Documentation ¶
Index ¶
- Constants
- Variables
- func BuildCustomUIEndpoint(base string) (*url.URL, error)
- func DecodeSID(sid string) (typ session.Type, sessionID string, ok bool)
- func EncodeSID(s SessionLike) string
- func EncodeSIDByRawValues(sessionType session.Type, sessionID string) string
- func IsScopeAllowed(scope string) bool
- func ScopeAllowsClaim(scope string, claimName string) bool
- func ValidateScopes(client *config.OAuthClientConfig, scopes []string) error
- type BaseURLProvider
- type EndpointsProvider
- type IDTokenHintResolver
- type IDTokenHintResolverIssuer
- type IDTokenHintResolverOfflineGrantService
- type IDTokenHintResolverSessionProvider
- type IDTokenIssuer
- func (ti *IDTokenIssuer) GetPublicKeySet() (jwk.Set, error)
- func (ti *IDTokenIssuer) GetUserInfo(ctx context.Context, userID string, clientLike *oauth.ClientLike) (map[string]interface{}, error)
- func (ti *IDTokenIssuer) Iss() string
- func (ti *IDTokenIssuer) IssueIDToken(ctx context.Context, opts IssueIDTokenOptions) (string, error)
- func (ti *IDTokenIssuer) PopulateUserClaimsInIDToken(ctx context.Context, token jwt.Token, userID string, ...) error
- func (ti *IDTokenIssuer) VerifyIDToken(idToken string) (token jwt.Token, err error)
- type IssueIDTokenOptions
- type MetadataProvider
- type RolesAndGroupsProvider
- type SessionLike
- type UIInfo
- type UIInfoByProduct
- type UIInfoClientResolver
- type UIInfoResolver
- func (r *UIInfoResolver) GetOAuthSessionID(req *http.Request, urlQuery string) (string, bool)
- func (r *UIInfoResolver) GetOAuthSessionIDLegacy(req *http.Request, urlQuery string) (string, bool)
- func (r *UIInfoResolver) RemoveOAuthSessionID(w http.ResponseWriter, req *http.Request)
- func (r *UIInfoResolver) ResolveForAuthorizationEndpoint(ctx context.Context, client *config.OAuthClientConfig, ...) (*UIInfo, *UIInfoByProduct, error)
- func (r *UIInfoResolver) ResolveForUI(ctx context.Context, req protocol.AuthorizationRequest) (*UIInfo, error)
- type UIInfoResolverCookieManager
- type UIInfoResolverIDTokenHintResolver
- type UIInfoResolverPromptResolver
- type UIURLBuilder
- type UIURLBuilderAuthUIEndpointsProvider
- type UserProvider
Constants ¶
View Source
const ( // The scope openid must be present. // https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest ScopeOpenID = "openid" // Scope "profile" is defined in // https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims ScopeProfile = "profile" // Scope "email" is defined in // https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims ScopeEmail = "email" // Scope "address" is defined in // https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims ScopeAddress = "address" // Scope "phone" is defined in // https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims ScopePhone = "phone" )
View Source
const IDTokenValidDuration = duration.Short
IDTokenValidDuration is the valid period of ID token. It can be short, since id_token_hint should accept expired ID tokens.
Variables ¶
View Source
var AllowedScopes = []string{ oauth.OfflineAccess, oauth.DeviceSSOScope, ScopeOpenID, ScopeProfile, ScopeEmail, ScopeAddress, ScopePhone, oauth.FullAccessScope, oauth.FullUserInfoScope, oauth.PreAuthenticatedURLScope, }
View Source
var DependencySet = wire.NewSet( wire.Struct(new(MetadataProvider), "*"), wire.Struct(new(IDTokenIssuer), "*"), wire.Bind(new(IDTokenHintResolverIssuer), new(*IDTokenIssuer)), wire.Struct(new(IDTokenHintResolver), "*"), wire.Struct(new(UIInfoResolver), "*"), wire.Bind(new(UIInfoResolverIDTokenHintResolver), new(*IDTokenHintResolver)), wire.Struct(new(UIURLBuilder), "*"), )
View Source
var ErrInvalidCustomURI = apierrors.Invalid.WithReason("WebUIInvalidCustomURI")
View Source
var ErrInvalidSettingsAction = apierrors.Invalid.WithReason("WebUIInvalidSettingsAction")
Functions ¶
func EncodeSID ¶
func EncodeSID(s SessionLike) string
func EncodeSIDByRawValues ¶
func IsScopeAllowed ¶
func ScopeAllowsClaim ¶
func ValidateScopes ¶
func ValidateScopes(client *config.OAuthClientConfig, scopes []string) error
Types ¶
type BaseURLProvider ¶
type EndpointsProvider ¶
type IDTokenHintResolver ¶
type IDTokenHintResolver struct { Issuer IDTokenHintResolverIssuer Sessions IDTokenHintResolverSessionProvider OfflineGrantService IDTokenHintResolverOfflineGrantService }
func (*IDTokenHintResolver) ResolveIDTokenHint ¶
func (r *IDTokenHintResolver) ResolveIDTokenHint(ctx context.Context, client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.ListableSession, err error)
type IDTokenHintResolverSessionProvider ¶
type IDTokenHintResolverSessionProvider interface {
Get(ctx context.Context, id string) (*idpsession.IDPSession, error)
}
type IDTokenIssuer ¶
type IDTokenIssuer struct { Secrets *config.OAuthKeyMaterials BaseURL BaseURLProvider Users UserProvider RolesAndGroups RolesAndGroupsProvider Clock clock.Clock }
func (*IDTokenIssuer) GetPublicKeySet ¶
func (ti *IDTokenIssuer) GetPublicKeySet() (jwk.Set, error)
func (*IDTokenIssuer) GetUserInfo ¶
func (ti *IDTokenIssuer) GetUserInfo(ctx context.Context, userID string, clientLike *oauth.ClientLike) (map[string]interface{}, error)
func (*IDTokenIssuer) Iss ¶
func (ti *IDTokenIssuer) Iss() string
func (*IDTokenIssuer) IssueIDToken ¶
func (ti *IDTokenIssuer) IssueIDToken(ctx context.Context, opts IssueIDTokenOptions) (string, error)
func (*IDTokenIssuer) PopulateUserClaimsInIDToken ¶
func (ti *IDTokenIssuer) PopulateUserClaimsInIDToken(ctx context.Context, token jwt.Token, userID string, clientLike *oauth.ClientLike) error
func (*IDTokenIssuer) VerifyIDToken ¶
func (ti *IDTokenIssuer) VerifyIDToken(idToken string) (token jwt.Token, err error)
type IssueIDTokenOptions ¶
type IssueIDTokenOptions struct { ClientID string SID string Nonce string AuthenticationInfo authenticationinfo.T ClientLike *oauth.ClientLike DeviceSecretHash string }
type MetadataProvider ¶
type MetadataProvider struct {
Endpoints EndpointsProvider
}
func (*MetadataProvider) PopulateMetadata ¶
func (p *MetadataProvider) PopulateMetadata(meta map[string]interface{})
type RolesAndGroupsProvider ¶
type SessionLike ¶
type UIInfo ¶
type UIInfo struct { // ClientID is client_id ClientID string // RedirectURI is the redirect_uri the UI should redirect to. // The redirect_uri in the URL has lower precedence. // The rationale for this is if the end-user bookmarked the // authorization URL in the browser, redirect to the app is // possible. RedirectURI string // Prompt is the resolved prompt with prompt, max_age, and id_token_hint taken into account. Prompt []string // UILocales is ui_locales. UILocales string // UserIDHint is for reauthentication. UserIDHint string // CanUseIntentReauthenticate is for reauthentication. CanUseIntentReauthenticate bool // State is the state parameter State string // XState is the x_state parameter XState string // Page is the x_page parameter Page string // SuppressIDPSessionCookie is the x_suppress_idp_session_cookie and x_sso_enabled parameter. SuppressIDPSessionCookie bool // OAuthProviderAlias is the x_oauth_provider_alias parameter. OAuthProviderAlias string // LoginHint is the OIDC login_hint parameter. LoginHint string // IDTokenHint is the OIDC id_token_hint parameter. IDTokenHint string }
UIInfo is a collection of information that is essential to the UI.
type UIInfoByProduct ¶
type UIInfoByProduct struct { IDToken jwt.Token SIDSession session.ListableSession IDTokenHintSID string }
type UIInfoClientResolver ¶
type UIInfoClientResolver interface {
ResolveClient(clientID string) *config.OAuthClientConfig
}
type UIInfoResolver ¶
type UIInfoResolver struct { Config *config.OAuthConfig EndpointsProvider oauth.EndpointsProvider PromptResolver UIInfoResolverPromptResolver IDTokenHintResolver UIInfoResolverIDTokenHintResolver Clock clock.Clock Cookies UIInfoResolverCookieManager ClientResolver UIInfoClientResolver }
func (*UIInfoResolver) GetOAuthSessionID ¶
func (*UIInfoResolver) GetOAuthSessionIDLegacy ¶
func (*UIInfoResolver) RemoveOAuthSessionID ¶
func (r *UIInfoResolver) RemoveOAuthSessionID(w http.ResponseWriter, req *http.Request)
func (*UIInfoResolver) ResolveForAuthorizationEndpoint ¶
func (r *UIInfoResolver) ResolveForAuthorizationEndpoint( ctx context.Context, client *config.OAuthClientConfig, req protocol.AuthorizationRequest, ) (*UIInfo, *UIInfoByProduct, error)
func (*UIInfoResolver) ResolveForUI ¶
func (r *UIInfoResolver) ResolveForUI(ctx context.Context, req protocol.AuthorizationRequest) (*UIInfo, error)
type UIInfoResolverIDTokenHintResolver ¶
type UIInfoResolverIDTokenHintResolver interface {
ResolveIDTokenHint(ctx context.Context, client *config.OAuthClientConfig, r protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.ListableSession, err error)
}
type UIInfoResolverPromptResolver ¶
type UIInfoResolverPromptResolver interface {
ResolvePrompt(r protocol.AuthorizationRequest, sidSession session.ListableSession) (prompt []string)
}
type UIURLBuilder ¶
type UIURLBuilder struct {
Endpoints UIURLBuilderAuthUIEndpointsProvider
}
func (*UIURLBuilder) BuildAuthenticationURL ¶
func (b *UIURLBuilder) BuildAuthenticationURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)
func (*UIURLBuilder) BuildSettingsActionURL ¶
func (b *UIURLBuilder) BuildSettingsActionURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)
type UserProvider ¶
Source Files ¶
Click to show internal directories.
Click to hide internal directories.