github

Documentation

Index

• Constants
• type Provider
  • func NewProvider(ctx context.Context, conf config.Config, httpClient *http.Client) (*Provider, error)
  • func (p *Provider) CheckUser(ctx context.Context, state state.State, userData types.UserData, ...) error
  • func (p *Provider) GetName() string
  • func (p *Provider) GetProviderConfig(conf config.Config) (types.ProviderConfig, error)
  • func (p *Provider) GetRefreshToken(tokens *oidc.Tokens[*idtoken.Claims]) string
  • func (p *Provider) GetUser(ctx context.Context, _ *slog.Logger, tokens *oidc.Tokens[*idtoken.Claims]) (types.UserData, error)
  • func (p *Provider) Refresh(_ context.Context, _ *slog.Logger, _ rp.RelyingParty, refreshToken string) (*oidc.Tokens[*idtoken.Claims], error)
  • func (p *Provider) RevokeRefreshToken(_ context.Context, _ *slog.Logger, _ rp.RelyingParty, _ string) error

Constants

const Name = "github"

Types

type Provider

type Provider struct {
	*generic.Provider
	// contains filtered or unexported fields
}

func NewProvider

func NewProvider(ctx context.Context, conf config.Config, httpClient *http.Client) (*Provider, error)

func (*Provider) CheckUser

func (p *Provider) CheckUser(
	ctx context.Context, state state.State, userData types.UserData, tokens *oidc.Tokens[*idtoken.Claims],
) error

CheckUser implements the github.com/JustARegularUsername/openvpn-auth-oauth2/internal/oauth2.Provider interface. It checks if mets specific GitHub related conditions.

func (*Provider) GetName

func (p *Provider) GetName() string

func (*Provider) GetProviderConfig

func (p *Provider) GetProviderConfig(conf config.Config) (types.ProviderConfig, error)

GetProviderConfig implements the github.com/JustARegularUsername/openvpn-auth-oauth2/internal/oauth2.Provider interface. It returns the OAuth2 GitHub endpoints.GitHub, since GitHub does not support OIDC discovery.

func (*Provider) GetRefreshToken

func (p *Provider) GetRefreshToken(tokens *oidc.Tokens[*idtoken.Claims]) string

GetRefreshToken returns the oauth2.Token.AccessToken of the user, since it does not expire. OAuth2 App on GitHub doesn't provide a refresh token.

func (*Provider) GetUser

func (p *Provider) GetUser(ctx context.Context, _ *slog.Logger, tokens *oidc.Tokens[*idtoken.Claims]) (types.UserData, error)

func (*Provider) Refresh

func (p *Provider) Refresh(_ context.Context, _ *slog.Logger, _ rp.RelyingParty, refreshToken string) (*oidc.Tokens[*idtoken.Claims], error)

Refresh use the oauth2.Token.AccessToken from initial authentication and call the REST API if the user is still present inside the required groups.

func (*Provider) RevokeRefreshToken

func (p *Provider) RevokeRefreshToken(_ context.Context, _ *slog.Logger, _ rp.RelyingParty, _ string) error