Documentation ¶
Index ¶
- Constants
- type OpenIDConfig
- type Provider
- func (p *Provider) BeginAuth(state string) (goth.Session, error)
- func (p *Provider) Client() *http.Client
- func (p *Provider) Debug(debug bool)
- func (p *Provider) FetchUser(session goth.Session) (goth.User, error)
- func (p *Provider) Name() string
- func (p *Provider) RefreshToken(refreshToken string) (*oauth2.Token, error)
- func (p *Provider) RefreshTokenAvailable() bool
- func (p *Provider) RefreshTokenWithIDToken(refreshToken string) (*RefreshTokenResponse, error)
- func (p *Provider) SetName(name string)
- func (p *Provider) UnmarshalSession(data string) (goth.Session, error)
- type RefreshTokenResponse
- type Session
Constants ¶
const ( PreferredUsernameClaim = "preferred_username" EmailClaim = "email" NameClaim = "name" NicknameClaim = "nickname" PictureClaim = "picture" GivenNameClaim = "given_name" FamilyNameClaim = "family_name" AddressClaim = "address" // Unused but available to set in Provider claims MiddleNameClaim = "middle_name" ProfileClaim = "profile" WebsiteClaim = "website" EmailVerifiedClaim = "email_verified" GenderClaim = "gender" BirthdateClaim = "birthdate" ZoneinfoClaim = "zoneinfo" LocaleClaim = "locale" PhoneNumberClaim = "phone_number" PhoneNumberVerifiedClaim = "phone_number_verified" UpdatedAtClaim = "updated_at" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type OpenIDConfig ¶
type OpenIDConfig struct { AuthEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` UserInfoEndpoint string `json:"userinfo_endpoint"` // If OpenID discovery is enabled, the end_session_endpoint field can optionally be provided // in the discovery endpoint response according to OpenID spec. See: // https://openid.net/specs/openid-connect-session-1_0-17.html#OPMetadata EndSessionEndpoint string `json:"end_session_endpoint, omitempty"` Issuer string `json:"issuer"` }
type Provider ¶
type Provider struct { ClientKey string Secret string CallbackURL string HTTPClient *http.Client OpenIDConfig *OpenIDConfig UserIdClaims []string NameClaims []string NickNameClaims []string EmailClaims []string AvatarURLClaims []string FirstNameClaims []string LastNameClaims []string LocationClaims []string SkipUserInfoRequest bool // contains filtered or unexported fields }
Provider is the implementation of `goth.Provider` for accessing OpenID Connect provider
func New ¶
func New(clientKey, secret, callbackURL, openIDAutoDiscoveryURL string, scopes ...string) (*Provider, error)
New creates a new OpenID Connect provider, and sets up important connection details. You should always call `openidConnect.New` to get a new Provider. Never try to create one manually. New returns an implementation of an OpenID Connect Authorization Code Flow See http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth ID Token decryption is not (yet) supported UserInfo decryption is not (yet) supported
func (*Provider) BeginAuth ¶
BeginAuth asks the OpenID Connect provider for an authentication end-point.
func (*Provider) FetchUser ¶
FetchUser will use the the id_token and access requested information about the user.
func (*Provider) RefreshToken ¶
RefreshToken get new access token based on the refresh token
func (*Provider) RefreshTokenAvailable ¶
RefreshTokenAvailable refresh token is provided by auth provider or not
func (*Provider) RefreshTokenWithIDToken ¶ added in v1.72.0
func (p *Provider) RefreshTokenWithIDToken(refreshToken string) (*RefreshTokenResponse, error)
The ID token is a fundamental part of the OpenID connect refresh token flow but is not part of the OAuth flow. The existing RefreshToken function leverages the OAuth library's refresh token mechanism, ignoring the refreshed ID token. As a result, a new function needs to be exposed (rather than changing the existing function, for backwards compatibility purposes) that also returns the id_token in the OpenID refresh token flow API response Learn more about ID tokens: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
type RefreshTokenResponse ¶ added in v1.72.0
type RefreshTokenResponse struct { AccessToken string `json:"access_token"` // The OpenID spec defines the ID token as an optional response field in the // refresh token flow. As a result, a new ID token may not be returned in a successful // response. // See more: https://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken IdToken string `json:"id_token, omitempty"` // The OAuth spec defines the refresh token as an optional response field in the // refresh token flow. As a result, a new refresh token may not be returned in a successful // response. //See more: https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/ RefreshToken string `json:"refresh_token,omitempty"` }
type Session ¶
type Session struct { AuthURL string AccessToken string RefreshToken string ExpiresAt time.Time IDToken string }
Session stores data during the auth process with the OpenID Connect provider.
func (*Session) Authorize ¶
Authorize the session with the OpenID Connect provider and return the access token to be stored for future use.
func (Session) GetAuthURL ¶
GetAuthURL will return the URL set by calling the `BeginAuth` function on the OpenID Connect provider.