Documentation ¶
Index ¶
- type Config
- type Provider
- func (p *Provider) AuthorizeHandler(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) AuthorizeResponse(rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, ...)
- func (p *Provider) CheckSessionIframeHandler(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) EndSessionHandler(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) ErrorPage(rw http.ResponseWriter, code int, title string, message string)
- func (p *Provider) Found(rw http.ResponseWriter, uri *url.URL, params interface{}, asFragment bool)
- func (p *Provider) GetAccessTokenClaimsFromRequest(req *http.Request) (*konnect.AccessTokenClaims, error)
- func (p *Provider) GetSigningKey(signingMethod jwt.SigningMethod) (*SigningKey, bool)
- func (p *Provider) GetValidationKey(id string) (crypto.PublicKey, bool)
- func (p *Provider) InitializeMetadata() error
- func (p *Provider) JwksHandler(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) LoginRequiredPage(rw http.ResponseWriter, req *http.Request, uri *url.URL)
- func (p *Provider) MakeAccessToken(ctx context.Context, audience string, auth identity.AuthRecord) (string, error)
- func (p *Provider) PublicSubjectFromAuth(auth identity.AuthRecord) (string, error)
- func (p *Provider) RegisterManagers(mgrs *managers.Managers) error
- func (p *Provider) RegistrationHandler(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) ServeHTTP(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) SetSigningKey(id string, key crypto.Signer) error
- func (p *Provider) SetSigningMethod(signingMethod jwt.SigningMethod) error
- func (p *Provider) SetValidationKey(id string, key crypto.PublicKey) error
- func (p *Provider) TokenHandler(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) UserInfoHandler(rw http.ResponseWriter, req *http.Request)
- func (p *Provider) WellKnownHandler(rw http.ResponseWriter, req *http.Request)
- type SigningKey
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Config *config.Config IssuerIdentifier string WellKnownPath string JwksPath string AuthorizationPath string TokenPath string UserInfoPath string EndSessionPath string CheckSessionIframePath string RegistrationPath string BrowserStateCookiePath string BrowserStateCookieName string SessionCookiePath string SessionCookieName string AccessTokenDuration time.Duration IDTokenDuration time.Duration RefreshTokenDuration time.Duration }
Config defines a Provider's configuration settings.
type Provider ¶
type Provider struct { Config *Config // contains filtered or unexported fields }
Provider defines an OIDC provider with the handlers for the OIDC endpoints.
func NewProvider ¶
NewProvider returns a new Provider.
func (*Provider) AuthorizeHandler ¶
func (p *Provider) AuthorizeHandler(rw http.ResponseWriter, req *http.Request)
AuthorizeHandler implements the HTTP authorization endpoint for OpenID Connect 1.0 as specified at http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthorizationEndpoint
Currently AuthorizeHandler implements only the Implicit Flow as specified at http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth
func (*Provider) AuthorizeResponse ¶
func (p *Provider) AuthorizeResponse(rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, auth identity.AuthRecord, err error)
AuthorizeResponse writes the result according to the provided parameters to the provided http.ResponseWriter.
func (*Provider) CheckSessionIframeHandler ¶
func (p *Provider) CheckSessionIframeHandler(rw http.ResponseWriter, req *http.Request)
CheckSessionIframeHandler implements the HTTP endpoint for OP iframe with OpenID Connect Session Management 1.0 as specified at https://openid.net/specs/openid-connect-session-1_0.html#OPiframe
func (*Provider) EndSessionHandler ¶
func (p *Provider) EndSessionHandler(rw http.ResponseWriter, req *http.Request)
EndSessionHandler implements the HTTP endpoint for RP initiated logout with OpenID Connect Session Management 1.0 as specified at https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
func (*Provider) Found ¶
Found writes a HTTP 302 to the provided ResponseWriter with the appropriate Location header creates from the other parameters.
func (*Provider) GetAccessTokenClaimsFromRequest ¶
func (p *Provider) GetAccessTokenClaimsFromRequest(req *http.Request) (*konnect.AccessTokenClaims, error)
GetAccessTokenClaimsFromRequest reads incoming request, validates the access token and returns the validated claims.
func (*Provider) GetSigningKey ¶
func (p *Provider) GetSigningKey(signingMethod jwt.SigningMethod) (*SigningKey, bool)
GetSigningKey returns a matching signing key for the provided signing method.
func (*Provider) GetValidationKey ¶
GetValidationKey returns the validation key for the provided id.
func (*Provider) InitializeMetadata ¶
InitializeMetadata creates the accociated providers meta data document. Call this once all other settings at the provider have been done.
func (*Provider) JwksHandler ¶
func (p *Provider) JwksHandler(rw http.ResponseWriter, req *http.Request)
JwksHandler implements the HTTP provider JWKS endpoint for OpenID provider metadata used with OpenID Connect Discovery 1.0 as specified at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
func (*Provider) LoginRequiredPage ¶
LoginRequiredPage writes a HTTP 30 to the provided ResponseWrite with the URL of the provided request (set to the scheme and host of issuer) as continue parameter.
func (*Provider) MakeAccessToken ¶
func (p *Provider) MakeAccessToken(ctx context.Context, audience string, auth identity.AuthRecord) (string, error)
MakeAccessToken implements the oidc.AccessTokenProvider interface.
func (*Provider) PublicSubjectFromAuth ¶
func (p *Provider) PublicSubjectFromAuth(auth identity.AuthRecord) (string, error)
PublicSubjectFromAuth creates the provideds auth Subject value with the accociated provider. This subject can be used as URL safe value to uniquely identify the provided auth user with remote systems.
func (*Provider) RegisterManagers ¶
RegisterManagers registers the provided managers from the
func (*Provider) RegistrationHandler ¶
func (p *Provider) RegistrationHandler(rw http.ResponseWriter, req *http.Request)
RegistrationHandler implements the HTTP endpoint for client self registration with OpenID Connect Registration 1.0 as specified at https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration
func (*Provider) ServeHTTP ¶
func (p *Provider) ServeHTTP(rw http.ResponseWriter, req *http.Request)
ServerHTTP implements the http.HandlerFunc interface.
func (*Provider) SetSigningKey ¶
SetSigningKey sets the provided signer as key for token signing with the provided id as key id. The public key of the provided signer is also added as validation key with the same key id.
func (*Provider) SetSigningMethod ¶
SetSigningMethod sets the provided signing method as default signing method of the associated provider.
func (*Provider) SetValidationKey ¶
SetValidationKey sets the provider public key as validation key for token validation for tokens with the provided key.
func (*Provider) TokenHandler ¶
func (p *Provider) TokenHandler(rw http.ResponseWriter, req *http.Request)
TokenHandler implements the HTTP token endpoint for OpenID Connect 1.0 as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
func (*Provider) UserInfoHandler ¶
func (p *Provider) UserInfoHandler(rw http.ResponseWriter, req *http.Request)
UserInfoHandler implements the HTTP userinfo endpoint for OpenID Connect 1.0 as specified at https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
func (*Provider) WellKnownHandler ¶
func (p *Provider) WellKnownHandler(rw http.ResponseWriter, req *http.Request)
WellKnownHandler implements the HTTP provider configuration endpoint for OpenID Connect 1.0 as specified at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
type SigningKey ¶
A SigningKey bundles a signer with meta data and a signign method.