oidc

Documentation

Overview

Package oidc implements an OpenID-Connect/OAuth2 client (Service Provider) wrapper. A web application may use this to enforce authentication and authorisation using a specified OpenID-Connect/OAuth2 IDentity Provider (IDP).

Index

• func GetAuthInfoFromRequest(req *http.Request) *authinfo.AuthInfo
• func NewAuthNHandler(config Config, params Params) (http.Handler, error)
• type Config
• type Params

Functions

func GetAuthInfoFromRequest

func GetAuthInfoFromRequest(req *http.Request) *authinfo.AuthInfo

GetAuthInfoFromRequest will return authentication information for the user for the specified HTTP request. It will return nil for a request that did not come through a handler returned from NewAuthNHandler.

func NewAuthNHandler

func NewAuthNHandler(config Config, params Params) (http.Handler, error)

NewAuthNHandler creates a new HTTP handler which handles all incoming HTTP requests. It will ensure the user is authenticated before passing HTTP requests to the application handler.

Types

type Config

type Config struct {
	// ClientID specifies the ID of this client, registered with the IDP. This
	// is required.
	ClientID string `yaml:"client_id" envconfig:"OIDC_CLIENT_ID"`

	// ClientSecret specifies the client shared secret. This is required.
	ClientSecret string `yaml:"client_secret" envconfig:"OIDC_CLIENT_SECRET"`

	// ProviderURL specifies the base URL of the IDP. This is required.
	ProviderURL string `yaml:"provider_url" envconfig:"OIDC_PROVIDER_URL"`

	// AuthURL specifies the authorisation endpoint of the IDP. This is not
	// needed for an OpenID-Connect IDP.
	AuthURL string `yaml:"auth_url" envconfig:"OIDC_AUTH_URL"`

	// TokenURL specifies the token endpoint of the IDP. This is not needed for
	// an OpenID-Connect IDP.
	TokenURL string `yaml:"token_url" envconfig:"OIDC_TOKEN_URL"`

	// UserinfoURL specifies the userinfo endpoint of the IDP. This is not
	// needed for an OpenID-Connect IDP.
	UserinfoURL string `yaml:"userinfo_url" envconfig:"OIDC_USERINFO_URL"`

	// Scopes specifies the scopes to request. This is required.
	Scopes string `yaml:"scopes" envconfig:"OIDC_SCOPES"`

	// SharedSecretFilename specifies a file containing one or more secrets
	// which are used so that multiple instances of the web application can
	// trust each others authN cookies. If this is not specified then a
	// secret is generated when the application starts up, which will cause
	// existing authN cookies to be invalidated. If the file is empty then a
	// secret is generated and written to the file, so that existing authN
	// cookies are not invalidated upon restart.
	SharedSecretFilename string `yaml:"shared_secret_filename" envconfig:"OIDC_SHARED_SECRET_FILENAME"`
}

Config specifies the client OpenID-Connect/OAuth2 configuration.

type Params

type Params struct {
	// AddHeaders specifies whether to add authentication headers to requests.
	// This can be useful if the HTTP request is forwarded to another server
	// (such as when using this package in a reverse authenticating proxy).
	AddHeaders bool

	// Handler specifies the HTTP handler for the application. This is only
	// used when the user is authenticated.
	Handler http.Handler

	// Logger specifies the logger to use.
	Logger log.DebugLogger
}

Params specifies runtime parameters.