Documentation ¶
Index ¶
- Constants
- Variables
- func MustValidate(l *logrusx.Logger, p *Provider)
- type Provider
- func (p *Provider) AccessTokenLifespan() time.Duration
- func (p *Provider) AccessTokenStrategy() string
- func (p *Provider) AllowedTopLevelClaims() []string
- func (p *Provider) AuthCodeLifespan() time.Duration
- func (p *Provider) BCryptCost() int
- func (p *Provider) CGroupsV1AutoMaxProcsEnabled() bool
- func (p *Provider) CORS(iface ServeInterface) (cors.Options, bool)
- func (p *Provider) ConsentRequestMaxAge() time.Duration
- func (p *Provider) ConsentURL() *url.URL
- func (p *Provider) CookieSameSiteLegacyWorkaround() bool
- func (p *Provider) CookieSameSiteMode() http.SameSite
- func (p *Provider) DSN() string
- func (p *Provider) DataSourcePlugin() string
- func (p *Provider) DefaultClientScope() []string
- func (p *Provider) DisableHealthAccessLog(iface ServeInterface) bool
- func (p *Provider) EncryptSessionData() bool
- func (p *Provider) EnforcePKCEForPublicClients() bool
- func (p *Provider) ErrorURL() *url.URL
- func (p *Provider) ExcludeNotBeforeClaim() bool
- func (p *Provider) GetCookieSecrets() [][]byte
- func (p *Provider) GetRotatedSystemSecrets() [][]byte
- func (p *Provider) GetSystemSecret() []byte
- func (p *Provider) GrantAllClientCredentialsScopesPerDefault() bool
- func (p *Provider) GrantTypeJWTBearerIDOptional() bool
- func (p *Provider) GrantTypeJWTBearerIssuedDateOptional() bool
- func (p *Provider) GrantTypeJWTBearerMaxDuration() time.Duration
- func (p *Provider) HsmEnabled() bool
- func (p *Provider) HsmKeySetPrefix() string
- func (p *Provider) HsmLibraryPath() string
- func (p *Provider) HsmPin() string
- func (p *Provider) HsmSlotNumber() *int
- func (p *Provider) HsmTokenLabel() string
- func (p *Provider) IDTokenLifespan() time.Duration
- func (p *Provider) InsecureRedirects() []string
- func (p *Provider) IsUsingJWTAsAccessTokens() bool
- func (p *Provider) IssuerURL() *url.URL
- func (p *Provider) JWKSURL() *url.URL
- func (p *Provider) ListenOn(iface ServeInterface) string
- func (p *Provider) LoginURL() *url.URL
- func (p *Provider) LogoutRedirectURL() *url.URL
- func (p *Provider) LogoutURL() *url.URL
- func (p *Provider) MustSet(key string, value interface{})
- func (p *Provider) OAuth2AuthURL() *url.URL
- func (p *Provider) OAuth2ClientRegistrationURL() *url.URL
- func (p *Provider) OAuth2LegacyErrors() bool
- func (p *Provider) OAuth2TokenURL() *url.URL
- func (p *Provider) OIDCDiscoverySupportedClaims() []string
- func (p *Provider) OIDCDiscoverySupportedScope() []string
- func (p *Provider) OIDCDiscoveryUserinfoEndpoint() *url.URL
- func (p *Provider) PKCEEnforced() bool
- func (p *Provider) PublicAllowDynamicRegistration() bool
- func (p *Provider) PublicURL() *url.URL
- func (p *Provider) RefreshTokenLifespan() time.Duration
- func (p *Provider) ScopeStrategy() string
- func (p *Provider) Set(key string, value interface{}) error
- func (p *Provider) ShareOAuth2Debug() bool
- func (p *Provider) SocketPermission(iface ServeInterface) *configx.UnixPermission
- func (p *Provider) Source() *configx.Provider
- func (p *Provider) SubjectIdentifierAlgorithmSalt() string
- func (p *Provider) SubjectTypesSupported() []string
- func (p *Provider) TLS(iface ServeInterface) TLSConfig
- func (p *Provider) TokenRefreshHookURL() *url.URL
- func (p *Provider) Tracing() *tracing.Config
- func (p *Provider) WellKnownKeys(include ...string) []string
- type ServeInterface
- type TLSConfig
Constants ¶
View Source
const ( KeyRoot = "" HsmEnabled = "hsm.enabled" HsmLibraryPath = "hsm.library" HsmPin = "hsm.pin" HsmSlotNumber = "hsm.slot" HsmKeySetPrefix = "hsm.key_set_prefix" HsmTokenLabel = "hsm.token_label" // #nosec G101 KeyWellKnownKeys = "webfinger.jwks.broadcast_keys" KeyOAuth2ClientRegistrationURL = "webfinger.oidc_discovery.client_registration_url" KeyOAuth2TokenURL = "webfinger.oidc_discovery.token_url" // #nosec G101 KeyOAuth2AuthURL = "webfinger.oidc_discovery.auth_url" KeyJWKSURL = "webfinger.oidc_discovery.jwks_url" KeyOIDCDiscoverySupportedClaims = "webfinger.oidc_discovery.supported_claims" KeyOIDCDiscoverySupportedScope = "webfinger.oidc_discovery.supported_scope" KeyOIDCDiscoveryUserinfoEndpoint = "webfinger.oidc_discovery.userinfo_url" KeySubjectTypesSupported = "oidc.subject_identifiers.supported_types" KeyDefaultClientScope = "oidc.dynamic_client_registration.default_scope" KeyDSN = "dsn" KeyBCryptCost = "oauth2.hashers.bcrypt.cost" KeyEncryptSessionData = "oauth2.session.encrypt_at_rest" KeyCookieSameSiteMode = "serve.cookies.same_site_mode" KeyCookieSameSiteLegacyWorkaround = "serve.cookies.same_site_legacy_workaround" KeyConsentRequestMaxAge = "ttl.login_consent_request" KeyAccessTokenLifespan = "ttl.access_token" // #nosec G101 KeyRefreshTokenLifespan = "ttl.refresh_token" // #nosec G101 KeyIDTokenLifespan = "ttl.id_token" // #nosec G101 KeyAuthCodeLifespan = "ttl.auth_code" KeyScopeStrategy = "strategies.scope" KeyGetCookieSecrets = "secrets.cookie" KeyGetSystemSecret = "secrets.system" KeyLogoutRedirectURL = "urls.post_logout_redirect" KeyLoginURL = "urls.login" KeyLogoutURL = "urls.logout" KeyConsentURL = "urls.consent" KeyErrorURL = "urls.error" KeyPublicURL = "urls.self.public" KeyIssuerURL = "urls.self.issuer" KeyAccessTokenStrategy = "strategies.access_token" KeySubjectIdentifierAlgorithmSalt = "oidc.subject_identifiers.pairwise.salt" KeyPublicAllowDynamicRegistration = "oidc.dynamic_client_registration.enabled" KeyPKCEEnforced = "oauth2.pkce.enforced" KeyPKCEEnforcedForPublicClients = "oauth2.pkce.enforced_for_public_clients" KeyLogLevel = "log.level" KeyCGroupsV1AutoMaxProcsEnabled = "cgroups.v1.auto_max_procs_enabled" KeyGrantAllClientCredentialsScopesPerDefault = "oauth2.client_credentials.default_grant_allowed_scope" // #nosec G101 KeyExposeOAuth2Debug = "oauth2.expose_internal_errors" KeyOAuth2LegacyErrors = "oauth2.include_legacy_error_fields" KeyExcludeNotBeforeClaim = "oauth2.exclude_not_before_claim" KeyAllowedTopLevelClaims = "oauth2.allowed_top_level_claims" KeyOAuth2GrantJWTIDOptional = "oauth2.grant.jwt.jti_optional" KeyOAuth2GrantJWTIssuedDateOptional = "oauth2.grant.jwt.iat_optional" KeyOAuth2GrantJWTMaxDuration = "oauth2.grant.jwt.max_ttl" KeyRefreshTokenHookURL = "oauth2.refresh_token_hook" // #nosec G101 )
View Source
const ( KeySuffixListenOnHost = "host" KeySuffixListenOnPort = "port" KeySuffixSocketOwner = "socket.owner" KeySuffixSocketGroup = "socket.group" KeySuffixSocketMode = "socket.mode" KeySuffixDisableHealthAccessLog = "access_log.disable_for_health" )
View Source
const ( KeySuffixTLSEnabled = "tls.enabled" KeySuffixTLSAllowTerminationFrom = "tls.allow_termination_from" KeySuffixTLSCertString = "tls.cert.base64" KeySuffixTLSKeyString = "tls.key.base64" KeySuffixTLSCertPath = "tls.cert.path" KeySuffixTLSKeyPath = "tls.key.path" KeyTLSAllowTerminationFrom = "serve." + KeySuffixTLSAllowTerminationFrom KeyTLSCertString = "serve." + KeySuffixTLSCertString KeyTLSKeyString = "serve." + KeySuffixTLSKeyString KeyTLSCertPath = "serve." + KeySuffixTLSCertPath KeyTLSKeyPath = "serve." + KeySuffixTLSKeyPath )
View Source
const DSNMemory = "memory"
Variables ¶
View Source
var ( Version = "master" Date = "undefined" Commit = "undefined" )
Functions ¶
func MustValidate ¶
Types ¶
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
func (*Provider) AccessTokenLifespan ¶
func (*Provider) AccessTokenStrategy ¶
func (*Provider) AllowedTopLevelClaims ¶
func (*Provider) AuthCodeLifespan ¶
func (*Provider) BCryptCost ¶
func (*Provider) CGroupsV1AutoMaxProcsEnabled ¶
func (*Provider) ConsentRequestMaxAge ¶
func (*Provider) ConsentURL ¶
func (*Provider) CookieSameSiteLegacyWorkaround ¶
func (*Provider) CookieSameSiteMode ¶
func (*Provider) DataSourcePlugin ¶
func (*Provider) DefaultClientScope ¶
func (*Provider) DisableHealthAccessLog ¶
func (p *Provider) DisableHealthAccessLog(iface ServeInterface) bool
func (*Provider) EncryptSessionData ¶
func (*Provider) EnforcePKCEForPublicClients ¶
func (*Provider) ExcludeNotBeforeClaim ¶
func (*Provider) GetCookieSecrets ¶
func (*Provider) GetRotatedSystemSecrets ¶
func (*Provider) GetSystemSecret ¶
func (*Provider) GrantAllClientCredentialsScopesPerDefault ¶
func (*Provider) GrantTypeJWTBearerIDOptional ¶
func (*Provider) GrantTypeJWTBearerIssuedDateOptional ¶
func (*Provider) GrantTypeJWTBearerMaxDuration ¶
func (*Provider) HsmEnabled ¶
func (*Provider) HsmKeySetPrefix ¶
func (*Provider) HsmLibraryPath ¶
func (*Provider) HsmSlotNumber ¶
func (*Provider) HsmTokenLabel ¶
func (*Provider) IDTokenLifespan ¶
func (*Provider) InsecureRedirects ¶
func (*Provider) IsUsingJWTAsAccessTokens ¶
func (*Provider) ListenOn ¶
func (p *Provider) ListenOn(iface ServeInterface) string
func (*Provider) LogoutRedirectURL ¶
func (*Provider) OAuth2AuthURL ¶
func (*Provider) OAuth2ClientRegistrationURL ¶
func (*Provider) OAuth2LegacyErrors ¶
func (*Provider) OAuth2TokenURL ¶
func (*Provider) OIDCDiscoverySupportedClaims ¶
func (*Provider) OIDCDiscoverySupportedScope ¶
func (*Provider) OIDCDiscoveryUserinfoEndpoint ¶
func (*Provider) PKCEEnforced ¶
func (*Provider) PublicAllowDynamicRegistration ¶
func (*Provider) RefreshTokenLifespan ¶
func (*Provider) ScopeStrategy ¶
func (*Provider) ShareOAuth2Debug ¶
func (*Provider) SocketPermission ¶
func (p *Provider) SocketPermission(iface ServeInterface) *configx.UnixPermission
func (*Provider) SubjectIdentifierAlgorithmSalt ¶
func (*Provider) SubjectTypesSupported ¶
func (*Provider) TLS ¶
func (p *Provider) TLS(iface ServeInterface) TLSConfig
func (*Provider) TokenRefreshHookURL ¶
func (*Provider) WellKnownKeys ¶
type ServeInterface ¶
var ( PublicInterface ServeInterface = &servePrefix{ prefix: "serve.public", } AdminInterface ServeInterface = &servePrefix{ prefix: "serve.admin", } )
Click to show internal directories.
Click to hide internal directories.