Documentation ¶
Index ¶
Constants ¶
const ( // AuthUserKey stores the authenticated user's login (username or email) in this context key AuthUserKey string = "user" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // ClientID is the OAUTH2 Client ID // Default value is: (read from OS ENV: OAUTH2_CLIENT_ID) ClientID string // ClientSecret is the OAUTH2 Client Secret // Default value is: (read from OS ENV: OAUTH2_CLIENT_SECRET) ClientSecret string // IssuerURL is the root URL to theIdentity Provider // Default value is: (read from OS ENV: OIDC_ISSUER_URL) IssuerURL string // RedirectURL is the path that the Identity Provider will redirect clients to // Default value is: (read from OS ENV: OIDC_REDIRECT_URL) RedirectURL string // Scopes is a list of OIDC Scopes to request. // Default value is: []string{oidc.ScopeOpenID, "profile", "email"} Scopes []string // LoginClaim is the OIDC claim to map to the user's login (username) // Default value is: "email" LoginClaim string // SessionClaims is the list of OIDC claims to add to the user's session (in addition to LoginClaim) // Example []string{"email", "givenName", "name"} // NOTE: This can be set to ["*"] to load *all* claims. (nonce will be excluded) // Default value is: ["*"] SessionClaims []string // SessionPrefix is an optional prefix string to prefix to the claims (i.e. google: or corp:) to prevent // clashes in the session namespace // Default value is: "" SessionPrefix string // DefaultAuthenticatedURL is the URL to redirect a user to after successful authentication. By default, we will // try to determine where they were when they requested to login and send them back there. // Default value is: "/" DefaultAuthenticatedURL string // LogoutURL is the URL to redirect a user to after logging out. // NOTE: If you require / to be authenticated, setting this to / will start the login process immediately, which may not be desirable. // Default value is: "/" LogoutURL string }
Config represents available options for oidcauth.
func DefaultConfig ¶
func DefaultConfig() (c *Config)
DefaultConfig will create a new config object with defaults NOTE: This matches the examples on https://github.com/coreos/go-oidc/tree/v3/example
func ExampleConfigDex ¶ added in v0.2.0
func ExampleConfigDex() (c *Config)
ExampleConfigDex will return the config for a default DEX IdP example-app DEX: https://github.com/dexidp/dex
func ExampleConfigGoogle ¶ added in v0.2.0
func ExampleConfigGoogle() (c *Config)
ExampleConfigGoogle will return the config for the Google Accounts IdP like the go-oidc examples go-oidc google example: https://github.com/coreos/go-oidc/tree/v3/example
func (*Config) GetOidcAuth ¶
GetOidcAuth returns the configured OIDC authentication controller
type OidcAuth ¶
type OidcAuth struct { Debug bool // DUMP oidc paramters as JSON instead of redirecting // contains filtered or unexported fields }
OidcAuth handles OIDC Authentication
func GetOidcAuth ¶
GetOidcAuth returns the configured OIDC authentication controller
func (*OidcAuth) AuthCallback ¶
AuthCallback will handle the authentication callback (redirect) from the Identity Provider
This is the part that actually "does" the authentication.
func (*OidcAuth) AuthRequired ¶
func (o *OidcAuth) AuthRequired() gin.HandlerFunc
AuthRequired middleware requires OIDC authentication BE CAREFUL Adding this to / (or the top level router)