Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationResponse ¶
type AuthenticationResponse struct { jwt.RegisteredClaims // The standard JWT claims // Id_token IDToken `json:"id_token"` // id_token in standard OIDC Client_id string `json:"client_id"` // client_id of the RP Response_type string `json:"response_type"` // response_type for SIOP Response_mode string `json:"response_mode"` Scopes []string `json:"scope"` Nonce string `json:"nonce"` Vp_token json.RawMessage `json:"vp_token"` // vp_token in new OIDC4VP extension }
The AuthenticationResponse structure that SIOP sends and RPs receive
func New ¶
func New(client_id string, authRequest *authrequest.AuthenticationRequest, vp_token json.RawMessage) *AuthenticationResponse
New is used by SIOP to create an AuthorizationResponse from the AuthorizationRequest received from the RP. It includes the vp_token created by SIOP to send the Verifiable Presentation. This is self-issued, so Issuer and Subject are set to the ID of the SIOP user (normally a DID)
func ParseAndValidate ¶
func ParseAndValidate(tokenString string, keyFunc jwt.Keyfunc) (*AuthenticationResponse, error)
ParseAndValidate is intended for RPs to validate AuthorizationResponse from SIOP. ParseAndValidate generates an AuthorizationResponse from a JWT, validating the signature keyFunc is a function that receives a JWT and retrieves the corresponding public key using the key id in the header of the JWT
type IDToken ¶
type IDToken struct { // The URL of the server which issued this token. OpenID Connect // requires this value always be identical to the URL used for // initial discovery. // // Note: Because of a known issue with Google Accounts' implementation // this value may differ when using Google. // // See: https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo Issuer string `json:"iss,omitempty"` // The client ID, or set of client IDs, that this token is issued for. For // common uses, this is the client that initialized the auth flow. // // This package ensures the audience contains an expected value. Audience []string `json:"aud,omitempty"` // A unique string which identifies the end user. Subject string `json:"sub,omitempty"` // Expiry of the token. Ths package will not process tokens that have // expired unless that validation is explicitly turned off. Expiry time.Time `json:"exp,omitempty"` // When the token was issued by the provider. IssuedAt time.Time `json:"iat,omitempty"` // Initial nonce provided during the authentication redirect. // // This package does NOT provided verification on the value of this field // and it's the user's responsibility to ensure it contains a valid value. Nonce string `json:"nonce,omitempty"` // at_hash claim, if set in the ID token. Callers can verify an access token // that corresponds to the ID token using the VerifyAccessToken method. AccessTokenHash string `json:"at_hash,omitempty"` // contains filtered or unexported fields }
IDToken is an OpenID Connect extension that provides a predictable representation of an authorization event.
The ID Token only holds fields OpenID Connect requires. To access additional claims returned by the server, use the Claims method.