Documentation ¶
Index ¶
Constants ¶
const ( IssuerIdentifierClaim = "iss" SubjectIdentifierClaim = "sub" AudienceClaim = "aud" ExpirationClaim = "exp" IssuedAtClaim = "iat" )
Standard claims as used in JSON Web Tokens.
const ( NameClaim = "name" EmailClaim = "email" EmailVerifiedClaim = "email_verified" )
Additional claims supported by Konnect and defined by OIDC.
const ( ErrorOAuth2UnsupportedResponseType = "unsupported_response_type" ErrorOAuth2InvalidRequest = "invalid_request" ErrorOAuth2InvalidToken = "invalid_token" ErrorOAuth2InsufficientScope = "insufficient_scope" ErrorOAuth2InvalidGrant = "invalid_grant" ErrorOAuth2UnsupportedGrantType = "unsupported_grant_type" ErrorOAuth2AccessDenied = "access_denied" ErrorOAuth2ServerError = "server_error" ErrorOIDCInteractionRequired = "interaction_required" ErrorOIDCLoginRequired = "login_required" ErrorOIDCConsentRequired = "consent_required" ErrorOIDCRequestNotSupported = "request_not_supported" ErrorOIDCRequestURINotSupported = "request_uri_not_supported" ErrorOIDCRegistrationNotSupported = "registration_not_supported" )
OIDC and OAuth2 error codes.
const ( ResponseTypeCode = "code" // OIDC code flow ResponseTypeIDTokenToken = "id_token token" // OIDC implicit flow ResponseTypeIDToken = "id_token" // OIDC implicit flow ResponseTypeCodeIDToken = "code id_token" // OIDC hybrid flow ResponseTypeCodeToken = "code token" // OIDC hybrid flow ResponseTypeCodeIDTokenToken = "code id_token token" // OIDC hybrid flow ResponseTypeToken = "token" // OAuth2 ResponseModeFragment = "fragment" ResponseModeQuery = "query" FlowCode = "code" FlowImplicit = "implicit" FlowHybrid = "hybrid" )
OIDC response types and flows.
const ( // GrantTypeAuthorizationCode is the string value for the // OAuth2 authroization code token request grant type. GrantTypeAuthorizationCode = "authorization_code" // GrantTypeImplicit is the string value for the OAuth2 id_token, token // id_token token request grant type. GrantTypeImplicit = "implicit" // GrantTypeRefreshToken is the string value for the OAuth2 refresh_token // token request grant_type. GrantTypeRefreshToken = "refresh_token" )
const ( PromptNone = "none" PromptLogin = "login" PromptConsent = "consent" PromptSelectAccount = "select_account" )
OIDC prompt values. See http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
const ( // ScopeOpenID is the string value of the base OIDC scope. ScopeOpenID = "openid" // ScopeProfile is the string value of the OIDC profile scope. ScopeProfile = "profile" // ScopeEmail is the string value of the OIDC email scope. ScopeEmail = "email" // ScopeOfflineAccess is the string value of the OIDC offline_access scope. ScopeOfflineAccess = "offline_access" )
const ( JWTHeaderKeyID = "kid" JWTHeaderAlg = "alg" )
Token header as used in JSON web tokens.
const ( // SubjectIDPublic is the the string value of the Subject Identifier Type // as defined in https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes SubjectIDPublic = "public" )
const TokenTypeBearer = "Bearer"
TokenTypeBearer is required for OIDC as defined in http://openid.net/specs/openid-connect-core-1_0.html.
Variables ¶
This section is empty.
Functions ¶
func HashFromSigningMethod ¶
HashFromSigningMethod returns the matching crypto.Hash for the provided signing alg.
func WriteWWWAuthenticateError ¶
func WriteWWWAuthenticateError(rw http.ResponseWriter, code int, err error)
WriteWWWAuthenticateError writes the provided error with the provided http status code to the provided http response writer as a WWW-Authenticate header with comma seperated fields for id and description.
Types ¶
type EmailClaims ¶
type EmailClaims struct { Email string `json:"email,omitempty"` EmailVerified bool `json:"email_verified"` }
EmailClaims define the claims for the OIDC email scope. https://openid.net/specs/openid-connect-basic-1_0.html#Scopes
func NewEmailClaims ¶
func NewEmailClaims(claims jwt.Claims) *EmailClaims
NewEmailClaims return a new EmailClaims set from the provided jwt.Claims or nil.
func (EmailClaims) Valid ¶
func (c EmailClaims) Valid() error
Valid implements the jwt.Claims interface.
type ErrorWithDescription ¶
ErrorWithDescription is an interface binding the standard error inteface with a description.
func NewOAuth2Error ¶
func NewOAuth2Error(id string, description string) ErrorWithDescription
NewOAuth2Error creates a new error with id and description.
type IDTokenClaims ¶
type IDTokenClaims struct { Nonce string `json:"nonce,omitempty"` AuthTime int64 `json:"auth_time,omitempty"` AccessTokenHash string `json:"at_hash,omitempty"` CodeHash string `json:"c_hash,omitempty"` jwt.StandardClaims *ProfileClaims *EmailClaims }
IDTokenClaims define the claims found in OIDC ID Tokens.
func (IDTokenClaims) Valid ¶
func (c IDTokenClaims) Valid() (err error)
Valid implements the jwt.Claims interface.
type LeftmostHashBytes ¶
type LeftmostHashBytes []byte
LeftmostHashBytes defines []bytes with Base64URL encoder via String().
func LeftmostHash ¶
func LeftmostHash(data []byte, hash crypto.Hash) LeftmostHashBytes
LeftmostHash hashes the provided data with the provided hash function and returns the left-most half the hashed bytes.
func (LeftmostHashBytes) String ¶
func (lmhb LeftmostHashBytes) String() string
String returns the Base64URL encoded string of the accociated bytes.
type OAuth2Error ¶
type OAuth2Error struct { ErrorID string `json:"error"` ErrorDescription string `json:"error_description"` }
OAuth2Error defines a general OAuth2 error with id and decription.
func (*OAuth2Error) Description ¶
func (err *OAuth2Error) Description() string
Description implements the ErrorWithDescription interface.
func (*OAuth2Error) Error ¶
func (err *OAuth2Error) Error() string
Error implements the error interface.
type ProfileClaims ¶
type ProfileClaims struct {
Name string `json:"name,omitempty"`
}
ProfileClaims define the claims for the OIDC profile scope. https://openid.net/specs/openid-connect-basic-1_0.html#Scopes
func NewProfileClaims ¶
func NewProfileClaims(claims jwt.Claims) *ProfileClaims
NewProfileClaims return a new ProfileClaims set from the provided jwt.Claims or nil.
func (ProfileClaims) Valid ¶
func (c ProfileClaims) Valid() error
Valid implements the jwt.Claims interface.
type UserInfoClaims ¶
type UserInfoClaims struct {
Subject string `json:"sub,omitempty"`
}
UserInfoClaims define the claims defined by the OIDC UserInfo endpoint.
func (UserInfoClaims) Valid ¶
func (c UserInfoClaims) Valid() error
Valid implements the jwt.Claims interface.