README
¶
goidc
This is a simple oidc implementation as we learn the ropes of working with OIDC providers.
Documentation
¶
Index ¶
Constants ¶
View Source
const ( SCOPEOPENID = "openid" SCOPEPROFILE = "profile" SCOPEEMAIL = "email" )
Variables ¶
View Source
var DefaultScopes = []string{SCOPEOPENID, SCOPEPROFILE, SCOPEEMAIL}
DefaultScopes provides an easy-to-use set of scopes for basic apps.
Functions ¶
func SetAuthResponse ¶
func SetAuthResponse(ar AuthResponse, r *http.Request)
Types ¶
type AuthResponse ¶
type AuthResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
IDToken string `json:"id_token"`
State string `json:"state"`
}
func AuthResponseFromContext ¶
func AuthResponseFromContext(r *http.Request) (AuthResponse, bool)
func (AuthResponse) String ¶
func (ar AuthResponse) String() string
type Claims ¶
type Claims struct {
Audience []string `json:"aud"`
AuthTime int `json:"auth_time"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Exp int64 `json:"exp"`
FamilyName string `json:"family_name"`
GivenName string `json:"given_name"`
Name string `json:"name"`
PreferredUsername string `json:"preferred_username"`
Nickname string `json:"nickname"`
Locale string `json:"locale"`
Sub string `json:"sub"`
Picture string `json:"picture"`
Roles map[string]map[string]string `json:"urn:zitadel:iam:org:project:roles"` // This probably isn't going to work across providers, but I'm only working with zitadel on this right now
}
func (Claims) GetRoleNames ¶
type Client ¶
type Client[C any] struct { // contains filtered or unexported fields }
Client as this is a simple implementation of OIDC at this point, this client is intended to only help facilitate PKCE for its OIDC implementation.
func (*Client[C]) BuildAuthenticateRedirect ¶
func (c *Client[C]) BuildAuthenticateRedirect(state, redirectURI string, scopes []string) (*url.URL, string, error)
BuildAuthenticateRedirect this builds the URL to redirect to, it also returns the PKCE raw value (to be stored in session/cookie/etc.) or an error if encountered.
func (*Client[C]) ParseClaims ¶
ParseClaims takes the id_token returned from the authentication request, parses it based upon type C associated with this struct instance.
func (*Client[C]) RequestAuthResponse ¶
func (c *Client[C]) RequestAuthResponse(code, redirectURI, codeVerifier string) (*AuthResponse, error)
RequestAuthResponse takes the code returned on the callback endpoint and turns it into the auth response, again this is working with PKCE.
type IntrospectionResult ¶
type IntrospectionResult struct {
Active bool `json:"active"`
}
type Introspector ¶
func NewZitadelIntrospectorFromFile ¶
func NewZitadelIntrospectorFromFile(issuer, path string, endpoints Endpoints) (Introspector, error)
func NewZitadelIntrospectorWithData ¶
func NewZitadelIntrospectorWithData(issuer string, endpoints Endpoints, data []byte) (Introspector, error)
type ZitadelEndpoints ¶
type ZitadelEndpoints struct {
}
func (ZitadelEndpoints) Authorize ¶
func (z ZitadelEndpoints) Authorize() string
func (ZitadelEndpoints) Introspect ¶
func (z ZitadelEndpoints) Introspect() string
func (ZitadelEndpoints) Keys ¶
func (z ZitadelEndpoints) Keys() string
func (ZitadelEndpoints) Token ¶
func (z ZitadelEndpoints) Token() string
type ZitadelIntrospector ¶
type ZitadelIntrospector struct {
// contains filtered or unexported fields
}
func (*ZitadelIntrospector) Introspect ¶
func (zi *ZitadelIntrospector) Introspect(token string) (bool, error)
Source Files
Click to show internal directories.
Click to hide internal directories.