Documentation
¶
Index ¶
- Constants
- type OpenIDConfig
- type Provider
- func (p *Provider) BeginAuth(state string) (goth.Session, error)
- func (p *Provider) Client() *http.Client
- func (p *Provider) Debug(debug bool)
- func (p *Provider) FetchUser(session goth.Session) (goth.User, error)
- func (p *Provider) Name() string
- func (p *Provider) RefreshToken(refreshToken string) (*oauth2.Token, error)
- func (p *Provider) RefreshTokenAvailable() bool
- func (p *Provider) RefreshTokenWithIDToken(refreshToken string) (*RefreshTokenResponse, error)
- func (p *Provider) SetName(name string)
- func (p *Provider) UnmarshalSession(data string) (goth.Session, error)
- type RefreshTokenResponse
- type Session
Constants ¶
const ( PreferredUsernameClaim = "preferred_username" EmailClaim = "email" NameClaim = "name" NicknameClaim = "nickname" PictureClaim = "picture" GivenNameClaim = "given_name" FamilyNameClaim = "family_name" AddressClaim = "address" // Unused but available to set in Provider claims MiddleNameClaim = "middle_name" ProfileClaim = "profile" WebsiteClaim = "website" EmailVerifiedClaim = "email_verified" GenderClaim = "gender" BirthdateClaim = "birthdate" ZoneinfoClaim = "zoneinfo" LocaleClaim = "locale" PhoneNumberClaim = "phone_number" PhoneNumberVerifiedClaim = "phone_number_verified" UpdatedAtClaim = "updated_at" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type OpenIDConfig ¶
type OpenIDConfig struct {
AuthEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserInfoEndpoint string `json:"userinfo_endpoint"`
// If OpenID discovery is enabled, the end_session_endpoint field can optionally be provided
// in the discovery endpoint response according to OpenID spec. See:
// https://openid.net/specs/openid-connect-session-1_0-17.html#OPMetadata
EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
Issuer string `json:"issuer"`
}
type Provider ¶
type Provider struct {
ClientKey string
Secret string
CallbackURL string
HTTPClient *http.Client
OpenIDConfig *OpenIDConfig
UserIdClaims []string
NameClaims []string
NickNameClaims []string
EmailClaims []string
AvatarURLClaims []string
FirstNameClaims []string
LastNameClaims []string
LocationClaims []string
SkipUserInfoRequest bool
// contains filtered or unexported fields
}
Provider is the implementation of `goth.Provider` for accessing OpenID Connect provider
func New ¶
func New(clientKey, secret, callbackURL, openIDAutoDiscoveryURL string, scopes ...string) (*Provider, error)
New creates a new OpenID Connect provider, and sets up important connection details. You should always call `openidConnect.New` to get a new Provider. Never try to create one manually. New returns an implementation of an OpenID Connect Authorization Code Flow See http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth ID Token decryption is not (yet) supported UserInfo decryption is not (yet) supported
func NewCustomisedURL ¶
func NewCustomisedURL(clientKey, secret, callbackURL, authURL, tokenURL, issuerURL, userInfoURL, endSessionEndpointURL string, scopes ...string) (*Provider, error)
NewCustomisedURL is similar to New(...) but can be used to set custom URLs hence omit the auto-discovery step
func NewNamed ¶
func NewNamed(name, clientKey, secret, callbackURL, openIDAutoDiscoveryURL string, scopes ...string) (*Provider, error)
NewNamed is similar to New(...) but can be used to set a custom name for the provider in order to use multiple OIDC providers
func (*Provider) BeginAuth ¶
BeginAuth asks the OpenID Connect provider for an authentication end-point.
func (*Provider) FetchUser ¶
FetchUser will use the id_token and access requested information about the user.
func (*Provider) RefreshToken ¶
RefreshToken get new access token based on the refresh token
func (*Provider) RefreshTokenAvailable ¶
RefreshTokenAvailable refresh token is provided by auth provider or not
func (*Provider) RefreshTokenWithIDToken ¶
func (p *Provider) RefreshTokenWithIDToken(refreshToken string) (*RefreshTokenResponse, error)
The ID token is a fundamental part of the OpenID connect refresh token flow but is not part of the OAuth flow. The existing RefreshToken function leverages the OAuth library's refresh token mechanism, ignoring the refreshed ID token. As a result, a new function needs to be exposed (rather than changing the existing function, for backwards compatibility purposes) that also returns the id_token in the OpenID refresh token flow API response Learn more about ID tokens: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
type RefreshTokenResponse ¶
type RefreshTokenResponse struct {
AccessToken string `json:"access_token"`
// The OpenID spec defines the ID token as an optional response field in the
// refresh token flow. As a result, a new ID token may not be returned in a successful
// response.
// See more: https://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken
IdToken string `json:"id_token, omitempty"`
// The OAuth spec defines the refresh token as an optional response field in the
// refresh token flow. As a result, a new refresh token may not be returned in a successful
// response.
// See more: https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/
RefreshToken string `json:"refresh_token,omitempty"`
}
type Session ¶
type Session struct {
AuthURL string
AccessToken string
RefreshToken string
ExpiresAt time.Time
IDToken string
}
Session stores data during the auth process with the OpenID Connect provider.
func (*Session) Authorize ¶
Authorize the session with the OpenID Connect provider and return the access token to be stored for future use.
func (Session) GetAuthURL ¶
GetAuthURL will return the URL set by calling the `BeginAuth` function on the OpenID Connect provider.
Source Files