Documentation ¶
Overview ¶
Package openid provides identity providers that use OpenID to determine the identity.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewOpenIDConnectIdentityProvider ¶
func NewOpenIDConnectIdentityProvider(params OpenIDConnectParams) idp.IdentityProvider
NewOpenIDConnectIdentityProvider creates a new identity provider using OpenID connect.
func ProviderID ¶ added in v1.7.0
func ProviderID(provider string, id *oidc.IDToken) store.ProviderIdentity
ProviderID creates a ProviderIdentity using the Subject and Issuer from the given ID token.
Types ¶
type GroupsRetriever ¶ added in v1.12.0
type GroupsRetriever interface { // RetrieveGroups retrieves groups from the OpenID token. RetrieveGroups(context.Context, *oauth2.Token, func(interface{}) error) ([]string, error) }
A GroupsRetriever is used to retrieve a list of user groups from the OpenID token returned by the OpenID authentication process.
type IdentityCreator ¶ added in v1.7.0
type IdentityCreator interface { // Create an identity using the provided token. The identity must // include a ProviderID which will remain constant for all // authentications made by the same user, it is recommended that the // ProviderID function is used for this purpose. // // If the identity includes a username then that username will be // used as the default when creating a new user. If a user already // exists that are identified by the ProviderID then the username // will not be updated. // // If the Name or Email values are non-zero these values will either // replace any currently stored values, or be used as defaults when // registering a new user. CreateIdentity(context.Context, *oauth2.Token) (store.Identity, error) }
An IdentityCreator is used to create a candid identity from the OAuth2 token returned by the OAuth2 authentication process.
type OpenIDConnectParams ¶
type OpenIDConnectParams struct { // Name is the name that will be given to the identity provider. Name string `yaml:"name"` // Description is the description that will be used with the // identity provider. If this is not set then Name will be used. Description string `yaml:"description"` // Icon contains the URL or path of an icon. Icon string `yaml:"icon"` // Domain is the domain with which all identities created by this // identity provider will be tagged (not including the @ separator). Domain string `yaml:"domain"` // Issuer is the OpenID connect issuer for the identity provider. // Discovery will be performed for this issuer. Issuer string `yaml:"issuer"` // Scopes contains the OAuth scopes to request. Scopes []string `yaml:"scopes"` // ClientID is the ID of the client as registered with the issuer. ClientID string `yaml:"client-id"` // ClientSecret is a client specific secret agreed with the issuer. ClientSecret string `yaml:"client-secret"` // Hidden is set if the IDP should be hidden from interactive // prompts. Hidden bool `yaml:"hidden"` // MatchEmailAddr is a regular expression that is used to determine if // this identity provider can be used for a particular user email. MatchEmailAddr string `yaml:"match-email-addr"` // IdentityCreator is the IdentityCreator that the identity provider // will use to convert the OAuth2 token into a candid Identity. If // this is nil the default implementation provided by the // openIDConnect identity provider will be used. IdentityCreator IdentityCreator // GroupsRetriever is the GroupsRetriever that the identity provider // will use to retrieve a list of groups from the OAuth2 token. If // this is nil the default implementation provided by the // openIDConnect identity provider will be used. GroupsRetriever GroupsRetriever }
Click to show internal directories.
Click to hide internal directories.