Documentation ¶
Index ¶
- Constants
- Variables
- func AppendClaimsAuthenticationRequestParameter(opts []oauth2.AuthCodeOption, requestedClaims map[string]*oidc.Claim) []oauth2.AuthCodeOption
- func GetScopesOrDefault(scopes []string) []string
- func ImplicitFlowURL(c *oauth2.Config, state string, opts ...oauth2.AuthCodeOption) (string, error)
- func InferGrantType(oidcConf *OIDCConfiguration) string
- func OfflineAccess(scopes []string) bool
- type ClaimsRequest
- type ClientApp
- type OIDCConfiguration
- type Provider
Constants ¶
const ( GrantTypeAuthorizationCode = "authorization_code" GrantTypeImplicit = "implicit" ResponseTypeCode = "code" UserInfoResponseCachePrefix = "userinfo_response" AccessTokenCachePrefix = "access_token" )
Variables ¶
var InvalidRedirectURLError = fmt.Errorf("invalid return URL")
Functions ¶
func AppendClaimsAuthenticationRequestParameter ¶
func AppendClaimsAuthenticationRequestParameter(opts []oauth2.AuthCodeOption, requestedClaims map[string]*oidc.Claim) []oauth2.AuthCodeOption
AppendClaimsAuthenticationRequestParameter appends a OIDC claims authentication request parameter to `opts` with the `requestedClaims`
func GetScopesOrDefault ¶
func ImplicitFlowURL ¶
ImplicitFlowURL is an adaptation of oauth2.Config::AuthCodeURL() which returns a URL appropriate for an OAuth2 implicit login flow (as opposed to authorization code flow).
func InferGrantType ¶
func InferGrantType(oidcConf *OIDCConfiguration) string
InferGrantType infers the proper grant flow depending on the OAuth2 client config and OIDC configuration. Returns either: "authorization_code" or "implicit"
func OfflineAccess ¶
OfflineAccess returns whether or not 'offline_access' is a supported scope
Types ¶
type ClaimsRequest ¶
type ClientApp ¶
type ClientApp struct {
// contains filtered or unexported fields
}
func NewClientApp ¶
func NewClientApp(settings *settings.ArgoCDSettings, dexServerAddr string, dexTlsConfig *dex.DexTLSConfig, baseHRef string, cacheClient cache.CacheClient) (*ClientApp, error)
NewClientApp will register the Argo CD client app (either via Dex or external OIDC) and return an object which has HTTP handlers for handling the HTTP responses for login and callback
func (*ClientApp) GetUserInfo ¶ added in v2.10.0
func (a *ClientApp) GetUserInfo(actualClaims jwt.MapClaims, issuerURL, userInfoPath string) (jwt.MapClaims, bool, error)
GetUserInfo queries the IDP userinfo endpoint for claims
func (*ClientApp) HandleCallback ¶
func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request)
HandleCallback is the callback handler for an OAuth2 login flow
func (*ClientApp) HandleLogin ¶
func (a *ClientApp) HandleLogin(w http.ResponseWriter, r *http.Request)
HandleLogin formulates the proper OAuth2 URL (auth code or implicit) and redirects the user to the IDp login & consent page
type OIDCConfiguration ¶
type OIDCConfiguration struct { Issuer string `json:"issuer"` ScopesSupported []string `json:"scopes_supported"` ResponseTypesSupported []string `json:"response_types_supported"` GrantTypesSupported []string `json:"grant_types_supported,omitempty"` }
OIDCConfiguration holds a subset of interested fields from the OIDC configuration spec
func ParseConfig ¶
func ParseConfig(provider *gooidc.Provider) (*OIDCConfiguration, error)
ParseConfig parses the OIDC Config into the concrete datastructure
type Provider ¶
type Provider interface { Endpoint() (*oauth2.Endpoint, error) ParseConfig() (*OIDCConfiguration, error) Verify(tokenString string, argoSettings *settings.ArgoCDSettings) (*gooidc.IDToken, error) }
Provider is a wrapper around go-oidc provider to also provide the following features: 1. lazy initialization/querying of the provider 2. automatic detection of change in signing keys 3. convenience function for verifying tokens We have to initialize the provider lazily since Argo CD can be an OIDC client to itself (in the case of dex reverse proxy), which presents a chicken-and-egg problem of (1) serving dex over HTTP, and (2) querying the OIDC provider (ourself) to initialize the OIDC client.