Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationResponse ¶
type AuthenticationResponse struct {
jwt.RegisteredClaims // The standard JWT claims
// Id_token IDToken `json:"id_token"` // id_token in standard OIDC
Client_id string `json:"client_id"` // client_id of the RP
Response_type string `json:"response_type"` // response_type for SIOP
Response_mode string `json:"response_mode"`
Scopes []string `json:"scope"`
Nonce string `json:"nonce"`
Vp_token json.RawMessage `json:"vp_token"` // vp_token in new OIDC4VP extension
}
The AuthenticationResponse structure that SIOP sends and RPs receive
func New ¶
func New(client_id string, authRequest *authrequest.AuthenticationRequest, vp_token json.RawMessage) *AuthenticationResponse
New is used by SIOP to create an AuthorizationResponse from the AuthorizationRequest received from the RP. It includes the vp_token created by SIOP to send the Verifiable Presentation. This is self-issued, so Issuer and Subject are set to the ID of the SIOP user (normally a DID)
func ParseAndValidate ¶
func ParseAndValidate(tokenString string, keyFunc jwt.Keyfunc) (*AuthenticationResponse, error)
ParseAndValidate is intended for RPs to validate AuthorizationResponse from SIOP. ParseAndValidate generates an AuthorizationResponse from a JWT, validating the signature keyFunc is a function that receives a JWT and retrieves the corresponding public key using the key id in the header of the JWT
type IDToken ¶
type IDToken struct {
// The URL of the server which issued this token. OpenID Connect
// requires this value always be identical to the URL used for
// initial discovery.
//
// Note: Because of a known issue with Google Accounts' implementation
// this value may differ when using Google.
//
// See: https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo
Issuer string `json:"iss,omitempty"`
// The client ID, or set of client IDs, that this token is issued for. For
// common uses, this is the client that initialized the auth flow.
//
// This package ensures the audience contains an expected value.
Audience []string `json:"aud,omitempty"`
// A unique string which identifies the end user.
Subject string `json:"sub,omitempty"`
// Expiry of the token. Ths package will not process tokens that have
// expired unless that validation is explicitly turned off.
Expiry time.Time `json:"exp,omitempty"`
// When the token was issued by the provider.
IssuedAt time.Time `json:"iat,omitempty"`
// Initial nonce provided during the authentication redirect.
//
// This package does NOT provided verification on the value of this field
// and it's the user's responsibility to ensure it contains a valid value.
Nonce string `json:"nonce,omitempty"`
// at_hash claim, if set in the ID token. Callers can verify an access token
// that corresponds to the ID token using the VerifyAccessToken method.
AccessTokenHash string `json:"at_hash,omitempty"`
// contains filtered or unexported fields
}
IDToken is an OpenID Connect extension that provides a predictable representation of an authorization event.
The ID Token only holds fields OpenID Connect requires. To access additional claims returned by the server, use the Claims method.
Source Files