oidc

package
v0.0.0-...-0d7515a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2025 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const IDTokenValidDuration = duration.Short

IDTokenValidDuration is the valid period of ID token. It can be short, since id_token_hint should accept expired ID tokens.

Variables

View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(MetadataProvider), "*"),
	wire.Struct(new(IDTokenIssuer), "*"),
	wire.Bind(new(IDTokenHintResolverIssuer), new(*IDTokenIssuer)),
	wire.Struct(new(IDTokenHintResolver), "*"),
	wire.Struct(new(UIInfoResolver), "*"),
	wire.Bind(new(UIInfoResolverIDTokenHintResolver), new(*IDTokenHintResolver)),
	wire.Struct(new(UIURLBuilder), "*"),
)
View Source 
var ErrInvalidCustomURI = apierrors.Invalid.WithReason("WebUIInvalidCustomURI")

Functions

func BuildCustomUIEndpoint 

func BuildCustomUIEndpoint(base string) (*url.URL, error)

func NewErrInvalidSettingsAction 

func NewErrInvalidSettingsAction(errMsg string) error

Types

type BaseURLProvider 

type BaseURLProvider interface {
	Origin() *url.URL
}

type EndpointsProvider 

type EndpointsProvider interface {
	Origin() *url.URL
	JWKSEndpointURL() *url.URL
	UserInfoEndpointURL() *url.URL
	EndSessionEndpointURL() *url.URL
}

type IDTokenHintResolver 

type IDTokenHintResolver struct {
	Issuer              IDTokenHintResolverIssuer
	Sessions            IDTokenHintResolverSessionProvider
	OfflineGrantService IDTokenHintResolverOfflineGrantService
}

func (*IDTokenHintResolver) ResolveIDTokenHint 

func (r *IDTokenHintResolver) ResolveIDTokenHint(ctx context.Context, client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.ListableSession, err error)

type IDTokenHintResolverIssuer 

type IDTokenHintResolverIssuer interface {
	VerifyIDToken(idTokenHint string) (idToken jwt.Token, err error)
}

type IDTokenHintResolverOfflineGrantService 

type IDTokenHintResolverOfflineGrantService interface {
	GetOfflineGrant(ctx context.Context, id string) (*oauth.OfflineGrant, error)
}

type IDTokenHintResolverSessionProvider 

type IDTokenHintResolverSessionProvider interface {
	Get(ctx context.Context, id string) (*idpsession.IDPSession, error)
}

type IDTokenIssuer 

type IDTokenIssuer struct {
	Secrets        *config.OAuthKeyMaterials
	BaseURL        BaseURLProvider
	Users          UserProvider
	RolesAndGroups RolesAndGroupsProvider
	Clock          clock.Clock
}

func (*IDTokenIssuer) GetPublicKeySet 

func (ti *IDTokenIssuer) GetPublicKeySet() (jwk.Set, error)

func (*IDTokenIssuer) GetUserInfo 

func (ti *IDTokenIssuer) GetUserInfo(ctx context.Context, userID string, clientLike *oauth.ClientLike) (map[string]interface{}, error)

func (*IDTokenIssuer) Iss 

func (ti *IDTokenIssuer) Iss() string

func (*IDTokenIssuer) IssueIDToken 

func (ti *IDTokenIssuer) IssueIDToken(ctx context.Context, opts IssueIDTokenOptions) (string, error)

func (*IDTokenIssuer) PopulateUserClaimsInIDToken 

func (ti *IDTokenIssuer) PopulateUserClaimsInIDToken(ctx context.Context, token jwt.Token, userID string, clientLike *oauth.ClientLike) error

func (*IDTokenIssuer) VerifyIDToken 

func (ti *IDTokenIssuer) VerifyIDToken(idToken string) (token jwt.Token, err error)

type IssueIDTokenOptions 

type IssueIDTokenOptions struct {
	ClientID           string
	SID                string
	Nonce              string
	AuthenticationInfo authenticationinfo.T
	ClientLike         *oauth.ClientLike
	DeviceSecretHash   string
}

type MetadataProvider 

type MetadataProvider struct {
	Endpoints EndpointsProvider
}

func (*MetadataProvider) PopulateMetadata 

func (p *MetadataProvider) PopulateMetadata(meta map[string]interface{})

type RolesAndGroupsProvider 

type RolesAndGroupsProvider interface {
	ListEffectiveRolesByUserID(ctx context.Context, userID string) ([]*model.Role, error)
}

type UIInfo 

type UIInfo struct {
	// ClientID is client_id
	ClientID string
	// RedirectURI is the redirect_uri the UI should redirect to.
	// The redirect_uri in the URL has lower precedence.
	// The rationale for this is if the end-user bookmarked the
	// authorization URL in the browser, redirect to the app is
	// possible.
	RedirectURI string
	// Prompt is the resolved prompt with prompt, max_age, and id_token_hint taken into account.
	Prompt []string
	// UILocales is ui_locales.
	UILocales string
	// UserIDHint is for reauthentication.
	UserIDHint string
	// CanUseIntentReauthenticate is for reauthentication.
	CanUseIntentReauthenticate bool
	// State is the state parameter
	State string
	// XState is the x_state parameter
	XState string
	// Page is the x_page parameter
	Page string
	// SuppressIDPSessionCookie is the x_suppress_idp_session_cookie and x_sso_enabled parameter.
	SuppressIDPSessionCookie bool
	// OAuthProviderAlias is the x_oauth_provider_alias parameter.
	OAuthProviderAlias string
	// LoginHint is the OIDC login_hint parameter.
	LoginHint string
	// IDTokenHint is the OIDC id_token_hint parameter.
	IDTokenHint string
}

UIInfo is a collection of information that is essential to the UI.

func (*UIInfo) ToUIParam 

func (i *UIInfo) ToUIParam() uiparam.T

type UIInfoByProduct 

type UIInfoByProduct struct {
	IDToken        jwt.Token
	SIDSession     session.ListableSession
	IDTokenHintSID string
}

type UIInfoClientResolver 

type UIInfoClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type UIInfoResolver 

type UIInfoResolver struct {
	Config              *config.OAuthConfig
	EndpointsProvider   oauth.EndpointsProvider
	PromptResolver      UIInfoResolverPromptResolver
	IDTokenHintResolver UIInfoResolverIDTokenHintResolver
	Clock               clock.Clock
	Cookies             UIInfoResolverCookieManager
	ClientResolver      UIInfoClientResolver
}

func (*UIInfoResolver) GetOAuthSessionID 

func (r *UIInfoResolver) GetOAuthSessionID(req *http.Request, urlQuery string) (string, bool)

func (*UIInfoResolver) GetOAuthSessionIDLegacy 

func (r *UIInfoResolver) GetOAuthSessionIDLegacy(req *http.Request, urlQuery string) (string, bool)

func (*UIInfoResolver) RemoveOAuthSessionID 

func (r *UIInfoResolver) RemoveOAuthSessionID(w http.ResponseWriter, req *http.Request)

func (*UIInfoResolver) ResolveForAuthorizationEndpoint 

func (r *UIInfoResolver) ResolveForAuthorizationEndpoint(
	ctx context.Context,
	client *config.OAuthClientConfig,
	req protocol.AuthorizationRequest,
) (*UIInfo, *UIInfoByProduct, error)

func (*UIInfoResolver) ResolveForUI 

func (r *UIInfoResolver) ResolveForUI(ctx context.Context, req protocol.AuthorizationRequest) (*UIInfo, error)

type UIInfoResolverCookieManager 

type UIInfoResolverCookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type UIInfoResolverIDTokenHintResolver 

type UIInfoResolverIDTokenHintResolver interface {
	ResolveIDTokenHint(ctx context.Context, client *config.OAuthClientConfig, r protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.ListableSession, err error)
}

type UIInfoResolverPromptResolver 

type UIInfoResolverPromptResolver interface {
	ResolvePrompt(r protocol.AuthorizationRequest, sidSession session.ListableSession) (prompt []string)
}

type UIURLBuilder 

type UIURLBuilder struct {
	Endpoints      UIURLBuilderAuthUIEndpointsProvider
	IdentityConfig *config.IdentityConfig
}

func (*UIURLBuilder) BuildAuthenticationURL 

func (b *UIURLBuilder) BuildAuthenticationURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)

func (*UIURLBuilder) BuildSettingsActionURL 

func (b *UIURLBuilder) BuildSettingsActionURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)

type UIURLBuilderAuthUIEndpointsProvider 

type UIURLBuilderAuthUIEndpointsProvider interface {
	OAuthEntrypointURL() *url.URL
	SettingsChangePasswordURL() *url.URL
	SettingsDeleteAccountURL() *url.URL
	SettingsAddLoginIDEmail(loginIDKey string) *url.URL
	SettingsAddLoginIDPhone(loginIDKey string) *url.URL
	SettingsAddLoginIDUsername(loginIDKey string) *url.URL
	SettingsEditLoginIDEmail(loginIDKey string) *url.URL
	SettingsEditLoginIDPhone(loginIDKey string) *url.URL
	SettingsEditLoginIDUsername(loginIDKey string) *url.URL
}

type UserProvider 

type UserProvider interface {
	Get(ctx context.Context, id string, role accesscontrol.Role) (*model.User, error)
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.