Documentation ¶
Index ¶
- Constants
- func AuthorizationCodeToken(ctx context.Context, c ServerConfig) (*oauth2.Token, error)
- func Login(ctx context.Context, logger *zap.SugaredLogger, provider *oidc.Provider, ...) (*oauth2.Token, error)
- func LoginAndSave(ctx context.Context, logger *zap.SugaredLogger, l *LoginConfig, ...) error
- func ReadLoginConfigs(oidcLoginFile string) (map[string]LoginConfig, error)
- func ReadTokens(oidcTokenFile string) (map[string]*Token, error)
- func Refresh(ctx context.Context, provider *oidc.Provider, l *LoginConfig, ...) (*oauth2.Token, error)
- type LoginConfig
- type ServerConfig
- type SupportedGrants
- type Token
Constants ¶
View Source
const DefaultLocalServerSuccessHTML = `` /* 474-byte string literal not displayed */
DefaultLocalServerSuccessHTML is a default response body on authorization success.
Variables ¶
This section is empty.
Functions ¶
func AuthorizationCodeToken ¶
AuthorizationCodeToken performs the Authorization Code Grant Flow and returns a token received from the provider. See https://tools.ietf.org/html/rfc6749#section-4.1
This performs the following steps:
- Start a local server at the port.
- Open a browser and navigate it to the local server.
- Wait for the user authorization.
- Receive a code via an authorization response (HTTP redirect).
- Exchange the code and a token.
- Return the code.
func LoginAndSave ¶
func LoginAndSave(ctx context.Context, logger *zap.SugaredLogger, l *LoginConfig, grantType, oidcLoginFile, oidcTokenFile string) error
func ReadLoginConfigs ¶
func ReadLoginConfigs(oidcLoginFile string) (map[string]LoginConfig, error)
Types ¶
type LoginConfig ¶
type ServerConfig ¶
type ServerConfig struct { // OAuth2 config. // RedirectURL will be automatically set to the local server. OAuth2Config oauth2.Config // Hostname of the redirect URL. // You can set this if your provider does not accept localhost. // Default to localhost. RedirectURLHostname string // Options for an authorization request. // You can set oauth2.AccessTypeOffline and the PKCE options here. AuthCodeOptions []oauth2.AuthCodeOption // Options for a token request. // You can set the PKCE options here. TokenRequestOptions []oauth2.AuthCodeOption // State parameter in the authorization request. // Default to a string of random 32 bytes. State string // Candidates of hostname and port which the local server binds to. // You can set port number to 0 to allocate a free port. // If multiple addresses are given, it will try the ports in order. // If nil or an empty slice is given, it defaults to "127.0.0.1:0" i.e. a free port. LocalServerBindAddress []string // A PEM-encoded certificate, and possibly the complete certificate chain. // When set, the server will serve TLS traffic using the specified // certificates. It's recommended that the public key's SANs contain // the loopback addresses - 'localhost', '127.0.0.1' and '::1' LocalServerCertFile string // A PEM-encoded private key for the certificate. // This is required when LocalServerCertFile is set. LocalServerKeyFile string // Response HTML body on authorization completed. // Default to DefaultLocalServerSuccessHTML. LocalServerSuccessHTML string // Middleware for the local server. Default to none. LocalServerMiddleware func(h http.Handler) http.Handler // A channel to send its URL when the local server is ready. Default to none. LocalServerReadyChan chan<- string // Redirect URL upon successful login SuccessRedirectURL string // Redirect URL upon failed login FailureRedirectURL string // Logger function for debug. Logf func(format string, args ...interface{}) }
ServerConfig represents a config for AuthorizationCodeToken.
type SupportedGrants ¶
type SupportedGrants struct { Refresh bool AuthorizationCode bool Password bool // contains filtered or unexported fields }
func GetSupportedGrants ¶
func GetSupportedGrants(provider *oidc.Provider) (SupportedGrants, error)
func (SupportedGrants) String ¶
func (g SupportedGrants) String() string
type Token ¶
type Token struct { TokenType string `json:"type"` AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` Expiry time.Time `json:"expiry"` RawIDToken string `json:"id_token"` IDTokenExpiry time.Time `json:"id_token_expiry"` // contains filtered or unexported fields }
Token implements grpc.credentials.PerRPCCredentials interface.
func (*Token) GetRequestMetadata ¶
func (*Token) RequireTransportSecurity ¶
Click to show internal directories.
Click to hide internal directories.