oidc

package
v0.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	//ScopeOpenID defines the scope `openid`
	//OpenID Connect requests MUST contain the `openid` scope value
	ScopeOpenID = "openid"

	//ScopeProfile defines the scope `profile`
	//This (optional) scope value requests access to the End-User's default profile Claims,
	//which are: name, family_name, given_name, middle_name, nickname, preferred_username,
	//profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at.
	ScopeProfile = "profile"

	//ScopeEmail defines the scope `email`
	//This (optional) scope value requests access to the email and email_verified Claims.
	ScopeEmail = "email"

	//ScopeAddress defines the scope `address`
	//This (optional) scope value requests access to the address Claim.
	ScopeAddress = "address"

	//ScopePhone defines the scope `phone`
	//This (optional) scope value requests access to the phone_number and phone_number_verified Claims.
	ScopePhone = "phone"

	//ScopeOfflineAccess defines the scope `offline_access`
	//This (optional) scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token
	//that grants access to the End-User's UserInfo Endpoint even when the End-User is not present (not logged in).
	ScopeOfflineAccess = "offline_access"

	//ResponseTypeCode for the Authorization Code Flow returning a code from the Authorization Server
	ResponseTypeCode ResponseType = "code"

	//ResponseTypeIDToken for the Implicit Flow returning id and access tokens directly from the Authorization Server
	ResponseTypeIDToken ResponseType = "id_token token"

	//ResponseTypeIDTokenOnly for the Implicit Flow returning only id token directly from the Authorization Server
	ResponseTypeIDTokenOnly ResponseType = "id_token"

	DisplayPage  Display = "page"
	DisplayPopup Display = "popup"
	DisplayTouch Display = "touch"
	DisplayWAP   Display = "wap"

	//PromptNone (`none`) disallows the Authorization Server to display any authentication or consent user interface pages.
	//An error (login_required, interaction_required, ...) will be returned if the user is not already authenticated or consent is needed
	PromptNone Prompt = "none"

	//PromptLogin (`login`) directs the Authorization Server to prompt the End-User for reauthentication.
	PromptLogin Prompt = "login"

	//PromptConsent (`consent`) directs the Authorization Server to prompt the End-User for consent (of sharing information).
	PromptConsent Prompt = "consent"

	//PromptSelectAccount (`select_account `) directs the Authorization Server to prompt the End-User to select a user account (to enable multi user / session switching)
	PromptSelectAccount Prompt = "select_account"
)
View Source 
const (
	//BearerToken defines the token_type `Bearer`, which is returned in a successful token response
	BearerToken = "Bearer"

	PrefixBearer = BearerToken + " "
)
View Source 
const (
	DiscoveryEndpoint = "/.well-known/openid-configuration"
)

Variables

View Source 
var (
	ErrParse                   = errors.New("parsing of request failed")
	ErrIssuerInvalid           = errors.New("issuer does not match")
	ErrAudience                = errors.New("audience is not valid")
	ErrAzpMissing              = errors.New("authorized party is not set. If Token is valid for multiple audiences, azp must not be empty")
	ErrAzpInvalid              = errors.New("authorized party is not valid")
	ErrSignatureMissing        = errors.New("id_token does not contain a signature")
	ErrSignatureMultiple       = errors.New("id_token contains multiple signatures")
	ErrSignatureUnsupportedAlg = errors.New("signature algorithm not supported")
	ErrSignatureInvalidPayload = errors.New("signature does not match Payload")
	ErrExpired                 = errors.New("token has expired")
	ErrIatInFuture             = errors.New("issuedAt of token is in the future")
	ErrIatToOld                = errors.New("issuedAt of token is to old")
	ErrNonceInvalid            = errors.New("nonce does not match")
	ErrAcrInvalid              = errors.New("acr is invalid")
	ErrAuthTimeNotPresent      = errors.New("claim `auth_time` of token is missing")
	ErrAuthTimeToOld           = errors.New("auth time of token is to old")
	ErrAtHash                  = errors.New("at_hash does not correspond to access token")
)

Functions

func AppendClientIDToAudience added in v0.12.5 

func AppendClientIDToAudience(clientID string, audience []string) []string

func CheckAudience added in v0.9.0 

func CheckAudience(claims Claims, clientID string) error

func CheckAuthTime added in v0.9.0 

func CheckAuthTime(claims Claims, maxAge time.Duration) error

func CheckAuthorizationContextClassReference added in v0.9.0 

func CheckAuthorizationContextClassReference(claims Claims, acr ACRVerifier) error

func CheckAuthorizedParty added in v0.9.0 

func CheckAuthorizedParty(claims Claims, clientID string) error

func CheckExpiration added in v0.9.0 

func CheckExpiration(claims Claims, offset time.Duration) error

func CheckIssuedAt added in v0.9.0 

func CheckIssuedAt(claims Claims, maxAgeIAT, offset time.Duration) error

func CheckIssuer added in v0.9.0 

func CheckIssuer(claims Claims, issuer string) error

func CheckKey added in v0.9.0 

func CheckKey(keyID string, jws *jose.JSONWebSignature, keys ...jose.JSONWebKey) ([]byte, error, bool)

CheckKey searches the given JSON Web Keys for the requested key ID and verifies the JSON Web Signature with the found key

will return false but no error if key ID is not found

func CheckNonce added in v0.9.0 

func CheckNonce(claims Claims, nonce string) error

func CheckSignature added in v0.9.0 

func CheckSignature(ctx context.Context, token string, payload []byte, claims Claims, supportedSigAlgs []string, set KeySet) error

func ClaimHash 

func ClaimHash(claim string, sigAlgorithm jose.SignatureAlgorithm) (string, error)

func DecryptToken added in v0.9.0 

func DecryptToken(tokenString string) (string, error)

func GenerateJWTProfileToken added in v0.14.0 

func GenerateJWTProfileToken(assertion *JWTProfileAssertion) (string, error)

func NewJWTProfileAssertionStringFromFileData added in v0.14.0 

func NewJWTProfileAssertionStringFromFileData(data []byte, audience []string) (string, error)

func NewSHACodeChallenge 

func NewSHACodeChallenge(code string) string

func ParseToken added in v0.9.0 

func ParseToken(tokenString string, claims interface{}) ([]byte, error)

func VerifyCodeChallenge 

func VerifyCodeChallenge(c *CodeChallenge, codeVerifier string) bool

Types

type ACRVerifier added in v0.9.0 

type ACRVerifier func(string) error

ACRVerifier specifies the function to be used by the `DefaultVerifier` for validating the acr claim

func DefaultACRVerifier added in v0.9.0 

func DefaultACRVerifier(possibleValues []string) ACRVerifier

DefaultACRVerifier implements `ACRVerifier` returning an error if non of the provided values matches the acr claim

type AccessTokenClaims 

type AccessTokenClaims interface {
	Claims
	GetSubject() string
	GetTokenID() string
	SetPrivateClaims(map[string]interface{})
}

func EmptyAccessTokenClaims added in v0.12.0 

func EmptyAccessTokenClaims() AccessTokenClaims

func NewAccessTokenClaims added in v0.12.0 

func NewAccessTokenClaims(issuer, subject string, audience []string, expiration time.Time, id, clientID string, skew time.Duration) AccessTokenClaims

type AccessTokenRequest 

type AccessTokenRequest struct {
	Code                string `schema:"code"`
	RedirectURI         string `schema:"redirect_uri"`
	ClientID            string `schema:"client_id"`
	ClientSecret        string `schema:"client_secret"`
	CodeVerifier        string `schema:"code_verifier"`
	ClientAssertion     string `schema:"client_assertion"`
	ClientAssertionType string `schema:"client_assertion_type"`
}

func (*AccessTokenRequest) GrantType 

func (a *AccessTokenRequest) GrantType() GrantType

func (*AccessTokenRequest) SetClientID added in v0.15.0 

func (a *AccessTokenRequest) SetClientID(clientID string)

SetClientID implements op.AuthenticatedTokenRequest

func (*AccessTokenRequest) SetClientSecret added in v0.15.0 

func (a *AccessTokenRequest) SetClientSecret(clientSecret string)

SetClientSecret implements op.AuthenticatedTokenRequest

type AccessTokenResponse 

type AccessTokenResponse struct {
	AccessToken  string `json:"access_token,omitempty" schema:"access_token,omitempty"`
	TokenType    string `json:"token_type,omitempty" schema:"token_type,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty" schema:"refresh_token,omitempty"`
	ExpiresIn    uint64 `json:"expires_in,omitempty" schema:"expires_in,omitempty"`
	IDToken      string `json:"id_token,omitempty" schema:"id_token,omitempty"`
}

type Audience added in v0.12.0 

type Audience []string

func (*Audience) UnmarshalJSON added in v0.12.0 

func (a *Audience) UnmarshalJSON(text []byte) error

type AuthMethod added in v0.14.0 

type AuthMethod string
const (
	AuthMethodBasic         AuthMethod = "client_secret_basic"
	AuthMethodPost          AuthMethod = "client_secret_post"
	AuthMethodNone          AuthMethod = "none"
	AuthMethodPrivateKeyJWT AuthMethod = "private_key_jwt"
)

type AuthRequest 

type AuthRequest struct {
	ID           string
	Scopes       Scopes       `schema:"scope"`
	ResponseType ResponseType `schema:"response_type"`
	ClientID     string       `schema:"client_id"`
	RedirectURI  string       `schema:"redirect_uri"` //TODO: type

	State string `schema:"state"`

	Nonce       string   `schema:"nonce"`
	Display     Display  `schema:"display"`
	Prompt      Prompt   `schema:"prompt"`
	MaxAge      uint32   `schema:"max_age"`
	UILocales   Locales  `schema:"ui_locales"`
	IDTokenHint string   `schema:"id_token_hint"`
	LoginHint   string   `schema:"login_hint"`
	ACRValues   []string `schema:"acr_values"`

	CodeChallenge       string              `schema:"code_challenge"`
	CodeChallengeMethod CodeChallengeMethod `schema:"code_challenge_method"`
}

AuthRequest according to: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

func (*AuthRequest) GetRedirectURI 

func (a *AuthRequest) GetRedirectURI() string

GetRedirectURI returns the redirect_uri value for the ErrAuthRequest interface

func (*AuthRequest) GetResponseType 

func (a *AuthRequest) GetResponseType() ResponseType

GetResponseType returns the response_type value for the ErrAuthRequest interface

func (*AuthRequest) GetState 

func (a *AuthRequest) GetState() string

GetState returns the optional state value for the ErrAuthRequest interface

type Claims added in v0.9.0 

type Claims interface {
	GetIssuer() string
	GetAudience() []string
	GetExpiration() time.Time
	GetIssuedAt() time.Time
	GetNonce() string
	GetAuthenticationContextClassReference() string
	GetAuthTime() time.Time
	GetAuthorizedParty() string
	SetSignatureAlgorithm(algorithm jose.SignatureAlgorithm)
}

type ClientAssertionParams added in v0.14.0 

type ClientAssertionParams struct {
	ClientAssertion     string `schema:"client_assertion"`
	ClientAssertionType string `schema:"client_assertion_type"`
}

type CodeChallenge 

type CodeChallenge struct {
	Challenge string
	Method    CodeChallengeMethod
}

type CodeChallengeMethod 

type CodeChallengeMethod string
const (
	CodeChallengeMethodPlain CodeChallengeMethod = "plain"
	CodeChallengeMethodS256  CodeChallengeMethod = "S256"
)

type DiscoveryConfiguration 

type DiscoveryConfiguration struct {
	Issuer                                             string                `json:"issuer,omitempty"`
	AuthorizationEndpoint                              string                `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                                      string                `json:"token_endpoint,omitempty"`
	IntrospectionEndpoint                              string                `json:"introspection_endpoint,omitempty"`
	UserinfoEndpoint                                   string                `json:"userinfo_endpoint,omitempty"`
	RevocationEndpoint                                 string                `json:"revocation_endpoint,omitempty"`
	EndSessionEndpoint                                 string                `json:"end_session_endpoint,omitempty"`
	CheckSessionIframe                                 string                `json:"check_session_iframe,omitempty"`
	JwksURI                                            string                `json:"jwks_uri,omitempty"`
	ScopesSupported                                    []string              `json:"scopes_supported,omitempty"`
	ResponseTypesSupported                             []string              `json:"response_types_supported,omitempty"`
	ResponseModesSupported                             []string              `json:"response_modes_supported,omitempty"`
	GrantTypesSupported                                []GrantType           `json:"grant_types_supported,omitempty"`
	ACRValuesSupported                                 []string              `json:"acr_values_supported,omitempty"`
	SubjectTypesSupported                              []string              `json:"subject_types_supported,omitempty"`
	IDTokenSigningAlgValuesSupported                   []string              `json:"id_token_signing_alg_values_supported,omitempty"`
	IDTokenEncryptionAlgValuesSupported                []string              `json:"id_token_encryption_alg_values_supported,omitempty"`
	IDTokenEncryptionEncValuesSupported                []string              `json:"id_token_encryption_enc_values_supported,omitempty"`
	UserinfoSigningAlgValuesSupported                  []string              `json:"userinfo_signing_alg_values_supported,omitempty"`
	UserinfoEncryptionAlgValuesSupported               []string              `json:"userinfo_encryption_alg_values_supported,omitempty"`
	UserinfoEncryptionEncValuesSupported               []string              `json:"userinfo_encryption_enc_values_supported,omitempty"`
	RequestObjectSigningAlgValuesSupported             []string              `json:"request_object_signing_alg_values_supported,omitempty"`
	RequestObjectEncryptionAlgValuesSupported          []string              `json:"request_object_encryption_alg_values_supported,omitempty"`
	RequestObjectEncryptionEncValuesSupported          []string              `json:"request_object_encryption_enc_values_supported,omitempty"`
	TokenEndpointAuthMethodsSupported                  []AuthMethod          `json:"token_endpoint_auth_methods_supported,omitempty"`
	TokenEndpointAuthSigningAlgValuesSupported         []string              `json:"token_endpoint_auth_signing_alg_values_supported,omitempty"`
	RevocationEndpointAuthMethodsSupported             []AuthMethod          `json:"revocation_endpoint_auth_methods_supported,omitempty"`
	RevocationEndpointAuthSigningAlgValuesSupported    []string              `json:"revocation_endpoint_auth_signing_alg_values_supported,omitempty"`
	IntrospectionEndpointAuthMethodsSupported          []AuthMethod          `json:"introspection_endpoint_auth_methods_supported,omitempty"`
	IntrospectionEndpointAuthSigningAlgValuesSupported []string              `json:"introspection_endpoint_auth_signing_alg_values_supported,omitempty"`
	DisplayValuesSupported                             []Display             `json:"display_values_supported,omitempty"`
	ClaimTypesSupported                                []string              `json:"claim_types_supported,omitempty"`
	ClaimsSupported                                    []string              `json:"claims_supported,omitempty"`
	ClaimsParameterSupported                           bool                  `json:"claims_parameter_supported,omitempty"`
	CodeChallengeMethodsSupported                      []CodeChallengeMethod `json:"code_challenge_methods_supported,omitempty"`
	ServiceDocumentation                               string                `json:"service_documentation,omitempty"`
	ClaimsLocalesSupported                             []language.Tag        `json:"claims_locales_supported,omitempty"`
	UILocalesSupported                                 []language.Tag        `json:"ui_locales_supported,omitempty"`
	RequestParameterSupported                          bool                  `json:"request_parameter_supported,omitempty"`
	RequestURIParameterSupported                       bool                  `json:"request_uri_parameter_supported"` //no omitempty because: If omitted, the default value is true
	RequireRequestURIRegistration                      bool                  `json:"require_request_uri_registration,omitempty"`
	OPPolicyURI                                        string                `json:"op_policy_uri,omitempty"`
	OPTermsOfServiceURI                                string                `json:"op_tos_uri,omitempty"`
}

type Display 

type Display string

func (*Display) UnmarshalText 

func (d *Display) UnmarshalText(text []byte) error

type EndSessionRequest added in v0.4.0 

type EndSessionRequest struct {
	IdTokenHint           string `schema:"id_token_hint"`
	PostLogoutRedirectURI string `schema:"post_logout_redirect_uri"`
	State                 string `schema:"state"`
}

EndSessionRequest for the RP-Initiated Logout according to: https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout

type Gender 

type Gender string

type GrantType 

type GrantType string
const (
	//GrantTypeCode defines the grant_type `authorization_code` used for the Token Request in the Authorization Code Flow
	GrantTypeCode GrantType = "authorization_code"

	//GrantTypeCode defines the grant_type `refresh_token` used for the Token Request in the Refresh Token Flow
	GrantTypeRefreshToken GrantType = "refresh_token"

	//GrantTypeBearer defines the grant_type `urn:ietf:params:oauth:grant-type:jwt-bearer` used for the JWT Authorization Grant
	GrantTypeBearer GrantType = "urn:ietf:params:oauth:grant-type:jwt-bearer"

	//GrantTypeTokenExchange defines the grant_type `urn:ietf:params:oauth:grant-type:token-exchange` used for the OAuth Token Exchange Grant
	GrantTypeTokenExchange GrantType = "urn:ietf:params:oauth:grant-type:token-exchange"

	//ClientAssertionTypeJWTAssertion defines the client_assertion_type `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`
	//used for the OAuth JWT Profile Client Authentication
	ClientAssertionTypeJWTAssertion = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)
const (
	GrantTypeImplicit GrantType = "implicit"
)

type IDTokenClaims 

type IDTokenClaims interface {
	Claims
	GetNotBefore() time.Time
	GetJWTID() string
	GetAccessTokenHash() string
	GetCodeHash() string
	GetAuthenticationMethodsReferences() []string
	GetClientID() string
	GetSignatureAlgorithm() jose.SignatureAlgorithm
	SetAccessTokenHash(hash string)
	SetUserinfo(userinfo UserInfo)
	SetCodeHash(hash string)
	UserInfo
}

func EmptyIDTokenClaims added in v0.12.0 

func EmptyIDTokenClaims() IDTokenClaims

func NewIDTokenClaims added in v0.12.0 

func NewIDTokenClaims(issuer, subject string, audience []string, expiration, authTime time.Time, nonce string, acr string, amr []string, clientID string, skew time.Duration) IDTokenClaims

type IntrospectionRequest added in v0.14.0 

type IntrospectionRequest struct {
	Token string `schema:"token"`
}

type IntrospectionResponse added in v0.14.0 

type IntrospectionResponse interface {
	UserInfoSetter
	SetActive(bool)
	IsActive() bool
	SetScopes(scopes Scopes)
	SetClientID(id string)
}

func NewIntrospectionResponse added in v0.14.0 

func NewIntrospectionResponse() IntrospectionResponse

type JWTProfileAssertion added in v0.9.0 

type JWTProfileAssertion struct {
	PrivateKeyID string   `json:"-"`
	PrivateKey   []byte   `json:"-"`
	Issuer       string   `json:"iss"`
	Subject      string   `json:"sub"`
	Audience     Audience `json:"aud"`
	Expiration   Time     `json:"exp"`
	IssuedAt     Time     `json:"iat"`
}

func NewJWTProfileAssertion added in v0.9.0 

func NewJWTProfileAssertion(userID, keyID string, audience []string, key []byte) *JWTProfileAssertion

func NewJWTProfileAssertionFromFileData added in v0.12.0 

func NewJWTProfileAssertionFromFileData(data []byte, audience []string) (*JWTProfileAssertion, error)

func NewJWTProfileAssertionFromKeyJSON added in v0.9.0 

func NewJWTProfileAssertionFromKeyJSON(filename string, audience []string) (*JWTProfileAssertion, error)

type JWTProfileGrantRequest added in v0.14.0 

type JWTProfileGrantRequest struct {
	Assertion string    `schema:"assertion"`
	Scope     Scopes    `schema:"scope"`
	GrantType GrantType `schema:"grant_type"`
}

func NewJWTProfileGrantRequest added in v0.14.0 

func NewJWTProfileGrantRequest(assertion string, scopes ...string) *JWTProfileGrantRequest

NewJWTProfileGrantRequest creates an oauth2 `JSON Web Token (JWT) Profile` Grant `urn:ietf:params:oauth:grant-type:jwt-bearer` sending a self-signed jwt as assertion

type JWTTokenRequest added in v0.9.0 

type JWTTokenRequest struct {
	Issuer    string   `json:"iss"`
	Subject   string   `json:"sub"`
	Scopes    Scopes   `json:"-"`
	Audience  Audience `json:"aud"`
	IssuedAt  Time     `json:"iat"`
	ExpiresAt Time     `json:"exp"`
}

func (*JWTTokenRequest) GetAudience added in v0.9.0 

func (j *JWTTokenRequest) GetAudience() []string

GetAudience implements the Claims and TokenRequest interfaces

func (*JWTTokenRequest) GetAuthTime added in v0.9.0 

func (j *JWTTokenRequest) GetAuthTime() time.Time

GetAuthTime implements the Claims interface

func (*JWTTokenRequest) GetAuthenticationContextClassReference added in v0.9.0 

func (j *JWTTokenRequest) GetAuthenticationContextClassReference() string

GetAuthenticationContextClassReference implements the Claims interface

func (*JWTTokenRequest) GetAuthorizedParty added in v0.9.0 

func (j *JWTTokenRequest) GetAuthorizedParty() string

GetAuthorizedParty implements the Claims interface

func (*JWTTokenRequest) GetExpiration added in v0.9.0 

func (j *JWTTokenRequest) GetExpiration() time.Time

GetExpiration implements the Claims interface

func (*JWTTokenRequest) GetIssuedAt added in v0.9.0 

func (j *JWTTokenRequest) GetIssuedAt() time.Time

GetIssuedAt implements the Claims interface

func (*JWTTokenRequest) GetIssuer added in v0.9.0 

func (j *JWTTokenRequest) GetIssuer() string

GetIssuer implements the Claims interface

func (*JWTTokenRequest) GetNonce added in v0.9.0 

func (j *JWTTokenRequest) GetNonce() string

GetNonce implements the Claims interface

func (*JWTTokenRequest) GetScopes added in v0.9.0 

func (j *JWTTokenRequest) GetScopes() []string

GetSubject implements the TokenRequest interface

func (*JWTTokenRequest) GetSubject added in v0.9.0 

func (j *JWTTokenRequest) GetSubject() string

GetSubject implements the TokenRequest interface

func (*JWTTokenRequest) SetSignatureAlgorithm added in v0.12.0 

func (j *JWTTokenRequest) SetSignatureAlgorithm(_ jose.SignatureAlgorithm)

SetSignatureAlgorithm implements the Claims interface

type KeySet 

type KeySet interface {
	//VerifySignature verifies the signature with the given keyset and returns the raw payload
	VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error)
}

KeySet represents a set of JSON Web Keys - remotely fetch via discovery and jwks_uri -> `remoteKeySet` - held by the OP itself in storage -> `openIDKeySet` - dynamically aggregated by request for OAuth JWT Profile Assertion -> `jwtProfileKeySet`

type Locales 

type Locales []language.Tag

func (*Locales) UnmarshalText 

func (l *Locales) UnmarshalText(text []byte) error

type Prompt 

type Prompt string

type RefreshTokenRequest added in v0.15.0 

type RefreshTokenRequest struct {
	RefreshToken        string `schema:"refresh_token"`
	Scopes              Scopes `schema:"scope"`
	ClientID            string `schema:"client_id"`
	ClientSecret        string `schema:"client_secret"`
	ClientAssertion     string `schema:"client_assertion"`
	ClientAssertionType string `schema:"client_assertion_type"`
}

func (*RefreshTokenRequest) GrantType added in v0.15.0 

func (a *RefreshTokenRequest) GrantType() GrantType

func (*RefreshTokenRequest) SetClientID added in v0.15.0 

func (a *RefreshTokenRequest) SetClientID(clientID string)

SetClientID implements op.AuthenticatedTokenRequest

func (*RefreshTokenRequest) SetClientSecret added in v0.15.0 

func (a *RefreshTokenRequest) SetClientSecret(clientSecret string)

SetClientSecret implements op.AuthenticatedTokenRequest

type ResponseType 

type ResponseType string

type Scopes 

type Scopes []string

func (Scopes) Encode added in v0.12.0 

func (s Scopes) Encode() string

func (*Scopes) MarshalJSON added in v0.14.0 

func (s *Scopes) MarshalJSON() ([]byte, error)

func (*Scopes) MarshalText added in v0.12.0 

func (s *Scopes) MarshalText() ([]byte, error)

func (*Scopes) UnmarshalJSON added in v0.14.0 

func (s *Scopes) UnmarshalJSON(data []byte) error

func (*Scopes) UnmarshalText 

func (s *Scopes) UnmarshalText(text []byte) error

type Time added in v0.9.0 

type Time time.Time

func (*Time) MarshalJSON added in v0.12.0 

func (t *Time) MarshalJSON() ([]byte, error)

func (*Time) UnmarshalJSON added in v0.9.0 

func (t *Time) UnmarshalJSON(data []byte) error

type TokenExchangeRequest 

type TokenExchangeRequest struct {
	Scope Scopes `schema:"scope"`
	// contains filtered or unexported fields
}

type TokenRequest 

type TokenRequest interface {
	// GrantType GrantType `schema:"grant_type"`
	GrantType() GrantType
}

type TokenRequestType 

type TokenRequestType GrantType

type Tokens 

type Tokens struct {
	*oauth2.Token
	IDTokenClaims IDTokenClaims
	IDToken       string
}

type UserInfo added in v0.12.0 

type UserInfo interface {
	GetSubject() string
	UserInfoProfile
	UserInfoEmail
	UserInfoPhone
	GetAddress() UserInfoAddress
	GetClaim(key string) interface{}
}

type UserInfoAddress added in v0.12.0 

type UserInfoAddress interface {
	GetFormatted() string
	GetStreetAddress() string
	GetLocality() string
	GetRegion() string
	GetPostalCode() string
	GetCountry() string
}

func NewUserInfoAddress added in v0.12.0 

func NewUserInfoAddress(streetAddress, locality, region, postalCode, country, formatted string) UserInfoAddress

type UserInfoEmail added in v0.12.0 

type UserInfoEmail interface {
	GetEmail() string
	IsEmailVerified() bool
}

type UserInfoPhone added in v0.12.0 

type UserInfoPhone interface {
	GetPhoneNumber() string
	IsPhoneNumberVerified() bool
}

type UserInfoProfile added in v0.12.0 

type UserInfoProfile interface {
	GetName() string
	GetGivenName() string
	GetFamilyName() string
	GetMiddleName() string
	GetNickname() string
	GetProfile() string
	GetPicture() string
	GetWebsite() string
	GetGender() Gender
	GetBirthdate() string
	GetZoneinfo() string
	GetLocale() language.Tag
	GetPreferredUsername() string
}

type UserInfoProfileSetter added in v0.12.0 

type UserInfoProfileSetter interface {
	SetName(name string)
	SetGivenName(name string)
	SetFamilyName(name string)
	SetMiddleName(name string)
	SetNickname(name string)
	SetUpdatedAt(date time.Time)
	SetProfile(profile string)
	SetPicture(profile string)
	SetWebsite(website string)
	SetGender(gender Gender)
	SetBirthdate(birthdate string)
	SetZoneinfo(zoneInfo string)
	SetLocale(locale language.Tag)
	SetPreferredUsername(name string)
}

type UserInfoRequest added in v0.4.2 

type UserInfoRequest struct {
	AccessToken string `schema:"access_token"`
}

type UserInfoSetter added in v0.12.0 

type UserInfoSetter interface {
	UserInfo
	SetSubject(sub string)
	UserInfoProfileSetter
	SetEmail(email string, verified bool)
	SetPhone(phone string, verified bool)
	SetAddress(address UserInfoAddress)
	AppendClaims(key string, values interface{})
}

func NewUserInfo added in v0.12.0 

func NewUserInfo() UserInfoSetter

type Verifier added in v0.9.0 

type Verifier interface {
	Issuer() string
	MaxAgeIAT() time.Duration
	Offset() time.Duration
}

Source Files

View all Source files

Directories

Path Synopsis
tokenexchange

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.