provider

package
v0.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2019 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	Config *config.Config

	IssuerIdentifier       string
	WellKnownPath          string
	JwksPath               string
	AuthorizationPath      string
	TokenPath              string
	UserInfoPath           string
	EndSessionPath         string
	CheckSessionIframePath string
	RegistrationPath       string

	BrowserStateCookiePath string
	BrowserStateCookieName string

	SessionCookiePath string
	SessionCookieName string

	AccessTokenDuration  time.Duration
	IDTokenDuration      time.Duration
	RefreshTokenDuration time.Duration
}

Config defines a Provider's configuration settings.

type Provider

type Provider struct {
	Config *Config
	// contains filtered or unexported fields
}

Provider defines an OIDC provider with the handlers for the OIDC endpoints.

func NewProvider

func NewProvider(c *Config) (*Provider, error)

NewProvider returns a new Provider.

func (*Provider) AuthorizeHandler

func (p *Provider) AuthorizeHandler(rw http.ResponseWriter, req *http.Request)

AuthorizeHandler implements the HTTP authorization endpoint for OpenID Connect 1.0 as specified at http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthorizationEndpoint

Currently AuthorizeHandler implements only the Implicit Flow as specified at http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth

func (*Provider) AuthorizeResponse

func (p *Provider) AuthorizeResponse(rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, auth identity.AuthRecord, err error)

AuthorizeResponse writes the result according to the provided parameters to the provided http.ResponseWriter.

func (*Provider) CheckSessionIframeHandler added in v0.11.0

func (p *Provider) CheckSessionIframeHandler(rw http.ResponseWriter, req *http.Request)

CheckSessionIframeHandler implements the HTTP endpoint for OP iframe with OpenID Connect Session Management 1.0 as specified at https://openid.net/specs/openid-connect-session-1_0.html#OPiframe

func (*Provider) EndSessionHandler added in v0.6.0

func (p *Provider) EndSessionHandler(rw http.ResponseWriter, req *http.Request)

EndSessionHandler implements the HTTP endpoint for RP initiated logout with OpenID Connect Session Management 1.0 as specified at https://openid.net/specs/openid-connect-session-1_0.html#RPLogout

func (*Provider) ErrorPage

func (p *Provider) ErrorPage(rw http.ResponseWriter, code int, title string, message string)

ErrorPage writes a HTML error page to the provided ResponseWriter.

func (*Provider) Found

func (p *Provider) Found(rw http.ResponseWriter, uri *url.URL, params interface{}, asFragment bool)

Found writes a HTTP 302 to the provided ResponseWriter with the appropriate Location header creates from the other parameters.

func (*Provider) GetAccessTokenClaimsFromRequest

func (p *Provider) GetAccessTokenClaimsFromRequest(req *http.Request) (*konnect.AccessTokenClaims, error)

GetAccessTokenClaimsFromRequest reads incoming request, validates the access token and returns the validated claims.

func (*Provider) GetSigningKey added in v0.22.0

func (p *Provider) GetSigningKey(signingMethod jwt.SigningMethod) (*SigningKey, bool)

GetSigningKey returns a matching signing key for the provided signing method.

func (*Provider) GetValidationKey added in v0.22.0

func (p *Provider) GetValidationKey(id string) (crypto.PublicKey, bool)

GetValidationKey returns the validation key for the provided id.

func (*Provider) InitializeMetadata added in v0.6.0

func (p *Provider) InitializeMetadata() error

InitializeMetadata creates the accociated providers meta data document. Call this once all other settings at the provider have been done.

func (*Provider) JwksHandler

func (p *Provider) JwksHandler(rw http.ResponseWriter, req *http.Request)

JwksHandler implements the HTTP provider JWKS endpoint for OpenID provider metadata used with OpenID Connect Discovery 1.0 as specified at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

func (*Provider) LoginRequiredPage added in v0.3.0

func (p *Provider) LoginRequiredPage(rw http.ResponseWriter, req *http.Request, uri *url.URL)

LoginRequiredPage writes a HTTP 30 to the provided ResponseWrite with the URL of the provided request (set to the scheme and host of issuer) as continue parameter.

func (*Provider) MakeAccessToken added in v0.13.0

func (p *Provider) MakeAccessToken(ctx context.Context, audience string, auth identity.AuthRecord) (string, error)

MakeAccessToken implements the oidc.AccessTokenProvider interface.

func (*Provider) PublicSubjectFromAuth added in v0.8.0

func (p *Provider) PublicSubjectFromAuth(auth identity.AuthRecord) (string, error)

PublicSubjectFromAuth creates the provideds auth Subject value with the accociated provider. This subject can be used as URL safe value to uniquely identify the provided auth user with remote systems.

func (*Provider) RegisterManagers added in v0.13.0

func (p *Provider) RegisterManagers(mgrs *managers.Managers) error

RegisterManagers registers the provided managers from the

func (*Provider) RegistrationHandler added in v0.21.0

func (p *Provider) RegistrationHandler(rw http.ResponseWriter, req *http.Request)

RegistrationHandler implements the HTTP endpoint for client self registration with OpenID Connect Registration 1.0 as specified at https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration

func (*Provider) ServeHTTP

func (p *Provider) ServeHTTP(rw http.ResponseWriter, req *http.Request)

ServerHTTP implements the http.HandlerFunc interface.

func (*Provider) SetSigningKey

func (p *Provider) SetSigningKey(id string, key crypto.Signer) error

SetSigningKey sets the provided signer as key for token signing with the provided id as key id. The public key of the provided signer is also added as validation key with the same key id.

func (*Provider) SetSigningMethod added in v0.22.0

func (p *Provider) SetSigningMethod(signingMethod jwt.SigningMethod) error

SetSigningMethod sets the provided signing method as default signing method of the associated provider.

func (*Provider) SetValidationKey added in v0.3.0

func (p *Provider) SetValidationKey(id string, key crypto.PublicKey) error

SetValidationKey sets the provider public key as validation key for token validation for tokens with the provided key.

func (*Provider) TokenHandler

func (p *Provider) TokenHandler(rw http.ResponseWriter, req *http.Request)

TokenHandler implements the HTTP token endpoint for OpenID Connect 1.0 as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

func (*Provider) UserInfoHandler

func (p *Provider) UserInfoHandler(rw http.ResponseWriter, req *http.Request)

UserInfoHandler implements the HTTP userinfo endpoint for OpenID Connect 1.0 as specified at https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

func (*Provider) WellKnownHandler

func (p *Provider) WellKnownHandler(rw http.ResponseWriter, req *http.Request)

WellKnownHandler implements the HTTP provider configuration endpoint for OpenID Connect 1.0 as specified at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig

type SigningKey added in v0.22.0

type SigningKey struct {
	ID            string
	PrivateKey    crypto.Signer
	SigningMethod jwt.SigningMethod
}

A SigningKey bundles a signer with meta data and a signign method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL