Documentation
¶
Index ¶
- type Client
- type Clients
- func (c *Clients) IsValidClientID(clientID string) (ok bool, err error)
- func (c *Clients) RequiresPKCE(clientID string) (ok bool, err error)
- func (c *Clients) ValidateClientRedirectURI(clientID, redirectURI string) (ok bool, err error)
- func (c *Clients) ValidateClientSecret(clientID, clientSecret string) (ok bool, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// ID is the identifier for this client, corresponds to the client ID.
ID string `json:"id" yaml:"id"`
// Secrets is a list of valid client secrets for this client. At least
// one secret is required, unless the client is Public and uses PKCE.
Secrets []string `json:"clientSecrets" yaml:"clientSecrets"`
// RedirectURLS is a list of valid redirect URLs for this client. At least
// one is required, unless the client is public a PermitLocalhostRedirect is
// true. These are an exact match
RedirectURLs []string `json:"redirectURLs" yaml:"redirectURLs"`
// Public indicates that this client is public. A "public" client is one who
// can't keep their credentials confidential.
// https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
Public bool `json:"public" yaml:"public"`
// PermitLocalhostRedirect allows redirects to localhost, if this is a
// public client
PermitLocalhostRedirect bool `json:"permitLocalhostRedirect" yaml:"permitLocalhostRedirect"`
// RequiresPKCE indicates that this client should be required to use PKCE
// for the token exchange. This defaults to true for public clients, and
// false for non-public clients.
RequiresPKCE *bool `json:"requiresPKCE" yaml:"requiresPKCE"`
}
Client represents an individual oauth2/oidc client.
type Clients ¶
type Clients struct {
// Clients is the list of clients
Clients []Client `json:"clients" yaml:"client"`
}
Clients implements the oidcop.ClientSource against a static list of clients. The type is tagged, to enable loading from JSON/YAML. This can be created directly, or via unserializing / using the ExpandUnmarshal function
func ExpandUnmarshal ¶
ExpandUnmarshal will take the given JSON, and expand variables inside it from the environment using os.Expand (https://pkg.go.dev/os#Expand). This supports expansion with defaults, e.g
`{"secret": "${MY_SECRET_VAR:-defaultSecret}"}`
will return a secret of the contents of the MY_SECRET_VAR environment variable if it is set, otherwise it will be `defaultSecret`.
The JSON unmarshaling is strict, and will error if it contains unknown fields.
If the input is YAML, it should be converted with https://pkg.go.dev/sigs.k8s.io/yaml#YAMLToJSON first.
Source Files