oidc

package
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 22, 2016 License: Apache-2.0, Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MaximumProviderConfigSyncInterval = 24 * time.Hour
	MinimumProviderConfigSyncInterval = time.Minute
)

Variables

View Source
var (
	DefaultScope = []string{"openid", "email", "profile"}
)

Functions

func ExtractBearerToken

func ExtractBearerToken(r *http.Request) (string, error)

ExtractBearerToken is a RequestTokenExtractor which extracts a bearer token from a request's Authorization header.

func GenClientID

func GenClientID(hostport string) (string, error)

func NewClaims

func NewClaims(iss, sub string, aud interface{}, iat, exp time.Time) jose.Claims

func NewHTTPProviderConfigGetter

func NewHTTPProviderConfigGetter(hc phttp.Client, issuerURL string) *httpProviderConfigGetter

func NewRemotePublicKeyRepo

func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo

func VerifyClaims

func VerifyClaims(jwt jose.JWT, issuer, clientID string) error

Verify claims in accordance with OIDC spec http://openid.net/specs/openid-connect-basic-1_0.html#IDTokenValidation

func VerifyClientClaims

func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error)

VerifyClientClaims verifies all the required claims are valid for a "client credentials" JWT. Returns the client ID if valid, or an error if invalid.

func VerifySignature

func VerifySignature(jwt jose.JWT, keys []key.PublicKey) (bool, error)

Types

type AuthenticatedTransport

type AuthenticatedTransport struct {
	TokenRefresher
	http.RoundTripper
	// contains filtered or unexported fields
}

func (*AuthenticatedTransport) RoundTrip

func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error)

type Client

type Client struct {
	// contains filtered or unexported fields
}

func NewClient

func NewClient(cfg ClientConfig) (*Client, error)

func (*Client) ClientCredsToken

func (c *Client) ClientCredsToken(scope []string) (jose.JWT, error)

func (*Client) ExchangeAuthCode

func (c *Client) ExchangeAuthCode(code string) (jose.JWT, error)

ExchangeAuthCode exchanges an OAuth2 auth code for an OIDC JWT ID token.

func (*Client) Healthy

func (c *Client) Healthy() error

func (*Client) OAuthClient

func (c *Client) OAuthClient() (*oauth2.Client, error)

func (*Client) RefreshToken

func (c *Client) RefreshToken(refreshToken string) (jose.JWT, error)

RefreshToken uses a refresh token to exchange for a new OIDC JWT ID Token.

func (*Client) SyncProviderConfig

func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{}

func (*Client) VerifyJWT

func (c *Client) VerifyJWT(jwt jose.JWT) error

type ClientConfig

type ClientConfig struct {
	HTTPClient     phttp.Client
	Credentials    ClientCredentials
	Scope          []string
	RedirectURL    string
	ProviderConfig ProviderConfig
	KeySet         key.PublicKeySet
}

type ClientCredentials

type ClientCredentials oauth2.ClientCredentials

type ClientCredsTokenRefresher

type ClientCredsTokenRefresher struct {
	Issuer     string
	OIDCClient *Client
}

func (*ClientCredsTokenRefresher) Refresh

func (c *ClientCredsTokenRefresher) Refresh() (jwt jose.JWT, err error)

func (*ClientCredsTokenRefresher) Verify

func (c *ClientCredsTokenRefresher) Verify(jwt jose.JWT) (err error)

type ClientIdentity

type ClientIdentity struct {
	Credentials ClientCredentials
	Metadata    ClientMetadata
}

type ClientMetadata

type ClientMetadata struct {
	RedirectURLs []url.URL
}

func (*ClientMetadata) Valid

func (m *ClientMetadata) Valid() error

type Identity

type Identity struct {
	ID        string
	Name      string
	Email     string
	ExpiresAt time.Time
}

func IdentityFromClaims

func IdentityFromClaims(claims jose.Claims) (*Identity, error)

type JWTVerifier

type JWTVerifier struct {
	// contains filtered or unexported fields
}

func NewJWTVerifier

func NewJWTVerifier(issuer, clientID string, syncFunc func() error, keysFunc func() []key.PublicKey) JWTVerifier

func (*JWTVerifier) Verify

func (v *JWTVerifier) Verify(jwt jose.JWT) error

type LoginFunc

type LoginFunc func(ident Identity, sessionKey string) (redirectURL string, err error)

type ProviderConfig

type ProviderConfig struct {
	Issuer                            string    `json:"issuer"`
	AuthEndpoint                      string    `json:"authorization_endpoint"`
	TokenEndpoint                     string    `json:"token_endpoint"`
	KeysEndpoint                      string    `json:"jwks_uri"`
	ResponseTypesSupported            []string  `json:"response_types_supported"`
	GrantTypesSupported               []string  `json:"grant_types_supported"`
	SubjectTypesSupported             []string  `json:"subject_types_supported"`
	IDTokenAlgValuesSupported         []string  `json:"id_token_alg_values_supported"`
	TokenEndpointAuthMethodsSupported []string  `json:"token_endpoint_auth_methods_supported"`
	ExpiresAt                         time.Time `json:"-"`
}

func FetchProviderConfig

func FetchProviderConfig(hc phttp.Client, issuerURL string) (ProviderConfig, error)

func WaitForProviderConfig

func WaitForProviderConfig(hc phttp.Client, issuerURL string) (pcfg ProviderConfig)

func (ProviderConfig) Empty

func (p ProviderConfig) Empty() bool

func (ProviderConfig) SupportsGrantType

func (p ProviderConfig) SupportsGrantType(grantType string) bool

type ProviderConfigGetter

type ProviderConfigGetter interface {
	Get() (ProviderConfig, error)
}

type ProviderConfigSetter

type ProviderConfigSetter interface {
	Set(ProviderConfig) error
}

type ProviderConfigSyncer

type ProviderConfigSyncer struct {
	// contains filtered or unexported fields
}

func (*ProviderConfigSyncer) Run

func (s *ProviderConfigSyncer) Run() chan struct{}

type RequestTokenExtractor

type RequestTokenExtractor func(r *http.Request) (string, error)

RequestTokenExtractor funcs extract a raw encoded token from a request.

func CookieTokenExtractor

func CookieTokenExtractor(cookieName string) RequestTokenExtractor

CookieTokenExtractor returns a RequestTokenExtractor which extracts a token from the named cookie in a request.

type TokenRefresher

type TokenRefresher interface {
	// Verify checks if the provided token is currently valid or not.
	Verify(jose.JWT) error

	// Refresh attempts to authenticate and retrieve a new token.
	Refresh() (jose.JWT, error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL