name"`
Nickname string `json:"nickname"`
PreferredUsername string `json:"preferred_username"`
Profile string `json:"profile"`
Picture string `json:"picture"`
Website string `json:"website"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Gender string `json:"gender"`
Birthdate string `json:"birthdate"`
Zoneinfo string `json:"zoneinfo"`
Locale string `json:"locale"`
PhoneNumber string `json:"phone_number"`
PhoneNumberVerified string `json:"phone_number_verified"`
Address OpenIDAddressClaim `json:"address"`
UpdatedAt string `json:"updated_at"`
}
OpenIDStandardClaims is a struct containing all standard claims defined by the openid spec. See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
type Token ¶
type Token struct {
Encoded string `storm:"id"`
Header map[string]interface{}
Payload map[string]interface{}
}
Token is an OAuth Token
func DecodeToken ¶ added in v0.1.1
DecodeToken constructs a Token type object from a raw base64 JWT
func UpsertJWT ¶
UpsertJWT creates a Token object from a given JWT string and persists it in the local database.
func UserInfo ¶ added in v0.1.1
UserInfo fetches the user info OIDC endpoint and returns the result. The result is a userinfo token -- also a JWT.
func (*Token) GetJOSEHeader ¶
func (t *Token) GetJOSEHeader() *JOSEHeader
GetJOSEHeader returns the JOSE Header information from this token.
func (*Token) GetOidcStandardClaims ¶
func (t *Token) GetOidcStandardClaims() *OpenIDStandardClaims
GetOidcStandardClaims returns the OpenID Connect standard claims from this token.
func (*Token) GetRegisteredClaims ¶
func (t *Token) GetRegisteredClaims() *JWTRegisteredClaims
GetRegisteredClaims returns the registered claims from this token.
type TokenErrorResponse ¶ added in v0.1.1
type TokenErrorResponse struct {
Error string `json:"error,omitempty"`
ErrorDescription string `json:"error_description,omitempty"`
ErrorURI string `json:"error_uri,omitempty"`
}
TokenErrorResponse is the response type of an unsuccessful request against the OpenID Connect endpoints as defined in RFC6749. See https://tools.ietf.org/html/rfc6749#section-5.2
type TokenSet ¶ added in v0.1.1
type TokenSet struct {
AccessToken string `json:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
}
TokenSet is the successful response of issuing an access token as defined by RFC6749. See https://tools.ietf.org/html/rfc6749#section-5.1
func AuthorizationCodeAuth ¶
AuthorizationCodeAuth is a redirect based authentication flow to retrieve a TokenSet See https://tools.ietf.org/html/rfc6749#section-4.1
func ClientCredenitalsAuth ¶
ClientCredenitalsAuth uses a client id and client secret to retrieve a TokenSet See https://tools.ietf.org/html/rfc6749#section-4.4
func ImplicitAuth ¶ added in v0.1.1
ImplicitAuth is a redirect based authentication flow without support for refresh tokens. See https://tools.ietf.org/html/rfc6749#section-4.2
func RefreshToken ¶
RefreshToken uses an existing refresh token to retrieve a new TokenSet See https://tools.ietf.org/html/rfc6749#section-6
func ResourceOwnerCredentialsAuth ¶
ResourceOwnerCredentialsAuth uses a username and password to retrieve a TokenSet See https://tools.ietf.org/html/rfc6749#section-10.7
Source Files