grenzy

package
v0.0.0-...-06075e9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 26, 2023 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CodeChallengeMethod         = "S256"
	CodeVerifierNBytes          = 32
	StateNBytes                 = 64
	NonceNBytes                 = 32
	OpenIDConfigurationEndpoint = "/api/v1/openid/.well-known/openid-configuration"
)

Variables

This section is empty.

Functions

func MakeCookieForAuthVerificationParams 

func MakeCookieForAuthVerificationParams(cookieName string, params *AuthVerificationParams) *http.Cookie

MakeCookieForAuthVerificationParams creates a cookie with the given name and value from the AuthVerificationParams. The cookie is used to verify the state and nonce in the callback. In order to get the AuthVerificationParams from the cookie, use GetAuthVerificationParamsFromCookie().

Types

type AccessTokenClaims 

type AccessTokenClaims struct {
	jwt.RegisteredClaims
	UserID    string `json:"uid,omitempty"`
	ClientID  string `json:"cid,omitempty"`
	SessionID string `json:"sid,omitempty"`
	Scopes    string `json:"scopes,omitempty"`
	AuthTime  int64  `json:"auth_time,omitempty"`
	ACR       string `json:"acr,omitempty"`
}

type AuthVerificationParams 

type AuthVerificationParams struct {
	Nonce        string `json:"nonce,omitempty"`
	State        string `json:"state,omitempty"`
	CodeVerifier string `json:"code_verifier,omitempty"`
}

func GetAuthVerificationParamsFromCookie 

func GetAuthVerificationParamsFromCookie(cookie *http.Cookie) (*AuthVerificationParams, error)

GetAuthVerificationParamsFromCookie get the AuthVerificationParams from the cookie. The cookie must have been created by MakeCookieForAuthVerificationParams().

type CallbackParams 

type CallbackParams struct {
	Code  string
	State string
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(cfg *ClientConfig) *Client

func (*Client) DecodeAccessToken 

func (c *Client) DecodeAccessToken(accessTokenString string) (*AccessTokenClaims, error)

DecodeAccessToken decodes the access token and verifies the signature. The claims are returned in the AccessTokenClaims struct.

func (*Client) DecodeIDToken 

func (c *Client) DecodeIDToken(idTokenString string) (*IDTokenClaims, error)

DecodeIDToken decodes the ID token and verifies the signature. The claims are returned in the IDTokenClaims struct.

func (*Client) DecodeToken 

func (c *Client) DecodeToken(tokenString string, claims jwt.Claims) error

DecodeToken decodes the token and verifies the signature. The token is verified using the keys from the JWKS endpoint. If the key is not found in the JWKS, the JWKS is refreshed and the key is looked up again. This simple retry mechanism is used to catch up with key rotation.

func (*Client) ExchangeToken 

func (c *Client) ExchangeToken(code string, verificationParams *AuthVerificationParams) (*TokenExchangeResponse, error)

ExchangeToken exchanges the code for ID token and access token.

The verificationParams must be the same as the ones returned by GenerateLoginRequest().

func (*Client) GenerateLoginRequest 

func (c *Client) GenerateLoginRequest(scopes []string) (*LoginRequest, error)

GenerateLoginRequest generates a login request for the user to authenticate with Grenzy. This function returns a LoginRequest struct that contains the URL to redirect the user to and the verification parameters that must be stored in the session, and passed to HandleLoginCallback() to verify the callback.

func (*Client) GetUserinfo 

func (c *Client) GetUserinfo(accessToken string) (*UserinfoResponse, error)

GetUserinfo gets the user info from the OIDC server using the access token.

func (*Client) HandleLoginCallback 

func (c *Client) HandleLoginCallback(cbParams *CallbackParams, verificationParams *AuthVerificationParams) (*TokenExchangeResponse, error)

HandleLoginCallback handles the callback from the OIDC server after the user has authenticated. This function verifies the state and nonce, and exchanges the code for ID token and access token. The ID token is also verified and the claims are returned in the TokenExchangeResponse.

The verificationParams must be the same as the ones returned by GenerateLoginRequest().

func (*Client) Init 

func (c *Client) Init() error

func (*Client) RetrieveJwks 

func (c *Client) RetrieveJwks() error

RetrieveJwks retrieves the JSON Web Key Set from the OIDC server and stores it in the client. If the client already has a JWK set, it will be replaced. If the server rotates its keys, this function must be called again to update

type ClientConfig 

type ClientConfig struct {
	ClientID         string
	ClientSecret     string
	Domain           string
	GrenzyURL        string
	GrenzyBackendURL string // Dev only, not used in production
	OidcRedirectURL  string
}

type IDTokenClaims 

type IDTokenClaims struct {
	jwt.RegisteredClaims
	UserID   string   `json:"uid,omitempty"`
	Nonce    string   `json:"nonce,omitempty"`
	AuthTime int64    `json:"auth_time,omitempty"`
	AMR      []string `json:"amr,omitempty"`
	ACR      string   `json:"acr,omitempty"`
}

type LoginRequest 

type LoginRequest struct {
	AuthVerificationParams *AuthVerificationParams
	AuthURL                string
}

type OidcServerMetadata 

type OidcServerMetadata struct {
	Issuer                        string   `json:"issuer"`
	AuthorizationEndpoint         string   `json:"authorizationEndpoint"`
	TokenEndpoint                 string   `json:"tokenEndpoint"`
	JwksURI                       string   `json:"jwksUri"`
	UserInfoEndpoint              string   `json:"userinfoEndpoint"`
	CodeChallengeMethodsSupported []string `json:"codeChallengeMethodsSupported"`
	GrantTypesSupported           []string `json:"grantTypesSupported"`
	ScopesSupported               []string `json:"scopesSupported"`
	ResponseTypesSupported        []string `json:"responseTypesSupported"`
	AcrValuesSupported            []string `json:"acrValuesSupported"`
}

type TokenExchangeRequest 

type TokenExchangeRequest struct {
	Code         string `json:"code,omitempty"`
	ClientID     string `json:"client_id,omitempty"`
	ClientSecret string `json:"client_secret,omitempty"`
	GrantType    string `json:"grant_type,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	CodeVerifier string `json:"code_verifier,omitempty"`
}

type TokenExchangeResponse 

type TokenExchangeResponse struct {
	AccessToken   string         `json:"access_token,omitempty"`
	IDToken       string         `json:"id_token,omitempty"`
	RefreshToken  string         `json:"refresh_token,omitempty"`
	IDTokenClaims *IDTokenClaims `json:"id_token_claims,omitempty"`
}

type UserinfoResponse 

type UserinfoResponse struct {
	Username            string                 `json:"username,omitempty"`
	Email               string                 `json:"email,omitempty"`
	EmailVerified       bool                   `json:"email_verified,omitempty"`
	PhoneNumber         string                 `json:"phone_number,omitempty"`
	PhoneNumberVerified bool                   `json:"phone_number_verified,omitempty"`
	Profile             map[string]interface{} `json:"profile,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.