oauth

package
v1.1.95 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 21, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TypeGeneric  = "generic"
	TypeOkta     = "okta"
	TypeKeycloak = "keycloak"
)

Provider type string const

View Source
const (
	GrantTypeAuthorizationCode = "authorization_code"
	GrantTypeImplicit          = "implicit"
	GrantTypeClientCredentials = "client_credentials"

	AuthResponseToken = "token"
	AuthResponseCode  = "code"

	TLSClientAuthSubjectDN = "tls_client_auth_subject_dn"
	TLSClientAuthSanDNS    = "tls_client_auth_san_dns"
	TLSClientAuthSanEmail  = "tls_client_auth_san_email"
	TLSClientAuthSanIP     = "tls_client_auth_san_ip"
	TLSClientAuthSanURI    = "tls_client_auth_san_uri"
)
View Source
const (
	SigningMethodRS256 = "RS256"
	SigningMethodRS384 = "RS384"
	SigningMethodRS512 = "RS512"

	SigningMethodES256 = "ES256"
	SigningMethodES384 = "ES384"
	SigningMethodES512 = "ES512"

	SigningMethodPS256 = "PS256"
	SigningMethodPS384 = "PS384"
	SigningMethodPS512 = "PS512"

	SigningMethodHS256 = "HS256"
	SigningMethodHS384 = "HS384"
	SigningMethodHS512 = "HS512"
)

Variables

This section is empty.

Functions

func WithAuthServerMetadata added in v1.1.91

func WithAuthServerMetadata(metadata *AuthorizationServerMetadata) func(*providerOptions)

Types

type AuthClient

type AuthClient interface {
	GetToken() (string, error)
	FetchToken(useCachedToken bool) (string, error)
}

AuthClient - Interface representing the auth Client

func NewAuthClient

func NewAuthClient(tokenURL string, apiClient api.Client, opts ...AuthClientOption) (AuthClient, error)

NewAuthClient - create a new auth client with client options

type AuthClientOption

type AuthClientOption func(*authClientOptions)

AuthClientOption - configures auth client.

func WithClientSecretBasicAuth added in v1.1.61

func WithClientSecretBasicAuth(clientID, clientSecret, scope string) AuthClientOption

WithClientSecretBasicAuth - sets up to use client secret basic authenticator

func WithClientSecretJwtAuth added in v1.1.61

func WithClientSecretJwtAuth(clientID, clientSecret, scope, issuer, aud, signingMethod string) AuthClientOption

WithClientSecretJwtAuth - sets up to use client secret authenticator

func WithClientSecretPostAuth added in v1.1.61

func WithClientSecretPostAuth(clientID, clientSecret, scope string) AuthClientOption

WithClientSecretPostAuth - sets up to use client secret authenticator

func WithKeyPairAuth

func WithKeyPairAuth(clientID, issuer, audience string, privKey *rsa.PrivateKey, publicKey []byte, scope, signingMethod string) AuthClientOption

WithKeyPairAuth - sets up to use public/private key pair authenticator

func WithQueryParams added in v1.1.86

func WithQueryParams(queryParams map[string]string) AuthClientOption

WithQueryParams - sets up the additional query params in auth client

func WithRequestHeaders added in v1.1.86

func WithRequestHeaders(hdr map[string]string) AuthClientOption

WithRequestHeaders - sets up the additional request headers in auth client

func WithServerName

func WithServerName(serverName string) AuthClientOption

WithServerName - sets up the server name in auth client

func WithTLSClientAuth added in v1.1.61

func WithTLSClientAuth(clientID, scope string) AuthClientOption

WithTLSClientAuth - sets up to use tls_client_auth and self_signed_tls_client_auth authenticator

type AuthorizationServerMetadata

type AuthorizationServerMetadata struct {
	Issuer string `json:"issuer,omitempty"`

	AuthorizationEndpoint              string `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                      string `json:"token_endpoint,omitempty"`
	RegistrationEndpoint               string `json:"registration_endpoint,omitempty"`
	JwksURI                            string `json:"jwks_uri,omitempty"`
	IntrospectionEndpoint              string `json:"introspection_endpoint,omitempty"`
	RevocationEndpoint                 string `json:"revocation_endpoint,omitempty"`
	EndSessionEndpoint                 string `json:"end_session_endpoint,omitempty"`
	DeviceAuthorizationEndpoint        string `json:"device_authorization_endpoint,omitempty"`
	PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint,omitempty"`

	ResponseTypesSupported                    []string `json:"response_types_supported,omitempty"`
	ResponseModesSupported                    []string `json:"response_modes_supported,omitempty"`
	GrantTypesSupported                       []string `json:"grant_types_supported,omitempty"`
	SubjectTypeSupported                      []string `json:"subject_types_supported,omitempty"`
	ScopesSupported                           []string `json:"scopes_supported,omitempty"`
	TokenEndpointAuthMethodSupported          []string `json:"token_endpoint_auth_methods_supported,omitempty"`
	ClaimsSupported                           []string `json:"claims_supported,omitempty"`
	CodeChallengeMethodsSupported             []string `json:"code_challenge_methods_supported,omitempty"`
	IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported,omitempty"`
	RevocationEndpointAuthMethodsSupported    []string `json:"revocation_endpoint_auth_methods_supported,omitempty"`

	RequestParameterSupported              bool     `json:"request_parameter_supported,omitempty"`
	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported,omitempty"`

	MTLSEndPointAlias *MTLSEndPointAlias `json:"mtls_endpoint_aliases,omitempty"`
}

AuthorizationServerMetadata - OAuth metadata from IdP

type ClientBuilder

type ClientBuilder interface {
	SetClientName(string) ClientBuilder

	SetScopes([]string) ClientBuilder
	SetGrantTypes([]string) ClientBuilder
	SetResponseType([]string) ClientBuilder
	SetTokenEndpointAuthMethod(tokenAuthMethod string) ClientBuilder

	SetRedirectURIs([]string) ClientBuilder
	SetLogoURI(string) ClientBuilder

	SetJWKSURI(string) ClientBuilder
	SetJWKS([]byte) ClientBuilder

	SetCertificateMetadata(certificateMetaddata string) ClientBuilder
	SetTLSClientAuthSanDNS(tlsClientAuthSanDNS string) ClientBuilder
	SetTLSClientAuthSanEmail(tlsClientAuthSanEmail string) ClientBuilder
	SetTLSClientAuthSanIP(tlsClientAuthSanIP string) ClientBuilder
	SetTLSClientAuthSanURI(tlsClientAuthSanURI string) ClientBuilder
	SetExtraProperties(map[string]string) ClientBuilder

	Build() (ClientMetadata, error)
}

ClientBuilder - Builder for IdP client representation

func NewClientMetadataBuilder

func NewClientMetadataBuilder() ClientBuilder

NewClientMetadataBuilder - create a new instance of builder to construct client metadata

type ClientMetadata

type ClientMetadata interface {
	GetClientName() string
	GetClientID() string
	GetClientSecret() string
	GetClientIDIssuedAt() *time.Time
	GetClientSecretExpiresAt() *time.Time
	GetScopes() []string
	GetGrantTypes() []string
	GetTokenEndpointAuthMethod() string
	GetResponseTypes() []string
	GetClientURI() string
	GetRedirectURIs() []string
	GetLogoURI() string
	GetJwksURI() string
	GetJwks() map[string]interface{}
	GetExtraProperties() map[string]string
	GetTLSClientAuthSanDNS() string
	GetTLSClientAuthSanEmail() string
	GetTLSClientAuthSanIP() string
	GetTLSClientAuthSanURI() string
	GetRegistrationAccessToken() string
}

ClientMetadata - Interface for IdP client metadata representation

type ConfigOption added in v1.1.91

type ConfigOption func(config.IDPConfig) error

type IdPRegistry added in v1.1.91

type IdPRegistry interface {
	// RegisterProvider - registers the provider using the config
	RegisterProvider(ctx context.Context, idp corecfg.IDPConfig, tlsCfg corecfg.TLSConfig, proxyURL string, clientTimeout time.Duration) error
	// UnregisterProvider - un-registers the provider
	UnregisterProvider(ctx context.Context, provider Provider) error
	// GetProviderByName - returns the provider from registry based on the name
	GetProviderByName(ctx context.Context, name string, opts ...ConfigOption) (Provider, error)
	// GetProviderByIssuer - returns the provider from registry based on the IDP issuer
	GetProviderByIssuer(ctx context.Context, issuer string, opts ...ConfigOption) (Provider, error)
	// GetProviderByTokenEndpoint - returns the provider from registry based on the IDP token endpoint
	GetProviderByTokenEndpoint(ctx context.Context, tokenEndpoint string, opts ...ConfigOption) (Provider, error)
	// GetProviderByAuthorizationEndpoint - returns the provider from registry based on the IDP authorization endpoint
	GetProviderByAuthorizationEndpoint(ctx context.Context, authEndpoint string, opts ...ConfigOption) (Provider, error)
	// GetProviderByMetadataURL - returns the provider from registry based on the IDP metadata URL
	GetProviderByMetadataURL(ctx context.Context, metadataURL string, opts ...ConfigOption) (Provider, error)
}

func NewIdpRegistry added in v1.1.91

func NewIdpRegistry(opts ...IdpRegistryOption) IdPRegistry

NewProviderRegistry - create a new provider registry

type IdpRegistryOption added in v1.1.91

type IdpRegistryOption func(r *idpRegistry)

func WithProviderRegistry added in v1.1.91

func WithProviderRegistry(providerRegistry ProviderRegistry) IdpRegistryOption

type KeyReader added in v1.1.61

type KeyReader interface {
	GetPrivateKey() (*rsa.PrivateKey, error)
	GetPublicKey() ([]byte, error)
}

func NewKeyReader added in v1.1.61

func NewKeyReader(privateKey, publicKey, password string) KeyReader

type MTLSEndPointAlias added in v1.1.61

type MTLSEndPointAlias struct {
	TokenEndpoint         string `json:"token_endpoint,omitempty"`
	RegistrationEndpoint  string `json:"registration_endpoint,omitempty"`
	IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"`
	RevocationEndpoint    string `json:"revocation_endpoint,omitempty"`
}

type MockIDPServer

type MockIDPServer interface {
	GetMetadataURL() string
	GetIssuer() string
	GetTokenURL() string
	GetAuthEndpoint() string
	GetRegistrationEndpoint() string
	SetMetadataResponseCode(statusCode int)
	SetTokenResponse(accessToken string, expiry time.Duration, statusCode int)
	SetRegistrationResponseCode(statusCode int)
	SetUseRegistrationAccessToken(useRegistrationAccessToken bool)
	GetTokenRequestHeaders() http.Header
	GetTokenQueryParams() url.Values
	GetTokenRequestValues() url.Values
	GetRequestHeaders() http.Header
	GetQueryParams() url.Values
	Close()
}

MockIDPServer - interface for mock IDP server

func NewMockIDPServer

func NewMockIDPServer() MockIDPServer

NewMockIDPServer - creates a new mock IDP server for tests

type Provider

type Provider interface {
	GetName() string
	GetTitle() string
	GetIssuer() string
	GetTokenEndpoint() string
	GetMTLSTokenEndpoint() string
	GetAuthorizationEndpoint() string
	GetSupportedScopes() []string
	GetSupportedGrantTypes() []string
	GetSupportedTokenAuthMethods() []string
	GetSupportedResponseMethod() []string
	RegisterClient(clientMetadata ClientMetadata) (ClientMetadata, error)
	UnregisterClient(clientID, accessToken string) error
	GetConfig() corecfg.IDPConfig
	GetMetadata() *AuthorizationServerMetadata
}

Provider - interface for external IdP provider

func NewProvider

func NewProvider(idp corecfg.IDPConfig, tlsCfg corecfg.TLSConfig, proxyURL string, clientTimeout time.Duration, opts ...func(*providerOptions)) (Provider, error)

NewProvider - create a new IdP provider

type ProviderRegistry

type ProviderRegistry interface {
	// RegisterProvider - registers the provider using the config
	RegisterProvider(idp corecfg.IDPConfig, tlsCfg corecfg.TLSConfig, proxyURL string, clientTimeout time.Duration) error
	// GetProviderByName - returns the provider from registry based on the name
	GetProviderByName(name string) (Provider, error)
	// GetProviderByIssuer - returns the provider from registry based on the IDP issuer
	GetProviderByIssuer(issuer string) (Provider, error)
	// GetProviderByTokenEndpoint - returns the provider from registry based on the IDP token endpoint
	GetProviderByTokenEndpoint(tokenEndpoint string) (Provider, error)
	// GetProviderByAuthorizationEndpoint - returns the provider from registry based on the IDP authorization endpoint
	GetProviderByAuthorizationEndpoint(authEndpoint string) (Provider, error)
	// GetProviderByMetadataURL - returns the provider from registry based on the IDP metadata URL
	GetProviderByMetadataURL(metadataURL string) (Provider, error)
}

ProviderRegistry - interface for provider registry

func NewProviderRegistry

func NewProviderRegistry() ProviderRegistry

NewProviderRegistry - create a new provider registry

type ProviderType

type ProviderType int

ProviderType - type of provider

const (
	Generic ProviderType = iota + 1
	Okta
	KeyCloak
)

Provider types

type Scopes

type Scopes []string

Scopes - type for serializing scopes in client representation

func (*Scopes) MarshalJSON

func (s *Scopes) MarshalJSON() ([]byte, error)

MarshalJSON - serializes the scopes in array as space separated string

func (*Scopes) UnmarshalJSON

func (s *Scopes) UnmarshalJSON(data []byte) error

UnmarshalJSON - deserializes the scopes from space separated string to array

type Time

type Time time.Time

Time - time

func (*Time) MarshalJSON

func (t *Time) MarshalJSON() ([]byte, error)

MarshalJSON - serialize time to unix timestamp

func (*Time) UnmarshalJSON

func (t *Time) UnmarshalJSON(data []byte) error

UnmarshalJSON - deserialize time to unix timestamp

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL