oidc

package
v0.0.0-...-0490640 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2019 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAuthenticator

func NewAuthenticator(
	issuer, clientID string,
	upstream *url.URL,
	skipExpiry bool,
	retrySeconds time.Duration,
	serviceCerts *certs.ServiceCerts,
	logger *zap.Logger) (authenticator.Authenticator, error)

NewAuthenticator returns an oidc authenticator that does full ID token validation using the provider's pub keys.

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator is used for configuring oidc authenticators

func (*Authenticator) Authenticate

func (a *Authenticator) Authenticate(r *http.Request) (authenticator.Requestor, error)

Authenticate processes the passed request, validating its ID token in the `Authorization: Bearer XY` header using the provider configured in `Open()`. This will check the issuer

type Config

type Config struct {
	Issuer   string `json:"issuer"`
	ClientID string `json:"client_id"`
}

Config is used for configuring oidc authenticators

func (*Config) Open

func (c *Config) Open(upstream *url.URL, serviceCerts *certs.ServiceCerts,
	logger *zap.Logger) (authenticator.Authenticator, error)

Open returns an OIDC authenticator for the configured settings

type DexIDToken

type DexIDToken interface {
	Claims(interface{}) error
	Subject() string
}

DexIDToken has a set of claims, and a subject

type IDTokenVerifier

type IDTokenVerifier interface {
	Verify(ctx context.Context, rawIDToken string) (DexIDToken, error)
}

IDTokenVerifier abstracts oidc.IDTokenVerifier (which is a struct) so we can pass a mock verifier for tests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL