Documentation
¶
Overview ¶
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.
Index ¶
- func New(config *oauth2.Config, provider *coreosoidc.Provider, client *http.Client) provider.UpstreamOIDCIdentityProviderI
- type ProviderConfig
- func (p *ProviderConfig) AllowsPasswordGrant() bool
- func (p *ProviderConfig) ExchangeAuthcodeAndValidateTokens(ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, ...) (*oidctypes.Token, error)
- func (p *ProviderConfig) GetAdditionalAuthcodeParams() map[string]string
- func (p *ProviderConfig) GetAuthorizationURL() *url.URL
- func (p *ProviderConfig) GetClientID() string
- func (p *ProviderConfig) GetGroupsClaim() string
- func (p *ProviderConfig) GetName() string
- func (p *ProviderConfig) GetResourceUID() types.UID
- func (p *ProviderConfig) GetRevocationURL() *url.URL
- func (p *ProviderConfig) GetScopes() []string
- func (p *ProviderConfig) GetUsernameClaim() string
- func (p *ProviderConfig) PasswordCredentialsGrantAndValidateTokens(ctx context.Context, username, password string) (*oidctypes.Token, error)
- func (p *ProviderConfig) PerformRefresh(ctx context.Context, refreshToken string) (*oauth2.Token, error)
- func (p *ProviderConfig) RevokeRefreshToken(ctx context.Context, refreshToken string) error
- func (p *ProviderConfig) ValidateToken(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce) (*oidctypes.Token, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func New ¶
func New(config *oauth2.Config, provider *coreosoidc.Provider, client *http.Client) provider.UpstreamOIDCIdentityProviderI
Types ¶
type ProviderConfig ¶
type ProviderConfig struct {
Name string
ResourceUID types.UID
UsernameClaim string
GroupsClaim string
Config *oauth2.Config
Client *http.Client
AllowPasswordGrant bool
AdditionalAuthcodeParams map[string]string
RevocationURL *url.URL // will commonly be nil: many providers do not offer this
Provider interface {
Verifier(*coreosoidc.Config) *coreosoidc.IDTokenVerifier
Claims(v interface{}) error
UserInfo(ctx context.Context, tokenSource oauth2.TokenSource) (*coreosoidc.UserInfo, error)
}
}
ProviderConfig holds the active configuration of an upstream OIDC provider.
func (*ProviderConfig) AllowsPasswordGrant ¶ added in v0.37.0
func (p *ProviderConfig) AllowsPasswordGrant() bool
func (*ProviderConfig) ExchangeAuthcodeAndValidateTokens ¶
func (*ProviderConfig) GetAdditionalAuthcodeParams ¶ added in v0.37.0
func (p *ProviderConfig) GetAdditionalAuthcodeParams() map[string]string
func (*ProviderConfig) GetAuthorizationURL ¶
func (p *ProviderConfig) GetAuthorizationURL() *url.URL
func (*ProviderConfig) GetClientID ¶
func (p *ProviderConfig) GetClientID() string
func (*ProviderConfig) GetGroupsClaim ¶
func (p *ProviderConfig) GetGroupsClaim() string
func (*ProviderConfig) GetName ¶
func (p *ProviderConfig) GetName() string
func (*ProviderConfig) GetResourceUID ¶ added in v0.37.0
func (p *ProviderConfig) GetResourceUID() types.UID
func (*ProviderConfig) GetRevocationURL ¶ added in v0.37.0
func (p *ProviderConfig) GetRevocationURL() *url.URL
func (*ProviderConfig) GetScopes ¶
func (p *ProviderConfig) GetScopes() []string
func (*ProviderConfig) GetUsernameClaim ¶
func (p *ProviderConfig) GetUsernameClaim() string
func (*ProviderConfig) PasswordCredentialsGrantAndValidateTokens ¶ added in v0.37.0
func (*ProviderConfig) PerformRefresh ¶ added in v0.37.0
func (*ProviderConfig) RevokeRefreshToken ¶ added in v0.37.0
func (p *ProviderConfig) RevokeRefreshToken(ctx context.Context, refreshToken string) error
RevokeRefreshToken will attempt to revoke the given token, if the provider has a revocation endpoint.
func (*ProviderConfig) ValidateToken ¶
func (p *ProviderConfig) ValidateToken(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce) (*oidctypes.Token, error)
ValidateToken will validate the ID token. It will also merge the claims from the userinfo endpoint response, if the provider offers the userinfo endpoint.
Source Files
Click to show internal directories.
Click to hide internal directories.