Documentation ¶
Index ¶
Constants ¶
View Source
const ( SCOPEOPENID = "openid" SCOPEPROFILE = "profile" SCOPEEMAIL = "email" )
Variables ¶
View Source
var DefaultScopes = []string{SCOPEOPENID, SCOPEPROFILE, SCOPEEMAIL}
DefaultScopes provides an easy-to-use set of scopes for basic apps.
Functions ¶
func SetAuthResponse ¶
func SetAuthResponse(ar AuthResponse, r *http.Request)
Types ¶
type AuthResponse ¶
type AuthResponse struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` ExpiresIn int `json:"expires_in"` IDToken string `json:"id_token"` State string `json:"state"` }
func AuthResponseFromContext ¶
func AuthResponseFromContext(r *http.Request) (AuthResponse, bool)
func (AuthResponse) String ¶
func (ar AuthResponse) String() string
type Claims ¶
type Claims struct { Audience []string `json:"aud"` AuthTime int `json:"auth_time"` Email string `json:"email"` EmailVerified bool `json:"email_verified"` Exp int64 `json:"exp"` FamilyName string `json:"family_name"` GivenName string `json:"given_name"` Name string `json:"name"` PreferredUsername string `json:"preferred_username"` Nickname string `json:"nickname"` Locale string `json:"locale"` Sub string `json:"sub"` Picture string `json:"picture"` Roles map[string]map[string]string `json:"urn:zitadel:iam:org:project:roles"` // This probably isn't going to work across providers, but I'm only working with zitadel on this right now }
func (Claims) GetRoleNames ¶
type Client ¶
type Client[C any] struct { // contains filtered or unexported fields }
Client as this is a simple implementation of OIDC at this point, this client is intended to only help facilitate PKCE for its OIDC implementation.
func (*Client[C]) BuildAuthenticateRedirect ¶
func (c *Client[C]) BuildAuthenticateRedirect(state, redirectURI string, scopes []string) (*url.URL, string, error)
BuildAuthenticateRedirect this builds the URL to redirect to, it also returns the PKCE raw value (to be stored in session/cookie/etc.) or an error if encountered.
func (*Client[C]) ParseClaims ¶
ParseClaims takes the id_token returned from the authentication request, parses it based upon type C associated with this struct instance.
func (*Client[C]) RequestAuthResponse ¶
func (c *Client[C]) RequestAuthResponse(code, redirectURI, codeVerifier string) (*AuthResponse, error)
RequestAuthResponse takes the code returned on the callback endpoint and turns it into the auth response, again this is working with PKCE.
type IntrospectionResult ¶
type IntrospectionResult struct {
Active bool `json:"active"`
}
type Introspector ¶
func NewZitadelIntrospectorFromFile ¶
func NewZitadelIntrospectorFromFile(issuer, path string, endpoints Endpoints) (Introspector, error)
func NewZitadelIntrospectorWithData ¶
func NewZitadelIntrospectorWithData(issuer string, endpoints Endpoints, data []byte) (Introspector, error)
type ZitadelEndpoints ¶
type ZitadelEndpoints struct { }
func (ZitadelEndpoints) Authorize ¶
func (z ZitadelEndpoints) Authorize() string
func (ZitadelEndpoints) Introspect ¶
func (z ZitadelEndpoints) Introspect() string
func (ZitadelEndpoints) Keys ¶
func (z ZitadelEndpoints) Keys() string
func (ZitadelEndpoints) Token ¶
func (z ZitadelEndpoints) Token() string
type ZitadelIntrospector ¶
type ZitadelIntrospector struct {
// contains filtered or unexported fields
}
func (*ZitadelIntrospector) Introspect ¶
func (zi *ZitadelIntrospector) Introspect(token string) (bool, error)
Click to show internal directories.
Click to hide internal directories.