openid

package
v1.12.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 23, 2024 License: AGPL-3.0 Imports: 16 Imported by: 4

Documentation

Overview

Package openid provides identity providers that use OpenID to determine the identity.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewOpenIDConnectIdentityProvider

func NewOpenIDConnectIdentityProvider(params OpenIDConnectParams) idp.IdentityProvider

NewOpenIDConnectIdentityProvider creates a new identity provider using OpenID connect.

func ProviderID added in v1.7.0

func ProviderID(provider string, id *oidc.IDToken) store.ProviderIdentity

ProviderID creates a ProviderIdentity using the Subject and Issuer from the given ID token.

Types

type GroupsRetriever added in v1.12.0

type GroupsRetriever interface {
	// RetrieveGroups retrieves groups from the OpenID token.
	RetrieveGroups(context.Context, *oauth2.Token, func(interface{}) error) ([]string, error)
}

A GroupsRetriever is used to retrieve a list of user groups from the OpenID token returned by the OpenID authentication process.

type IdentityCreator added in v1.7.0

type IdentityCreator interface {
	// Create an identity using the provided token. The identity must
	// include a ProviderID which will remain constant for all
	// authentications made by the same user, it is recommended that the
	// ProviderID function is used for this purpose.
	//
	// If the identity includes a username then that username will be
	// used as the default when creating a new user. If a user already
	// exists that are identified by the ProviderID then the username
	// will not be updated.
	//
	// If the Name or Email values are non-zero these values will either
	// replace any currently stored values, or be used as defaults when
	// registering a new user.
	CreateIdentity(context.Context, *oauth2.Token) (store.Identity, error)
}

An IdentityCreator is used to create a candid identity from the OAuth2 token returned by the OAuth2 authentication process.

type OpenIDConnectParams

type OpenIDConnectParams struct {
	// Name is the name that will be given to the identity provider.
	Name string `yaml:"name"`

	// Description is the description that will be used with the
	// identity provider. If this is not set then Name will be used.
	Description string `yaml:"description"`

	// Icon contains the URL or path of an icon.
	Icon string `yaml:"icon"`

	// Domain is the domain with which all identities created by this
	// identity provider will be tagged (not including the @ separator).
	Domain string `yaml:"domain"`

	// Issuer is the OpenID connect issuer for the identity provider.
	// Discovery will be performed for this issuer.
	Issuer string `yaml:"issuer"`

	// Scopes contains the OAuth scopes to request.
	Scopes []string `yaml:"scopes"`

	// ClientID is the ID of the client as registered with the issuer.
	ClientID string `yaml:"client-id"`

	// ClientSecret is a client specific secret agreed with the issuer.
	ClientSecret string `yaml:"client-secret"`

	// Hidden is set if the IDP should be hidden from interactive
	// prompts.
	Hidden bool `yaml:"hidden"`

	// MatchEmailAddr is a regular expression that is used to determine if
	// this identity provider can be used for a particular user email.
	MatchEmailAddr string `yaml:"match-email-addr"`

	// IdentityCreator is the IdentityCreator that the identity provider
	// will use to convert the OAuth2 token into a candid Identity. If
	// this is nil the default implementation provided by the
	// openIDConnect identity provider will be used.
	IdentityCreator IdentityCreator

	// GroupsRetriever is the GroupsRetriever that the identity provider
	// will use to retrieve a list of groups from the OAuth2 token. If
	// this is nil the default implementation provided by the
	// openIDConnect identity provider will be used.
	GroupsRetriever GroupsRetriever
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL