Documentation ¶
Index ¶
- Constants
- func LoadCertificatesAndValidatorFromFile(fn string) (string, []*x509.Certificate, crypto.PublicKey, error)
- func LoadSignerFromFile(fn string) (string, crypto.Signer, error)
- func LoadValidatorFromFile(fn string) (string, crypto.PublicKey, error)
- func RegisterIdentityManager(name string, f IdentityManagerFactory) error
- func WithSchemeAndHost(u, base *url.URL) *url.URL
- type APIType
- type Bootstrap
- type Config
- type IdentityManagerFactory
- type Settings
Constants ¶
const ( DefaultSigningKeyID = "default" DefaultSigningKeyBits = 2048 DefaultGuestIdentityManagerName = "guest" DefaultCookieSameSite = http.SameSiteNoneMode )
Defaults.
Variables ¶
This section is empty.
Functions ¶
func LoadCertificatesAndValidatorFromFile ¶ added in v0.57.0
func LoadCertificatesAndValidatorFromFile(fn string) (string, []*x509.Certificate, crypto.PublicKey, error)
LoadCertificatesAndValidatorFromFile loads chain of certificates and a public-key used for validation.
Supported formats are JSON-JWK and PEM
func LoadSignerFromFile ¶
LoadSignerFromFile loads a private-key for signing
Supports JSON (JWK/JWS) and PEM
func LoadValidatorFromFile ¶
LoadValidatorFromFile loads a public-key used for validation.
Supported formats are JSON-JWK and PEM
func RegisterIdentityManager ¶
func RegisterIdentityManager(name string, f IdentityManagerFactory) error
Types ¶
type Bootstrap ¶
type Bootstrap interface { Config() *Config Managers() *managers.Managers MakeURIPath(api APIType, subpath string) string }
Bootstrap is a data structure to hold configuration required to start konnectd.
func Boot ¶
Boot is the main entry point to bootstrap the service after validating the given configuration. The resulting Bootstrap struct can be used to retrieve configured identity-managers and their respective http-handlers and config.
This function should be used by consumers which want to embed this project as a library.
type Config ¶
type Config struct { Config *config.Config Settings *Settings SignInFormURI *url.URL SignedOutURI *url.URL AuthorizationEndpointURI *url.URL EndSessionEndpointURI *url.URL TLSClientConfig *tls.Config IssuerIdentifierURI *url.URL IdentifierClientDisabled bool IdentifierClientPath string IdentifierRegistrationConf string IdentifierAuthoritiesConf string IdentifierScopesConf string IdentifierDefaultBannerLogo []byte IdentifierDefaultSignInPageText *string IdentifierDefaultUsernameHintText *string IdentifierUILocales []string EncryptionSecret []byte SigningMethod jwt.SigningMethod SigningKeyID string Signers map[string]crypto.Signer Validators map[string]crypto.PublicKey Certificates map[string][]*x509.Certificate AccessTokenDurationSeconds uint64 IDTokenDurationSeconds uint64 RefreshTokenDurationSeconds uint64 DyamicClientSecretDurationSeconds uint64 CookieSameSite http.SameSite }
Config is a typed application config which represents the active bootstrap configuration.
type Settings ¶
type Settings struct { Iss string IdentityManager string URIBasePath string SignInURI string SignedOutURI string AuthorizationEndpointURI string EndsessionEndpointURI string Insecure bool TrustedProxy []string AllowScope []string AllowClientGuests bool AllowDynamicClientRegistration bool EncryptionSecretFile string Listen string IdentifierClientDisabled bool IdentifierClientPath string IdentifierRegistrationConf string IdentifierScopesConf string IdentifierDefaultBannerLogo string IdentifierDefaultSignInPageText string IdentifierDefaultUsernameHintText string IdentifierUILocales []string SigningKid string SigningMethod string SigningPrivateKeyFiles []string ValidationKeysPath string CookieBackendURI string CookieNames []string CookieSameSite http.SameSite AccessTokenDurationSeconds uint64 IDTokenDurationSeconds uint64 RefreshTokenDurationSeconds uint64 DyamicClientSecretDurationSeconds uint64 }
Settings is a typed application config which represents the user accessible boostrap settings params.