openidConnect

package
v0.0.0-...-12da999 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2024 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	PreferredUsernameClaim = "preferred_username"
	EmailClaim             = "email"
	NameClaim              = "name"
	NicknameClaim          = "nickname"
	PictureClaim           = "picture"
	GivenNameClaim         = "given_name"
	FamilyNameClaim        = "family_name"
	AddressClaim           = "address"

	// Unused but available to set in Provider claims
	MiddleNameClaim          = "middle_name"
	ProfileClaim             = "profile"
	WebsiteClaim             = "website"
	EmailVerifiedClaim       = "email_verified"
	GenderClaim              = "gender"
	BirthdateClaim           = "birthdate"
	ZoneinfoClaim            = "zoneinfo"
	LocaleClaim              = "locale"
	PhoneNumberClaim         = "phone_number"
	PhoneNumberVerifiedClaim = "phone_number_verified"
	UpdatedAtClaim           = "updated_at"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type OpenIDConfig

type OpenIDConfig struct {
	AuthEndpoint     string `json:"authorization_endpoint"`
	TokenEndpoint    string `json:"token_endpoint"`
	UserInfoEndpoint string `json:"userinfo_endpoint"`

	// If OpenID discovery is enabled, the end_session_endpoint field can optionally be provided
	// in the discovery endpoint response according to OpenID spec. See:
	// https://openid.net/specs/openid-connect-session-1_0-17.html#OPMetadata
	EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
	Issuer             string `json:"issuer"`
}

type Provider

type Provider struct {
	ClientKey    string
	Secret       string
	CallbackURL  string
	HTTPClient   *http.Client
	OpenIDConfig *OpenIDConfig

	UserIdClaims    []string
	NameClaims      []string
	NickNameClaims  []string
	EmailClaims     []string
	AvatarURLClaims []string
	FirstNameClaims []string
	LastNameClaims  []string
	LocationClaims  []string

	SkipUserInfoRequest bool
	// contains filtered or unexported fields
}

Provider is the implementation of `goth.Provider` for accessing OpenID Connect provider

func New

func New(clientKey, secret, callbackURL, openIDAutoDiscoveryURL string, scopes ...string) (*Provider, error)

New creates a new OpenID Connect provider, and sets up important connection details. You should always call `openidConnect.New` to get a new Provider. Never try to create one manually. New returns an implementation of an OpenID Connect Authorization Code Flow See http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth ID Token decryption is not (yet) supported UserInfo decryption is not (yet) supported

func NewCustomisedURL

func NewCustomisedURL(clientKey, secret, callbackURL, authURL, tokenURL, issuerURL, userInfoURL, endSessionEndpointURL string, scopes ...string) (*Provider, error)

NewCustomisedURL is similar to New(...) but can be used to set custom URLs hence omit the auto-discovery step

func NewNamed

func NewNamed(name, clientKey, secret, callbackURL, openIDAutoDiscoveryURL string, scopes ...string) (*Provider, error)

NewNamed is similar to New(...) but can be used to set a custom name for the provider in order to use multiple OIDC providers

func (*Provider) BeginAuth

func (p *Provider) BeginAuth(state string) (goth.Session, error)

BeginAuth asks the OpenID Connect provider for an authentication end-point.

func (*Provider) Client

func (p *Provider) Client() *http.Client

func (*Provider) Debug

func (p *Provider) Debug(debug bool)

Debug is a no-op for the openidConnect package.

func (*Provider) FetchUser

func (p *Provider) FetchUser(session goth.Session) (goth.User, error)

FetchUser will use the id_token and access requested information about the user.

func (*Provider) Name

func (p *Provider) Name() string

Name is the name used to retrieve this provider later.

func (*Provider) RefreshToken

func (p *Provider) RefreshToken(refreshToken string) (*oauth2.Token, error)

RefreshToken get new access token based on the refresh token

func (*Provider) RefreshTokenAvailable

func (p *Provider) RefreshTokenAvailable() bool

RefreshTokenAvailable refresh token is provided by auth provider or not

func (*Provider) RefreshTokenWithIDToken

func (p *Provider) RefreshTokenWithIDToken(refreshToken string) (*RefreshTokenResponse, error)

The ID token is a fundamental part of the OpenID connect refresh token flow but is not part of the OAuth flow. The existing RefreshToken function leverages the OAuth library's refresh token mechanism, ignoring the refreshed ID token. As a result, a new function needs to be exposed (rather than changing the existing function, for backwards compatibility purposes) that also returns the id_token in the OpenID refresh token flow API response Learn more about ID tokens: https://openid.net/specs/openid-connect-core-1_0.html#IDToken

func (*Provider) SetName

func (p *Provider) SetName(name string)

SetName is to update the name of the provider (needed in case of multiple providers of 1 type)

func (*Provider) UnmarshalSession

func (p *Provider) UnmarshalSession(data string) (goth.Session, error)

UnmarshalSession will unmarshal a JSON string into a session.

type RefreshTokenResponse

type RefreshTokenResponse struct {
	AccessToken string `json:"access_token"`

	// The OpenID spec defines the ID token as an optional response field in the
	// refresh token flow. As a result, a new ID token may not be returned in a successful
	// response.
	// See more: https://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken
	IdToken string `json:"id_token, omitempty"`

	// The OAuth spec defines the refresh token as an optional response field in the
	// refresh token flow. As a result, a new refresh token may not be returned in a successful
	// response.
	// See more: https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/
	RefreshToken string `json:"refresh_token,omitempty"`
}

type Session

type Session struct {
	AuthURL      string
	AccessToken  string
	RefreshToken string
	ExpiresAt    time.Time
	IDToken      string
}

Session stores data during the auth process with the OpenID Connect provider.

func (*Session) Authorize

func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string, error)

Authorize the session with the OpenID Connect provider and return the access token to be stored for future use.

func (Session) GetAuthURL

func (s Session) GetAuthURL() (string, error)

GetAuthURL will return the URL set by calling the `BeginAuth` function on the OpenID Connect provider.

func (Session) Marshal

func (s Session) Marshal() string

Marshal the session into a string

func (Session) String

func (s Session) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL