Documentation
¶
Index ¶
- Constants
- Variables
- func DPoPSignRequest(signingKey string, hc *http.Client, r *http.Request) error
- func DPoPThumbprint(signingKey string, hc *http.Client) (string, error)
- func EncryptJWT(token string, encrypterProvider EncrypterProvider) (nestedJWT string, key interface{}, err error)
- func FetchOpenIDConfiguration(ctx context.Context, issuerURL string, hc *http.Client) (request Request, c ServerConfig, err error)
- func ParseError(resp *http.Response) error
- func PlaintextJWT(claimsProvider ClaimsProvider) (jwt string, key string, err error)
- func RandomString(n int) string
- func ReadKey(use KeyUse, location string, hc *http.Client) (jose.JSONWebKey, error)
- func ReadKeyPair(cert string, key string, hc *http.Client) (keyPair tls.Certificate, err error)
- func ReadRootCA(location string, hc *http.Client) (pool *x509.CertPool, err error)
- func ReadURL(location string, hc *http.Client) (data []byte, err error)
- func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, ...) (request Request, response DeviceAuthorizationResponse, err error)
- func RequestPAR(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, ...) (parRequest Request, parResponse PARResponse, authorizeRequest Request, ...)
- func RequestToken(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, ...) (request Request, response TokenResponse, err error)
- func SignJWT(claimsProvider ClaimsProvider, signerProvider SignerProvider) (jwt string, key interface{}, err error)
- func UnsafeParseJWT(token string) (*jwt.JSONWebToken, map[string]interface{}, error)
- func WithAuthorizationCode(code string) func(*RequestTokenParams)
- func WithCodeVerifier(codeVerifier string) func(*RequestTokenParams)
- func WithDeviceCode(deviceCode string) func(*RequestTokenParams)
- func WithRedirectURL(url string) func(*RequestTokenParams)
- type ClaimsProvider
- type ClientConfig
- type DPoPClaims
- type DeviceAuthorizationResponse
- type EncrypterProvider
- type Error
- type KeyUse
- type PARResponse
- type Request
- func (r *Request) AuthenticateClient(endpoint string, mtlsEndpoint string, cconfig ClientConfig, ...) (string, error)
- func (r *Request) AuthorizeRequest(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (codeVerifier string, err error)
- func (r *Request) Get(key string) string
- func (r *Request) ParseJARM(signingKey interface{}, encryptionKey interface{}) error
- type RequestTokenOption
- type RequestTokenParams
- type ServerConfig
- type SignerProvider
- type TokenResponse
Constants ¶
View Source
const ( DPoPHeaderName = "DPoP" DPoPHeaderType = "dpop+jwt" )
View Source
const ( ErrAuthorizationPending = "authorization_pending" ErrSlowDown = "slow_down" )
View Source
const ( AuthorizationCodeGrantType string = "authorization_code" ClientCredentialsGrantType string = "client_credentials" ImplicitGrantType string = "implicit" PasswordGrantType string = "password" RefreshTokenGrantType string = "refresh_token" JWTBearerGrantType string = "urn:ietf:params:oauth:grant-type:jwt-bearer" TokenExchangeGrantType string = "urn:ietf:params:oauth:grant-type:token-exchange" DeviceGrantType string = "urn:ietf:params:oauth:grant-type:device_code" )
grant types
View Source
const ( ClientSecretBasicAuthMethod string = "client_secret_basic" ClientSecretPostAuthMethod string = "client_secret_post" ClientSecretJwtAuthMethod string = "client_secret_jwt" PrivateKeyJwtAuthMethod string = "private_key_jwt" SelfSignedTLSAuthMethod string = "self_signed_tls_client_auth" TLSClientAuthMethod string = "tls_client_auth" NoneAuthMethod string = "none" )
auth methods
View Source
const CodeVerifierLength = 43
View Source
const (
JwtBearerClientAssertion string = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)
client assertion types
View Source
const OpenIDConfigurationPath = "/.well-known/openid-configuration"
Variables ¶
View Source
var CodeChallengeEncoder = base64.RawURLEncoding
Functions ¶
func DPoPSignRequest ¶
func EncryptJWT ¶
func EncryptJWT(token string, encrypterProvider EncrypterProvider) (nestedJWT string, key interface{}, err error)
func ParseError ¶
func PlaintextJWT ¶
func PlaintextJWT(claimsProvider ClaimsProvider) (jwt string, key string, err error)
func RandomString ¶
func ReadKeyPair ¶
func ReadRootCA ¶
func RequestDeviceAuthorization ¶
func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (request Request, response DeviceAuthorizationResponse, err error)
func RequestPAR ¶
func RequestPAR( ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, ) (parRequest Request, parResponse PARResponse, authorizeRequest Request, codeVerifier string, err error)
func RequestToken ¶
func RequestToken( ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, opts ...RequestTokenOption, ) (request Request, response TokenResponse, err error)
func SignJWT ¶
func SignJWT(claimsProvider ClaimsProvider, signerProvider SignerProvider) (jwt string, key interface{}, err error)
func UnsafeParseJWT ¶
func UnsafeParseJWT(token string) (*jwt.JSONWebToken, map[string]interface{}, error)
func WithAuthorizationCode ¶
func WithAuthorizationCode(code string) func(*RequestTokenParams)
func WithCodeVerifier ¶
func WithCodeVerifier(codeVerifier string) func(*RequestTokenParams)
func WithDeviceCode ¶
func WithDeviceCode(deviceCode string) func(*RequestTokenParams)
func WithRedirectURL ¶
func WithRedirectURL(url string) func(*RequestTokenParams)
Types ¶
type ClaimsProvider ¶
func AssertionClaims ¶
func AssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider
func ClientAssertionClaims ¶
func ClientAssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider
func RequestObjectClaims ¶
func RequestObjectClaims(params url.Values, serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider
type ClientConfig ¶
type ClientConfig struct {
IssuerURL string
RedirectURL string
GrantType string
ClientID string
ClientSecret string
Scopes []string
Audience []string
AuthMethod string
PKCE bool
PAR bool
RequestObject bool
EncryptedRequestObject bool
Insecure bool
ResponseType []string
ResponseMode string
Username string
Password string
RefreshToken string
Assertion string
SigningKey string
EncryptionKey string
SubjectToken string
SubjectTokenType string
ActorToken string
ActorTokenType string
IDTokenHint string
LoginHint string
IDPHint string
TLSCert string
TLSKey string
TLSRootCA string
Timeout time.Duration
DPoP bool
Claims string
Origin string
}
type DPoPClaims ¶
type DeviceAuthorizationResponse ¶
type DeviceAuthorizationResponse struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete"`
ExpiresIn int64 `json:"expires_in"`
Interval int64 `json:"interval"`
}
type EncrypterProvider ¶
type EncrypterProvider func() (jose.Encrypter, interface{}, error)
func JWEEncrypter ¶
func JWEEncrypter(keyPath string, hc *http.Client) EncrypterProvider
type Error ¶
type PARResponse ¶
type Request ¶
type Request struct {
Method string
URL *url.URL
Headers map[string][]string
Form url.Values
JARM map[string]interface{}
RequestObject string
SigningKey interface{}
EncryptionKey interface{}
Cert *x509.Certificate
}
func RequestAuthorization ¶
func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error)
func WaitForCallback ¶
func WaitForCallback(clientConfig ClientConfig, serverConfig ServerConfig, hc *http.Client) (request Request, err error)
func (*Request) AuthenticateClient ¶
func (r *Request) AuthenticateClient( endpoint string, mtlsEndpoint string, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, ) (string, error)
func (*Request) AuthorizeRequest ¶
func (r *Request) AuthorizeRequest( cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, ) (codeVerifier string, err error)
type RequestTokenOption ¶
type RequestTokenOption func(*RequestTokenParams)
type RequestTokenParams ¶
type ServerConfig ¶
type ServerConfig struct {
Issuer string `json:"issuer"`
JWKsURI string `json:"jwks_uri"`
SupportedGrantTypes []string `json:"grant_types_supported"`
SupportedResponseTypes []string `json:"response_types_supported"`
SupportedTokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
SupportedScopes []string `json:"scopes_supported"`
SupportedResponseModes []string `json:"response_modes_supported"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
MTLsEndpointAliases struct {
TokenEndpoint string `json:"token_endpoint"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
} `json:"mtls_endpoint_aliases"`
}
type SignerProvider ¶
type SignerProvider func() (jose.Signer, interface{}, error)
func SecretSigner ¶
func SecretSigner(secret []byte) SignerProvider
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token,omitempty"`
ExpiresIn int64 `json:"expires_in,omitempty"`
IDToken string `json:"id_token,omitempty"`
IssuedTokenType string `json:"issued_token_type,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
TokenType string `json:"token_type,omitempty"`
}
func NewTokenResponseFromForm ¶
func NewTokenResponseFromForm(f url.Values) TokenResponse
Source Files
Click to show internal directories.
Click to hide internal directories.