Documentation ¶
Index ¶
- Constants
- Variables
- type CodeVerifier
- type Config
- type Group
- type OIDCProvider
- func (pc *OIDCProvider) AddScopes(scopes ...string)
- func (pc *OIDCProvider) AuthCodeURLWithPKCE() (string, string)
- func (pc *OIDCProvider) ExchangeWithPKCE(ctx context.Context, authCode, codeVerifier string) (*oauth2.Token, error)
- func (pc *OIDCProvider) GetProviderGroups(providerID string) (*ProviderGroups, error)
- func (pc *OIDCProvider) Verify(ctx context.Context, rawIDToken string) (*oidc.IDToken, error)
- type ProviderGroups
Constants ¶
const (
// https://dexidp.io/docs/custom-scopes-claims-clients/#public-clients
OutOfBrowserURN = "urn:ietf:wg:oauth:2.0:oob"
)
Variables ¶
var ( // "openid" is a required scope for OpenID Connect flows. // Other scopes, such as "groups" can be requested. DefaultScopes = []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "profile", "email", "groups", "federated:id"} )
Functions ¶
This section is empty.
Types ¶
type CodeVerifier ¶
type CodeVerifier struct {
Value string
}
CodeVerifier is an helper struct used to create a code_challenge for the PKCE Ref: https://www.oauth.com/oauth2-servers/pkce/
func NewCodeVerifier ¶
func NewCodeVerifier() *CodeVerifier
NewCodeVerifier returns a cryptographic secure random CodeVerifier of a fixed length (32)
func NewCodeVerifierWithLen ¶
func NewCodeVerifierWithLen(len int) *CodeVerifier
NewCodeVerifier returns a cryptographic secure random CodeVerifier of the specified length
func (*CodeVerifier) ChallengeS256 ¶
func (c *CodeVerifier) ChallengeS256() string
ChallengeS256 returns an encoded SHA256 code_challenge of the code_verifier
type Config ¶ added in v1.5.0
type OIDCProvider ¶
OIDCProvider wraps an oidc.Provider and its Configuration
func NewOIDCProvider ¶
func NewOIDCProvider(ctx context.Context, issuer, clientID string) (*OIDCProvider, error)
NewOIDCProvider construct an OIDCProvider loading the configuration from the issuer URL
func NewOIDCProviderWithConfig ¶ added in v1.5.0
func NewOIDCProviderWithConfig(ctx context.Context, config Config) (*OIDCProvider, error)
NewOIDCProviderWithConfig construct an OIDCProvider with the provided configuration
func (*OIDCProvider) AddScopes ¶
func (pc *OIDCProvider) AddScopes(scopes ...string)
AddScopes will add scopes to the OIDCProvider.Config.Scopes, extending the DefaultScopes
func (*OIDCProvider) AuthCodeURLWithPKCE ¶
func (pc *OIDCProvider) AuthCodeURLWithPKCE() (string, string)
AuthCodeURLWithPKCE will return an URL that can be used to obtain an auth code, and a code_verifier string. The code_verifier is needed to implement the PKCE auth flow, since this is going to be used by our CLI Ref: https://www.oauth.com/oauth2-servers/pkce/
func (*OIDCProvider) ExchangeWithPKCE ¶
func (pc *OIDCProvider) ExchangeWithPKCE(ctx context.Context, authCode, codeVerifier string) (*oauth2.Token, error)
ExchangeWithPKCE will exchange the authCode with a token, checking if the codeVerifier is valid
func (*OIDCProvider) GetProviderGroups ¶ added in v1.5.0
func (pc *OIDCProvider) GetProviderGroups(providerID string) (*ProviderGroups, error)
GetProviderGroups returns the ProviderGroups of the specified provider
type ProviderGroups ¶ added in v1.5.0
type ProviderGroups struct { ConnectorID string `yaml:"connectorId"` Groups []Group `yaml:"groups"` }
func (*ProviderGroups) GetRolesFromGroups ¶ added in v1.5.0
func (pg *ProviderGroups) GetRolesFromGroups(groupIDs ...string) []string
GetRoleFromGroups returns the roles matching the provided groups