oidc

package

v0.9.0 Latest Latest Go to latest Published: Jun 21, 2024 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/c2FmZQ/tlsproxy

Links

Open Source Insights

Documentation ¶

Index ¶

type Client
type Config
type CookieManager
type EventRecorder
type ProviderClient
- func New(cfg Config, er EventRecorder, cm CookieManager) (*ProviderClient, error)
- func (p *ProviderClient) HandleCallback(w http.ResponseWriter, req *http.Request)
- func (p *ProviderClient) RequestLogin(w http.ResponseWriter, req *http.Request, originalURL string)
type ProviderServer
- func NewServer(opts ServerOptions) *ProviderServer
type RewriteRule
type ServerOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶ added in v0.0.29

type Client struct {
	ID          string
	Secret      string
	RedirectURI []string
}

type Config ¶

type Config struct {
	// DiscoveryURL is the discovery URL of the OIDC provider. If set, it
	// is used to discover the values of AuthEndpoint and TokenEndpoint.
	DiscoveryURL string
	// AuthEndpoint is the authorization endpoint. It must be set only if
	// DiscoveryURL is not set.
	AuthEndpoint string
	// Scopes is the list of scopes to request. The default list is:
	// openid, email.
	Scopes []string
	// TokenEndpoint is the token endpoint. It must be set only if
	// DiscoveryURL is not set.
	TokenEndpoint string
	// UserinfoEndpoint is the userinfo endpoint. It must be set only if
	// DiscoveryURL is not set and the token endpoint doesn't return an
	// ID token.
	UserinfoEndpoint string
	// RedirectURL is the OAUTH2 redirect URL. It must be managed by the
	// proxy.
	RedirectURL string
	// ClientID is the Client ID.
	ClientID string
	// ClientSecret is the Client Secret.
	ClientSecret string
	// HostedDomain specifies that the HD param should be used.
	// https://developers.google.com/identity/openid-connect/openid-connect#hd-param
	HostedDomain string
}

Config contains the parameters of an OIDC provider.

type CookieManager ¶

type CookieManager interface {
	SetAuthTokenCookie(w http.ResponseWriter, userID, email, sessionID, host string, extraClaims map[string]any) error
	SetNonce(w http.ResponseWriter, nonce string)
	Nonce(w http.ResponseWriter, req *http.Request) string
	ClearCookies(w http.ResponseWriter) error
}

CookieManager is the interface to set and clear the auth token.

type EventRecorder ¶

type EventRecorder interface {
	Record(string)
}

EventRecorder is used to record events.

type ProviderClient ¶ added in v0.0.29

type ProviderClient struct {
	// contains filtered or unexported fields
}

ProviderClient handles the OIDC authentication code flow based on information from https://developers.google.com/identity/openid-connect/openid-connect and https://developers.facebook.com/docs/facebook-login/guides/advanced/oidc-token/

func New ¶

func New(cfg Config, er EventRecorder, cm CookieManager) (*ProviderClient, error)

New returns a new ProviderClient.

func (*ProviderClient) HandleCallback ¶ added in v0.0.29

func (p *ProviderClient) HandleCallback(w http.ResponseWriter, req *http.Request)

func (*ProviderClient) RequestLogin ¶ added in v0.0.29

func (p *ProviderClient) RequestLogin(w http.ResponseWriter, req *http.Request, originalURL string)

type ProviderServer ¶ added in v0.0.29

type ProviderServer struct {
	// contains filtered or unexported fields
}

ProviderServer is a OpenID Connect server implementation. https://openid.net/specs/openid-connect-discovery-1_0.html https://openid.net/specs/openid-connect-basic-1_0.html

func NewServer ¶ added in v0.0.29

func NewServer(opts ServerOptions) *ProviderServer

NewServer returns a new ProviderServer.

func (*ProviderServer) ServeAuthorization ¶ added in v0.0.29

func (s *ProviderServer) ServeAuthorization(w http.ResponseWriter, req *http.Request)

func (*ProviderServer) ServeConfig ¶ added in v0.0.29

func (s *ProviderServer) ServeConfig(w http.ResponseWriter, req *http.Request)

func (*ProviderServer) ServeToken ¶ added in v0.0.29

func (s *ProviderServer) ServeToken(w http.ResponseWriter, req *http.Request)

func (*ProviderServer) ServeUserInfo ¶ added in v0.0.29

func (s *ProviderServer) ServeUserInfo(w http.ResponseWriter, req *http.Request)

type RewriteRule ¶ added in v0.0.29

type RewriteRule struct {
	InputClaim  string
	OutputClaim string
	Regex       string
	Value       string
}

RewriteRule is used to apply a regular expression on an existing JWT claim to create or overwrite another claim, or possibly the same claim.

type ServerOptions ¶ added in v0.0.29

type ServerOptions struct {
	TokenManager  *tokenmanager.TokenManager
	Issuer        string
	PathPrefix    string
	ClaimsFromCtx func(context.Context) jwt.MapClaims
	Clients       []Client
	RewriteRules  []RewriteRule

	EventRecorder EventRecorder
}

ServerOptions contains the parameters needed to configure a ProviderServer.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL