oidc

Documentation

Index

• type Client
  • func (c *Client) AddECDSAKey(curve elliptic.Curve, x, y *big.Int, kid string)
  • func (c *Client) AddRSAKey(n *big.Int, e int, kid string)
  • func (c *Client) FetchPubKeys() error
  • func (c *Client) VerifyIDToken(token string) (email string, err error)
• type ErrExpired
  • func (e ErrExpired) Error() string

Types

type Client

type Client struct {
	Issuer       string
	ClientID     string
	DiscoveryURL string
	Validity     time.Duration
	// contains filtered or unexported fields
}

Client represents an openid connect client

func (*Client) AddECDSAKey

func (c *Client) AddECDSAKey(curve elliptic.Curve, x, y *big.Int, kid string)

AddECDSAKey adds an ECDSA public key to the Client object

func (*Client) AddRSAKey

func (c *Client) AddRSAKey(n *big.Int, e int, kid string)

AddRSAKey adds a RSA public key to the Client object

func (*Client) FetchPubKeys

func (c *Client) FetchPubKeys() error

FetchPubKeys gets JWKS URI from the discovery document Provider public keys are then fetched from JWKS URI This could potentially be a goroutine running periodically and syncing cached public keys

func (*Client) VerifyIDToken

func (c *Client) VerifyIDToken(token string) (email string, err error)

VerifyIDToken parses and validates the ID token received from the provider Apart from the signature validation, we care about the following fields: exp - token must not be expired iat - token must not be older than a duration(specified in the config) iss - must match issuer specified in the config aud - must match the clientID specified in the config email_verified - must be true nonce - must be validated by the client

type ErrExpired

type ErrExpired struct {
	// contains filtered or unexported fields
}

func (ErrExpired) Error

func (e ErrExpired) Error() string