Documentation ¶
Index ¶
- Constants
- Variables
- type Clock
- type Config
- type IDTokenClaims
- type Keypair
- type MockOIDC
- func (m *MockOIDC) Attach(router *mux.Router)
- func (m *MockOIDC) AuthorizationEndpoint() string
- func (m *MockOIDC) Authorize(rw http.ResponseWriter, req *http.Request)
- func (m *MockOIDC) Config() *Config
- func (m *MockOIDC) Discovery(rw http.ResponseWriter, _ *http.Request)
- func (m *MockOIDC) DiscoveryEndpoint() string
- func (m *MockOIDC) Issuer() string
- func (m *MockOIDC) JWKS(rw http.ResponseWriter, _ *http.Request)
- func (m *MockOIDC) JWKSEndpoint() string
- func (m *MockOIDC) Token(rw http.ResponseWriter, req *http.Request)
- func (m *MockOIDC) TokenEndpoint() string
- func (m *MockOIDC) Userinfo(rw http.ResponseWriter, req *http.Request)
- func (m *MockOIDC) UserinfoEndpoint() string
- type MockOIDCManager
- type MockUser
- type Provider
- type Session
- type SessionStore
- type SystemClock
- type User
Constants ¶
View Source
const ( IssuerBase = "" AuthorizationEndpoint = "/authorize" TokenEndpoint = "/token" UserinfoEndpoint = "/userinfo" JWKSEndpoint = "/.well-known/jwks.json" DiscoveryEndpoint = "/.well-known/openid-configuration" InvalidRequest = "invalid_request" InvalidClient = "invalid_client" InvalidGrant = "invalid_grant" UnsupportedGrantType = "unsupported_grant_type" InvalidScope = "invalid_scope" InternalServerError = "internal_server_error" )
View Source
const DefaultKey = `MIIEowIBAAKCAQEAtI1Jf2zmfwLzpAjVarORtjKtmCHQtgNxqWDdVNVa` +
`gCb092tLrBRv0fTfHIJG-YpmmTrRN5yKax9bI3oSYNZJufAN3gu4TIrlLoFv6npC-k3rK-s` +
`biD2m0iz9duxe7uVSEHCJlcMas86Wa-VGBlAZQpnqh2TlaHXhyVbm-gHFGU0u26Pgv5Esw2` +
`DEwRh0l7nK1ygg8dL_NNdtnaxTYhWAVPo4Vqcl2a9n-bs65maK02IgBLpaLRUtjfjSIV17Y` +
`Bzlr6ekr7GwkDTD79d3Uc2GSSGzWqKlFtXmM9cFkfGGOYcaQLoELbkxaGfLmKI53HIxXUK2` +
`8JjVCxITGl60u_Z5bQIDAQABAoIBADzUXS7RQdcI540cbMrGNRFtgY7_1ZF9F445VFiAiT0` +
`j4uR5AcW4HPRfy8uPGNp6BpcZeeOCmh_9MHeDaS23BJ_ggMuOp0kigpRoh4w4JNiv58ukKm` +
`J8YvfssHigqltSZ5OiVrheQ2DQ-Vzgofb-hYQq1xlGpQPMs4ViAe-5KO6cwXYTL3j7PXAtE` +
`34Cl6JW36dd2U4G7EeEK8inq-zCg6U0mtyudz-6YicOLXaNKmJaSUn8pWuWqUd14mpqgo54` +
`l46mMx9d_HmG45jpMUam7qVYQ9ixtRp3vCUp5k4aSgigX0dn8pv3TGpSyq_t6g93DtMlXDY` +
`9rUjgQ3w5Y8L-kAECgYEAz0sCr--a-rXHzLDdRpsI5nzYqpwB8GOJKTADrkil_F1PfQ3SAq` +
`Gtb4ioQNO054WQYHzZFryh4joTiOkmlgjM0k8eRJ4442ayJe6vm_apxWGkAiS0szooyUpH4` +
`OqVwUaDjA7yF3PBuMc1Ub65EQU9mcsEBVdlNO_hfF_1C2LupPECgYEA3vnCJYp1MYy7zUSo` +
`v70UTP_P01J5kIFYzY4VHRI4C0xZG4w_wjgsnYbGT1n9r14W_i7EhEV1R0SxmbnrbfSt31n` +
`iZfCfzl-jq7v_q0-6gm51y1sm68jdFSgwxcRKbD41jP3BUNrfQhJdpB2FbSNAHQSng0XLVF` +
`fhDGFnzn277D0CgYAZ5glD6e-2-xcnX8GFnMET6u03A57KZeUxHCqZj8INMatIuH1QjtqYY` +
`L6Euu6TLoDHTVHiIVcoaJEgPeDwRdExRWlGsW3yG1aOnq-aEMtNOdG_4s4gxldqLrmkRCrJ` +
`pwGwcf2VKIU_jMQAno-IrNrxaAfskuq2HnJRk7uN3KJsQQKBgQC0YCcGZ3NWmhpye1Bni3W` +
`YtHhS4y0kEP7dikraMZrUyPZsqpAJdZfh9t0F5C6sZtkC1qJyvh2ZgaCKUzR4xq7BN91Fyd` +
`n9ALFOg87Xrq-aQ_FWiG573wm5y8FoutnZppl7bOutlOF2eZT25krBdvqufs1kDFnn6Q9ND` +
`J8FFAGpoQKBgDMXVHVXNCJWO13_rwakBe4a9W_lbKuVX27wgCBcu3i_lGYjggm8GPkaWk14` +
`b-reOmP3tZyZxDyX2zFyjkJpu2SWd5TlAL59vP3dzx-uyj6boWCCZHxzepli5eHXOeVW-S-` +
`gwlCAF0U0n_XJ7Qhv0_SQnxSqT-D6V1-KbbeXnO7w`
Variables ¶
View Source
var ( GrantTypesSupported = []string{ "authorization_code", } ResponseTypesSupported = []string{ "code", } SubjectTypesSupported = []string{ "public", } IDTokenSigningAlgValuesSupported = []string{ "RS256", } TokenEndpointAuthMethodsSupported = []string{ "client_secret_basic", "client_secret_post", } ClaimsSupported = []string{ "sub", "email", "email_verified", "preferred_username", "phone_number", "address", "groups", "iss", "aud", "upn", } )
View Source
var ProviderADFS = Provider{ Type: "adfs", Issuer: "https://adfs.example.com", DiscoveryEndpoint: "https://adfs.example.com/.well-known/openid-configuration", AuthorizationEndpoint: "https://adfs.example.com/oauth2/authorize", TokenEndpoint: "https://adfs.example.com/oauth2/token", UserinfoEndpoint: "https://adfs.example.com/oauth2/userinfo", ScopesSupported: []string{"openid", "profile", "email"}, }
View Source
var ProviderFacebook = Provider{ Type: "facebook", Issuer: "https://www.facebook.com", AuthorizationEndpoint: "https://www.facebook.com/v11.0/dialog/oauth", TokenEndpoint: "https://graph.facebook.com/v11.0/oauth/access_token", UserinfoEndpoint: "https://graph.facebook.com/v11.0/me", ScopesSupported: []string{"public_profile", "email"}, }
View Source
var ProviderGithub = Provider{ Type: "github", Issuer: "https://github.com", AuthorizationEndpoint: "https://github.com/login/oauth/authorize", TokenEndpoint: "https://github.com/login/oauth/access_token", UserinfoEndpoint: "https://api.github.com/user", ScopesSupported: []string{"read:user", "user:email"}, }
View Source
var ProviderGoogle = Provider{ Type: "google", Issuer: "https://accounts.google.com", DiscoveryEndpoint: "https://accounts.google.com/.well-known/openid-configuration", ScopesSupported: []string{"openid", "profile", "email"}, }
View Source
var ProviderLinkedIn = Provider{ Type: "linkedin", Issuer: "https://www.linkedin.com", AuthorizationEndpoint: "https://www.linkedin.com/oauth/v2/authorization", TokenEndpoint: "https://www.linkedin.com/oauth/v2/accessToken", UserinfoEndpoint: "https://api.linkedin.com/v2/me", ScopesSupported: []string{"r_liteprofile", "r_emailaddress"}, }
View Source
var SupportedProviders = []Provider{ ProviderGoogle, ProviderFacebook, ProviderGithub, ProviderLinkedIn, ProviderADFS, }
Functions ¶
This section is empty.
Types ¶
type IDTokenClaims ¶
type IDTokenClaims struct { // UPN is specific to the Azure AD OIDC implementation // https://github.com/authgear/authgear-server/blob/2f147b2e1d314f26d5980e8e70c1f52501545c82/pkg/lib/authn/sso/adfs.go#L96 UPN string `json:"upn,omitempty"` *jwt.RegisteredClaims }
type Keypair ¶
type Keypair struct { PrivateKey *rsa.PrivateKey PublicKey *rsa.PublicKey }
func DefaultKeypair ¶
func NewKeypair ¶
func NewKeypair(key *rsa.PrivateKey) (*Keypair, error)
type MockOIDC ¶
type MockOIDC struct { Provider Provider ClientID string ClientSecret string AccessTTL time.Duration RefreshTTL time.Duration CodeChallengeMethodsSupported []string Addr string Keypair *Keypair SessionStore *SessionStore Clock Clock }
func (*MockOIDC) AuthorizationEndpoint ¶
func (*MockOIDC) Authorize ¶
func (m *MockOIDC) Authorize(rw http.ResponseWriter, req *http.Request)
func (*MockOIDC) DiscoveryEndpoint ¶
func (*MockOIDC) JWKSEndpoint ¶
func (*MockOIDC) TokenEndpoint ¶
func (*MockOIDC) UserinfoEndpoint ¶
type MockOIDCManager ¶
type MockOIDCManager struct { Providers []Provider OIDCs []*MockOIDC Clock Clock Server *http.Server Keypair *Keypair }
func NewMockOIDCManager ¶
func NewMockOIDCManager() (*MockOIDCManager, error)
func (*MockOIDCManager) Addr ¶
func (m *MockOIDCManager) Addr() string
func (*MockOIDCManager) GetOIDC ¶
func (m *MockOIDCManager) GetOIDC(alias string) *MockOIDC
func (*MockOIDCManager) Shutdown ¶
func (m *MockOIDCManager) Shutdown()
type MockUser ¶
type MockUser struct { Subject string Email string EmailVerified bool PreferredUsername string Phone string }
func DefaultUser ¶
func DefaultUser() *MockUser
type SessionStore ¶
func NewSessionStore ¶
func NewSessionStore() *SessionStore
func (*SessionStore) GetSessionByID ¶
func (ss *SessionStore) GetSessionByID(id string) (*Session, error)
func (*SessionStore) GetSessionByToken ¶
func (ss *SessionStore) GetSessionByToken(token *jwt.Token) (*Session, error)
func (*SessionStore) NewSession ¶
type SystemClock ¶
type SystemClock struct{}
func NewSystemClock ¶
func NewSystemClock() *SystemClock
func (*SystemClock) NowMonotonic ¶
func (*SystemClock) NowMonotonic() time.Time
func (*SystemClock) NowUTC ¶
func (*SystemClock) NowUTC() time.Time
Click to show internal directories.
Click to hide internal directories.