provider

package
v0.0.0-...-e3e9b0f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 29, 2024 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source
const IssuerApple = "https://appleid.apple.com"
View Source
const IssuerAzureCommon = "https://login.microsoftonline.com/common/v2.0"
View Source
const IssuerAzureMicrosoft = "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0"

IssuerAzureMicrosoft is the OIDC issuer for microsoft.com accounts: https://learn.microsoft.com/en-us/azure/active-directory/develop/id-token-claims-reference#payload-claims

View Source
const IssuerAzureOrganizations = "https://login.microsoftonline.com/organizations/v2.0"
View Source
const IssuerFacebook = "https://www.facebook.com"
View Source
const IssuerGoogle = "https://accounts.google.com"
View Source
const (
	IssuerKakao = "https://kauth.kakao.com"
)
View Source
const (
	IssuerLinkedin = "https://www.linkedin.com"
)
View Source
const UserInfoEndpointGoogle = "https://www.googleapis.com/userinfo/v2/me"

Variables

View Source
var OverrideClock func() time.Time

OverrideClock can be used to set a custom clock function to be used when parsing ID tokens. Should only be used in tests.

View Source
var OverrideVerifiers = make(map[string]func(context.Context, *oidc.Config) *oidc.IDTokenVerifier)

OverrideVerifiers can be used to set a custom verifier for an OIDC provider (identified by the provider's Endpoint().AuthURL string). Should only be used in tests.

Functions

func DetectAzureIDTokenIssuer

func DetectAzureIDTokenIssuer(ctx context.Context, idToken string) (string, error)

func GetName

func GetName(name linkedinName) string

func IsAzureIssuer

func IsAzureIssuer(issuer string) bool

func OverrideGoogleProvider

func OverrideGoogleProvider(issuer, userInfo string)

OverrideGoogleProvider should only be used in tests!

func ResetGoogleProvider

func ResetGoogleProvider()

ResetGoogleProvider should only be used in tests!

Types

type AppleIDTokenClaims

type AppleIDTokenClaims struct {
	jwt.StandardClaims

	Email string `json:"email"`

	AuthTime       *float64        `json:"auth_time"`
	IsPrivateEmail *IsPrivateEmail `json:"is_private_email"`
}

type AppleProvider

type AppleProvider struct {
	*oauth2.Config
	// contains filtered or unexported fields
}

AppleProvider stores the custom config for apple provider

func (AppleProvider) AuthCodeURL

func (p AppleProvider) AuthCodeURL(state string, args ...oauth2.AuthCodeOption) string

func (AppleProvider) GetOAuthToken

func (p AppleProvider) GetOAuthToken(code string) (*oauth2.Token, error)

GetOAuthToken returns the apple provider access token

func (AppleProvider) GetUserData

func (p AppleProvider) GetUserData(ctx context.Context, tok *oauth2.Token) (*UserProvidedData, error)

GetUserData returns the user data fetched from the apple provider

func (AppleProvider) ParseUser

func (p AppleProvider) ParseUser(data string, userData *UserProvidedData) error

ParseUser parses the apple user's info

type AzureIDTokenClaims

type AzureIDTokenClaims struct {
	jwt.StandardClaims

	Email                              string `json:"email"`
	Name                               string `json:"name"`
	PreferredUsername                  string `json:"preferred_username"`
	XMicrosoftEmailDomainOwnerVerified any    `json:"xms_edov"`
}

func (*AzureIDTokenClaims) IsEmailVerified

func (c *AzureIDTokenClaims) IsEmailVerified() bool

type Claims

type Claims struct {
	// Reserved claims
	Issuer  string  `json:"iss,omitempty" structs:"iss,omitempty"`
	Subject string  `json:"sub,omitempty" structs:"sub,omitempty"`
	Aud     string  `json:"aud,omitempty" structs:"aud,omitempty"`
	Iat     float64 `json:"iat,omitempty" structs:"iat,omitempty"`
	Exp     float64 `json:"exp,omitempty" structs:"exp,omitempty"`

	// Default profile claims
	Name              string `json:"name,omitempty" structs:"name,omitempty"`
	FamilyName        string `json:"family_name,omitempty" structs:"family_name,omitempty"`
	GivenName         string `json:"given_name,omitempty" structs:"given_name,omitempty"`
	MiddleName        string `json:"middle_name,omitempty" structs:"middle_name,omitempty"`
	NickName          string `json:"nickname,omitempty" structs:"nickname,omitempty"`
	PreferredUsername string `json:"preferred_username,omitempty" structs:"preferred_username,omitempty"`
	Profile           string `json:"profile,omitempty" structs:"profile,omitempty"`
	Picture           string `json:"picture,omitempty" structs:"picture,omitempty"`
	Website           string `json:"website,omitempty" structs:"website,omitempty"`
	Gender            string `json:"gender,omitempty" structs:"gender,omitempty"`
	Birthdate         string `json:"birthdate,omitempty" structs:"birthdate,omitempty"`
	ZoneInfo          string `json:"zoneinfo,omitempty" structs:"zoneinfo,omitempty"`
	Locale            string `json:"locale,omitempty" structs:"locale,omitempty"`
	UpdatedAt         string `json:"updated_at,omitempty" structs:"updated_at,omitempty"`
	Email             string `json:"email,omitempty" structs:"email,omitempty"`
	EmailVerified     bool   `json:"email_verified,omitempty" structs:"email_verified"`
	Phone             string `json:"phone,omitempty" structs:"phone,omitempty"`
	PhoneVerified     bool   `json:"phone_verified,omitempty" structs:"phone_verified"`

	// Custom profile claims that are provider specific
	CustomClaims map[string]interface{} `json:"custom_claims,omitempty" structs:"custom_claims,omitempty"`

	// TODO: Deprecate in next major release
	FullName    string `json:"full_name,omitempty" structs:"full_name,omitempty"`
	AvatarURL   string `json:"avatar_url,omitempty" structs:"avatar_url,omitempty"`
	Slug        string `json:"slug,omitempty" structs:"slug,omitempty"`
	ProviderId  string `json:"provider_id,omitempty" structs:"provider_id,omitempty"`
	UserNameKey string `json:"user_name,omitempty" structs:"user_name,omitempty"`
}

type Email

type Email struct {
	Email    string
	Verified bool
	Primary  bool
}

Email is a struct that provides information on whether an email is verified or is the primary email address

type HTTPError

type HTTPError struct {
	Code            int    `json:"code"`
	Message         string `json:"msg"`
	InternalError   error  `json:"-"`
	InternalMessage string `json:"-"`
	ErrorID         string `json:"error_id,omitempty"`
}

func (*HTTPError) Cause

func (e *HTTPError) Cause() error

Cause returns the root cause error

func (*HTTPError) Error

func (e *HTTPError) Error() string

func (*HTTPError) Is

func (e *HTTPError) Is(target error) bool

func (*HTTPError) WithInternalError

func (e *HTTPError) WithInternalError(err error) *HTTPError

WithInternalError adds internal error information to the error

func (*HTTPError) WithInternalMessage

func (e *HTTPError) WithInternalMessage(fmtString string, args ...interface{}) *HTTPError

WithInternalMessage adds internal message information to the error

type IsPrivateEmail

type IsPrivateEmail bool

func (*IsPrivateEmail) UnmarshalJSON

func (b *IsPrivateEmail) UnmarshalJSON(data []byte) error

Apple returns an is_private_email field that could be a string or boolean value so we need to implement a custom unmarshaler https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple

type KakaoIDTokenClaims

type KakaoIDTokenClaims struct {
	jwt.StandardClaims

	Email    string `json:"email"`
	Nickname string `json:"nickname"`
	Picture  string `json:"picture"`
}

type LinkedinIDTokenClaims

type LinkedinIDTokenClaims struct {
	jwt.StandardClaims

	Email         string `json:"email"`
	EmailVerified string `json:"email_verified"`
	FamilyName    string `json:"family_name"`
	GivenName     string `json:"given_name"`
	Locale        string `json:"locale"`
	Picture       string `json:"picture"`
}

type OAuthProvider

type OAuthProvider interface {
	AuthCodeURL(string, ...oauth2.AuthCodeOption) string
	GetUserData(context.Context, *oauth2.Token) (*UserProvidedData, error)
	GetOAuthToken(string) (*oauth2.Token, error)
}

OAuthProvider specifies additional methods needed for providers using OAuth

func NewAppleProvider

func NewAppleProvider(ctx context.Context, ext conf.OAuthProviderConfiguration) (OAuthProvider, error)

NewAppleProvider creates a Apple account provider.

func NewAzureProvider

func NewAzureProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewAzureProvider creates a Azure account provider.

func NewBitbucketProvider

func NewBitbucketProvider(ext conf.OAuthProviderConfiguration) (OAuthProvider, error)

NewBitbucketProvider creates a Bitbucket account provider.

func NewDiscordProvider

func NewDiscordProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewDiscordProvider creates a Discord account provider.

func NewFacebookProvider

func NewFacebookProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewFacebookProvider creates a Facebook account provider.

func NewFigmaProvider

func NewFigmaProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewFigmaProvider creates a Figma account provider.

func NewFlyProvider

func NewFlyProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewFlyProvider creates a Fly oauth provider.

func NewGithubProvider

func NewGithubProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewGithubProvider creates a Github account provider.

func NewGitlabProvider

func NewGitlabProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewGitlabProvider creates a Gitlab account provider.

func NewGoogleProvider

func NewGoogleProvider(ctx context.Context, ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewGoogleProvider creates a Google OAuth2 identity provider.

func NewKakaoProvider

func NewKakaoProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

func NewKeycloakProvider

func NewKeycloakProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewKeycloakProvider creates a Keycloak account provider.

func NewLinkedinOIDCProvider

func NewLinkedinOIDCProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewLinkedinOIDCProvider creates a Linkedin account provider via OIDC.

func NewLinkedinProvider

func NewLinkedinProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewLinkedinProvider creates a Linkedin account provider.

func NewNotionProvider

func NewNotionProvider(ext conf.OAuthProviderConfiguration) (OAuthProvider, error)

NewNotionProvider creates a Notion account provider.

func NewSlackProvider

func NewSlackProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewSlackProvider creates a Slack account provider.

func NewSpotifyProvider

func NewSpotifyProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewSpotifyProvider creates a Spotify account provider.

func NewTwitchProvider

func NewTwitchProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewTwitchProvider creates a Twitch account provider.

func NewTwitterProvider

func NewTwitterProvider(ext conf.OAuthProviderConfiguration, scopes string) (OAuthProvider, error)

NewTwitterProvider creates a Twitter account provider.

func NewWorkOSProvider

func NewWorkOSProvider(ext conf.OAuthProviderConfiguration) (OAuthProvider, error)

NewWorkOSProvider creates a WorkOS account provider.

func NewZoomProvider

func NewZoomProvider(ext conf.OAuthProviderConfiguration) (OAuthProvider, error)

NewZoomProvider creates a Zoom account provider.

type ParseIDTokenOptions

type ParseIDTokenOptions struct {
	SkipAccessTokenCheck bool
	AccessToken          string
}

type Provider

type Provider interface {
	AuthCodeURL(string, ...oauth2.AuthCodeOption) string
}

Provider is an interface for interacting with external account providers

type TwitterProvider

type TwitterProvider struct {
	ClientKey     string
	Secret        string
	CallbackURL   string
	AuthURL       string
	RequestToken  *oauth.RequestToken
	OauthVerifier string
	Consumer      *oauth.Consumer
	UserInfoURL   string
}

TwitterProvider stores the custom config for twitter provider

func (*TwitterProvider) AuthCodeURL

func (t *TwitterProvider) AuthCodeURL(state string, args ...oauth2.AuthCodeOption) string

AuthCodeURL fetches the request token from the twitter provider

func (TwitterProvider) FetchUserData

func (t TwitterProvider) FetchUserData(ctx context.Context, tok *oauth.AccessToken) (*UserProvidedData, error)

FetchUserData retrieves the user's data from the twitter provider

func (TwitterProvider) GetOAuthToken

func (t TwitterProvider) GetOAuthToken(_ string) (*oauth2.Token, error)

GetOAuthToken is a stub method for OAuthProvider interface, unused in OAuth1.0 protocol

func (TwitterProvider) GetUserData

func (t TwitterProvider) GetUserData(ctx context.Context, tok *oauth2.Token) (*UserProvidedData, error)

GetUserData is a stub method for OAuthProvider interface, unused in OAuth1.0 protocol

func (TwitterProvider) Marshal

func (t TwitterProvider) Marshal() string

Marshal encodes the twitter request token

func (TwitterProvider) Unmarshal

func (t TwitterProvider) Unmarshal(data string) (*oauth.RequestToken, error)

Unmarshal decodes the twitter request token

type UserProvidedData

type UserProvidedData struct {
	Emails   []Email
	Metadata *Claims
}

UserProvidedData is a struct that contains the user's data returned from the oauth provider

func ParseIDToken

func ParseIDToken(ctx context.Context, provider *oidc.Provider, config *oidc.Config, idToken string, options ParseIDTokenOptions) (*oidc.IDToken, *UserProvidedData, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL