openId

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

README

openId

A common library used by the various implemented flows described on the link below.

(Microsoft's view on OpenId)https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols

Currently implemented flows:

  • clientCredentialsFlow
  • deviceCodeFlow

Related packages

  • auth/clientCredentialsFlow
  • auth/deviceCodeFlow
  • auth/oauthMiddleware

Sample configuration for Azure Active Directory (openid.authCfg.go)

{
    "OpenidWellKnownConfigUrl":"https://login.microsoftonline.com/TENANT/v2.0/.well-known/openid-configuration",
    "ClientId":"CLIENT ID FOR YOUR SERVICE PRINCIPAL",
    "Scope":"api://SERVICE PRINCIPAL API FROM THE AZURE PORTAL/user_impersonation openid",
    "Audience":"CLIENT ID FOR YOUR SERVICE PRINCIPAL",
    "SecretSubdir":"name of preferred subdirectory under your home dir",
    "SecretFile":"name of file to store the token in"
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthCfg 

type AuthCfg struct {
	OpenidWellKnownConfigUrl string `json:"OpenidWellKnownConfigUrl"`
	OpenIdClientId           string `json:"ClientId"`
	OpenIdScope              string `json:"Scope"`
	OpenIdAudience           string `json:"Audience"`
	OpenIdSecretSubdir       string `json:"SecretSubdir"`
	OpenIdSecretFile         string `json:"SecretFile"`
}

AuthCfg drives the oauth flows, and determines where the token is stored

func NewAuthCfg 

func NewAuthCfg(openidConfigurationUrl, clientId, scope, audience, secretSubdir, secretFile string) AuthCfg

build AuthCfg object from parameters

func NewAuthCfgFromFile 

func NewAuthCfgFromFile(filename string) (*AuthCfg, error)

build AuthCfg object from a json formatted file

func (*AuthCfg) Audience 

func (ac *AuthCfg) Audience() string

func (*AuthCfg) ClientId 

func (ac *AuthCfg) ClientId() string

func (*AuthCfg) OpenidConfigurationUrl 

func (ac *AuthCfg) OpenidConfigurationUrl() string

func (*AuthCfg) Scope 

func (ac *AuthCfg) Scope() string

func (*AuthCfg) SecretFile 

func (ac *AuthCfg) SecretFile() string

func (*AuthCfg) SecretSubdir 

func (ac *AuthCfg) SecretSubdir() string

type JsonWebKeys 

type JsonWebKeys struct {
	Kty string   `json:"kty"`
	Kid string   `json:"kid"`
	Use string   `json:"use"`
	Alg string   `json:"alg"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	X5c []string `json:"x5c"`
}

Individual jsonwebkeys in the result from a call to the OpenId jwks_uri endpoint

type Jwks 

type Jwks struct {
	Keys []JsonWebKeys `json:"keys"`
}

map of jsonwebkeys to contain the result from a call to the OpenId jwks_uri endpoint

func (*Jwks) ExtractPublicKeyMatchingToken 

func (jwks *Jwks) ExtractPublicKeyMatchingToken(logger logger.LoggerInterface, token *jwt.Token) (pubkey *rsa.PublicKey, err error)

Extract the public key from the array of jsonwebkeys provided at oic.JwksURI() using matching the token key id

type OpenidConfiguration 

type OpenidConfiguration struct {
	Issuer                                string   `json:"issuer"`
	Authorization_endpoint                string   `json:"authorization_endpoint"`
	Token_endpoint                        string   `json:"token_endpoint"`
	Device_authorization_endpoint         string   `json:"device_authorization_endpoint"`
	Userinfo_endpoint                     string   `json:"userinfo_endpoint"`
	Mfa_challenge_endpoint                string   `json:"mfa_challenge_endpoint"`
	Jwks_uri                              string   `json:"jwks_uri"`
	Registration_endpoint                 string   `json:"registration_endpoint"`
	Revocation_endpoint                   string   `json:"revocation_endpoint"`
	Scopes_supported                      []string `json:"scopes_supported"`
	Response_types_supported              []string `json:"response_types_supported"`
	Code_challenge_methods_supported      []string `json:"code_challenge_methods_supported"`
	Response_modes_supported              []string `json:"response_modes_supported"`
	Subject_types_supported               []string `json:"subject_types_supported"`
	Id_token_signing_alg_values_supported []string `json:"id_token_signing_alg_values_supported"`
	Token_endpoint_auth_methods_supported []string `json:"token_endpoint_auth_methods_supported"`
	Claims_supported                      []string `json:"claims_supported"`
	Request_url_parameter_supported       bool     `json:"request_url_parameter_supported"`
}

OpenidConfiguration is a struct to contain the result received from an OpenId well_known endpoint

func NewOpenIdConfigurationFromURL 

func NewOpenIdConfigurationFromURL(ctx context.Context, logger logger.LoggerInterface, wellKnownOpenidConfigurationUrl string) (oic *OpenidConfiguration, err error)

build a new OpenidConfiguration by calling out to the openId well known endpoint

func (*OpenidConfiguration) DeviceAuthEndpointURL 

func (oic *OpenidConfiguration) DeviceAuthEndpointURL() string

return object value for...

func (*OpenidConfiguration) Get 

func (oic *OpenidConfiguration) Get() ([]byte, error)

return object value for...

func (*OpenidConfiguration) IssuerURL 

func (oic *OpenidConfiguration) IssuerURL() string

return object value for...

func (*OpenidConfiguration) JwksURI 

func (oic *OpenidConfiguration) JwksURI() string

return object value for...

func (*OpenidConfiguration) TokenEndpointURL 

func (oic *OpenidConfiguration) TokenEndpointURL() string

return object value for...

func (*OpenidConfiguration) UserinfoURL 

func (oic *OpenidConfiguration) UserinfoURL() string

type Userinfo 

type Userinfo struct {
	Sub                   string            `json:"sub"`
	Name                  string            `json:"name"`
	Given_name            string            `json:"given_name"`
	Family_name           string            `json:"family_name"`
	Middle_name           string            `json:"middle_name"`
	Nickname              string            `json:"nickname"`
	Preferred_username    string            `json:"preferred_username"`
	Profile               string            `json:"profile"`
	Picture               string            `json:"picture"`
	Website               string            `json:"website"`
	Email                 string            `json:"email"`
	Email_verified        bool              `json:"email_verified"`
	Gender                string            `json:"gender"`
	Birthdate             string            `json:"birthdate"`
	Zoneinfo              string            `json:"zoneinfo"`
	Locale                string            `json:"locale"`
	Phone_number          string            `json:"phone_number"`
	Phone_number_verified bool              `json:"phone_number_verified"`
	Address               map[string]string `json:"address"`
	Updated_at            string            `json:"updated_at"`
}

userinfo is a struct to receive the result from the url provided by the OpenId well_known endpoint

func NewUserInfo 

func NewUserInfo(ctx context.Context, logger logger.LoggerInterface, userinfoURL, tokenType, accessToken string) (ui *Userinfo, err error)

makes an authenticated call out to an openId userinfo url and returns a userinfo object

type UserinfoMap 

type UserinfoMap struct {
	// contains filtered or unexported fields
}

cache of email address to an openId userinfo record

func New 

func New() *UserinfoMap

Build a new map of userinfo to reduce calls to the openId endpoint

func (*UserinfoMap) Get 

func (um *UserinfoMap) Get(ctx context.Context, logger logger.LoggerInterface, userinfoURL, tokenType, accessToken string) (u *Userinfo, err error)

Check our map for the userinfoURL contents; if cache miss call out to get the details

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.