Documentation ¶
Index ¶
- Constants
- func WithAuthServerMetadata(metadata *AuthorizationServerMetadata) func(*providerOptions)
- type AuthClient
- type AuthClientOption
- func WithClientSecretBasicAuth(clientID, clientSecret, scope string) AuthClientOption
- func WithClientSecretJwtAuth(clientID, clientSecret, scope, issuer, aud, signingMethod string) AuthClientOption
- func WithClientSecretPostAuth(clientID, clientSecret, scope string) AuthClientOption
- func WithKeyPairAuth(clientID, issuer, audience string, privKey *rsa.PrivateKey, publicKey []byte, ...) AuthClientOption
- func WithQueryParams(queryParams map[string]string) AuthClientOption
- func WithRequestHeaders(hdr map[string]string) AuthClientOption
- func WithServerName(serverName string) AuthClientOption
- func WithTLSClientAuth(clientID, scope string) AuthClientOption
- type AuthorizationServerMetadata
- type ClientBuilder
- type ClientMetadata
- type ConfigOption
- type IdPRegistry
- type IdpRegistryOption
- type KeyReader
- type MTLSEndPointAlias
- type MockIDPServer
- type Provider
- type ProviderRegistry
- type ProviderType
- type Scopes
- type Time
Constants ¶
const ( TypeGeneric = "generic" TypeOkta = "okta" TypeKeycloak = "keycloak" )
Provider type string const
const ( GrantTypeAuthorizationCode = "authorization_code" GrantTypeImplicit = "implicit" GrantTypeClientCredentials = "client_credentials" AuthResponseToken = "token" AuthResponseCode = "code" TLSClientAuthSubjectDN = "tls_client_auth_subject_dn" TLSClientAuthSanDNS = "tls_client_auth_san_dns" TLSClientAuthSanEmail = "tls_client_auth_san_email" TLSClientAuthSanIP = "tls_client_auth_san_ip" TLSClientAuthSanURI = "tls_client_auth_san_uri" )
const ( SigningMethodRS256 = "RS256" SigningMethodRS384 = "RS384" SigningMethodRS512 = "RS512" SigningMethodES256 = "ES256" SigningMethodES384 = "ES384" SigningMethodES512 = "ES512" SigningMethodPS256 = "PS256" SigningMethodPS384 = "PS384" SigningMethodPS512 = "PS512" SigningMethodHS256 = "HS256" SigningMethodHS384 = "HS384" SigningMethodHS512 = "HS512" )
Variables ¶
This section is empty.
Functions ¶
func WithAuthServerMetadata ¶ added in v1.1.91
func WithAuthServerMetadata(metadata *AuthorizationServerMetadata) func(*providerOptions)
Types ¶
type AuthClient ¶
type AuthClient interface { GetToken() (string, error) FetchToken(useCachedToken bool) (string, error) }
AuthClient - Interface representing the auth Client
func NewAuthClient ¶
func NewAuthClient(tokenURL string, apiClient api.Client, opts ...AuthClientOption) (AuthClient, error)
NewAuthClient - create a new auth client with client options
type AuthClientOption ¶
type AuthClientOption func(*authClientOptions)
AuthClientOption - configures auth client.
func WithClientSecretBasicAuth ¶ added in v1.1.61
func WithClientSecretBasicAuth(clientID, clientSecret, scope string) AuthClientOption
WithClientSecretBasicAuth - sets up to use client secret basic authenticator
func WithClientSecretJwtAuth ¶ added in v1.1.61
func WithClientSecretJwtAuth(clientID, clientSecret, scope, issuer, aud, signingMethod string) AuthClientOption
WithClientSecretJwtAuth - sets up to use client secret authenticator
func WithClientSecretPostAuth ¶ added in v1.1.61
func WithClientSecretPostAuth(clientID, clientSecret, scope string) AuthClientOption
WithClientSecretPostAuth - sets up to use client secret authenticator
func WithKeyPairAuth ¶
func WithKeyPairAuth(clientID, issuer, audience string, privKey *rsa.PrivateKey, publicKey []byte, scope, signingMethod string) AuthClientOption
WithKeyPairAuth - sets up to use public/private key pair authenticator
func WithQueryParams ¶ added in v1.1.86
func WithQueryParams(queryParams map[string]string) AuthClientOption
WithQueryParams - sets up the additional query params in auth client
func WithRequestHeaders ¶ added in v1.1.86
func WithRequestHeaders(hdr map[string]string) AuthClientOption
WithRequestHeaders - sets up the additional request headers in auth client
func WithServerName ¶
func WithServerName(serverName string) AuthClientOption
WithServerName - sets up the server name in auth client
func WithTLSClientAuth ¶ added in v1.1.61
func WithTLSClientAuth(clientID, scope string) AuthClientOption
WithTLSClientAuth - sets up to use tls_client_auth and self_signed_tls_client_auth authenticator
type AuthorizationServerMetadata ¶
type AuthorizationServerMetadata struct { Issuer string `json:"issuer,omitempty"` AuthorizationEndpoint string `json:"authorization_endpoint,omitempty"` TokenEndpoint string `json:"token_endpoint,omitempty"` RegistrationEndpoint string `json:"registration_endpoint,omitempty"` JwksURI string `json:"jwks_uri,omitempty"` IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"` RevocationEndpoint string `json:"revocation_endpoint,omitempty"` EndSessionEndpoint string `json:"end_session_endpoint,omitempty"` DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint,omitempty"` PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint,omitempty"` ResponseTypesSupported []string `json:"response_types_supported,omitempty"` ResponseModesSupported []string `json:"response_modes_supported,omitempty"` GrantTypesSupported []string `json:"grant_types_supported,omitempty"` SubjectTypeSupported []string `json:"subject_types_supported,omitempty"` ScopesSupported []string `json:"scopes_supported,omitempty"` TokenEndpointAuthMethodSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"` ClaimsSupported []string `json:"claims_supported,omitempty"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported,omitempty"` RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported,omitempty"` RequestParameterSupported bool `json:"request_parameter_supported,omitempty"` RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported,omitempty"` MTLSEndPointAlias *MTLSEndPointAlias `json:"mtls_endpoint_aliases,omitempty"` }
AuthorizationServerMetadata - OAuth metadata from IdP
type ClientBuilder ¶
type ClientBuilder interface { SetClientName(string) ClientBuilder SetScopes([]string) ClientBuilder SetGrantTypes([]string) ClientBuilder SetResponseType([]string) ClientBuilder SetTokenEndpointAuthMethod(tokenAuthMethod string) ClientBuilder SetRedirectURIs([]string) ClientBuilder SetLogoURI(string) ClientBuilder SetJWKSURI(string) ClientBuilder SetJWKS([]byte) ClientBuilder SetCertificateMetadata(certificateMetaddata string) ClientBuilder SetTLSClientAuthSanDNS(tlsClientAuthSanDNS string) ClientBuilder SetTLSClientAuthSanEmail(tlsClientAuthSanEmail string) ClientBuilder SetTLSClientAuthSanIP(tlsClientAuthSanIP string) ClientBuilder SetTLSClientAuthSanURI(tlsClientAuthSanURI string) ClientBuilder SetExtraProperties(map[string]string) ClientBuilder Build() (ClientMetadata, error) }
ClientBuilder - Builder for IdP client representation
func NewClientMetadataBuilder ¶
func NewClientMetadataBuilder() ClientBuilder
NewClientMetadataBuilder - create a new instance of builder to construct client metadata
type ClientMetadata ¶
type ClientMetadata interface { GetClientName() string GetClientID() string GetClientSecret() string GetClientIDIssuedAt() *time.Time GetClientSecretExpiresAt() *time.Time GetScopes() []string GetGrantTypes() []string GetTokenEndpointAuthMethod() string GetResponseTypes() []string GetClientURI() string GetRedirectURIs() []string GetLogoURI() string GetJwksURI() string GetJwks() map[string]interface{} GetExtraProperties() map[string]string GetTLSClientAuthSanDNS() string GetTLSClientAuthSanEmail() string GetTLSClientAuthSanIP() string GetTLSClientAuthSanURI() string GetRegistrationAccessToken() string }
ClientMetadata - Interface for IdP client metadata representation
type ConfigOption ¶ added in v1.1.91
type IdPRegistry ¶ added in v1.1.91
type IdPRegistry interface { // RegisterProvider - registers the provider using the config RegisterProvider(ctx context.Context, idp corecfg.IDPConfig, tlsCfg corecfg.TLSConfig, proxyURL string, clientTimeout time.Duration) error // UnregisterProvider - un-registers the provider UnregisterProvider(ctx context.Context, provider Provider) error // GetProviderByName - returns the provider from registry based on the name GetProviderByName(ctx context.Context, name string, opts ...ConfigOption) (Provider, error) // GetProviderByIssuer - returns the provider from registry based on the IDP issuer GetProviderByIssuer(ctx context.Context, issuer string, opts ...ConfigOption) (Provider, error) // GetProviderByTokenEndpoint - returns the provider from registry based on the IDP token endpoint GetProviderByTokenEndpoint(ctx context.Context, tokenEndpoint string, opts ...ConfigOption) (Provider, error) // GetProviderByAuthorizationEndpoint - returns the provider from registry based on the IDP authorization endpoint GetProviderByAuthorizationEndpoint(ctx context.Context, authEndpoint string, opts ...ConfigOption) (Provider, error) // GetProviderByMetadataURL - returns the provider from registry based on the IDP metadata URL GetProviderByMetadataURL(ctx context.Context, metadataURL string, opts ...ConfigOption) (Provider, error) }
func NewIdpRegistry ¶ added in v1.1.91
func NewIdpRegistry(opts ...IdpRegistryOption) IdPRegistry
NewProviderRegistry - create a new provider registry
type IdpRegistryOption ¶ added in v1.1.91
type IdpRegistryOption func(r *idpRegistry)
func WithProviderRegistry ¶ added in v1.1.91
func WithProviderRegistry(providerRegistry ProviderRegistry) IdpRegistryOption
type KeyReader ¶ added in v1.1.61
type KeyReader interface { GetPrivateKey() (*rsa.PrivateKey, error) GetPublicKey() ([]byte, error) }
func NewKeyReader ¶ added in v1.1.61
type MTLSEndPointAlias ¶ added in v1.1.61
type MockIDPServer ¶
type MockIDPServer interface { GetMetadataURL() string GetIssuer() string GetTokenURL() string GetAuthEndpoint() string GetRegistrationEndpoint() string SetMetadataResponseCode(statusCode int) SetTokenResponse(accessToken string, expiry time.Duration, statusCode int) SetRegistrationResponseCode(statusCode int) SetUseRegistrationAccessToken(useRegistrationAccessToken bool) GetTokenRequestHeaders() http.Header GetTokenQueryParams() url.Values GetTokenRequestValues() url.Values GetRequestHeaders() http.Header GetQueryParams() url.Values Close() }
MockIDPServer - interface for mock IDP server
func NewMockIDPServer ¶
func NewMockIDPServer() MockIDPServer
NewMockIDPServer - creates a new mock IDP server for tests
type Provider ¶
type Provider interface { GetName() string GetTitle() string GetIssuer() string GetTokenEndpoint() string GetMTLSTokenEndpoint() string GetAuthorizationEndpoint() string GetSupportedScopes() []string GetSupportedGrantTypes() []string GetSupportedTokenAuthMethods() []string GetSupportedResponseMethod() []string RegisterClient(clientMetadata ClientMetadata) (ClientMetadata, error) UnregisterClient(clientID, accessToken string) error GetConfig() corecfg.IDPConfig GetMetadata() *AuthorizationServerMetadata }
Provider - interface for external IdP provider
type ProviderRegistry ¶
type ProviderRegistry interface { // RegisterProvider - registers the provider using the config RegisterProvider(idp corecfg.IDPConfig, tlsCfg corecfg.TLSConfig, proxyURL string, clientTimeout time.Duration) error // GetProviderByName - returns the provider from registry based on the name GetProviderByName(name string) (Provider, error) // GetProviderByIssuer - returns the provider from registry based on the IDP issuer GetProviderByIssuer(issuer string) (Provider, error) // GetProviderByTokenEndpoint - returns the provider from registry based on the IDP token endpoint GetProviderByTokenEndpoint(tokenEndpoint string) (Provider, error) // GetProviderByAuthorizationEndpoint - returns the provider from registry based on the IDP authorization endpoint GetProviderByAuthorizationEndpoint(authEndpoint string) (Provider, error) // GetProviderByMetadataURL - returns the provider from registry based on the IDP metadata URL GetProviderByMetadataURL(metadataURL string) (Provider, error) }
ProviderRegistry - interface for provider registry
func NewProviderRegistry ¶
func NewProviderRegistry() ProviderRegistry
NewProviderRegistry - create a new provider registry
type ProviderType ¶
type ProviderType int
ProviderType - type of provider
const ( Generic ProviderType = iota + 1 Okta KeyCloak )
Provider types
type Scopes ¶
type Scopes []string
Scopes - type for serializing scopes in client representation
func (*Scopes) MarshalJSON ¶
MarshalJSON - serializes the scopes in array as space separated string
func (*Scopes) UnmarshalJSON ¶
UnmarshalJSON - deserializes the scopes from space separated string to array
Source Files ¶
- authclient.go
- authservermetadata.go
- clientmetadata.go
- clientmetadatabuilder.go
- clientsecretbasicauthenticator.go
- clientsecretjwtauthenticator.go
- clientsecretpostauthenticator.go
- constants.go
- genericprovider.go
- idpregistry.go
- keypairauthenticator.go
- keyreader.go
- mockidpserver.go
- oktaprovider.go
- provider.go
- providerregistry.go
- scopes.go
- tlsclientauthenticator.go