Documentation ¶
Index ¶
- Constants
- func MakeCookieForAuthVerificationParams(cookieName string, params *AuthVerificationParams) *http.Cookie
- type AccessTokenClaims
- type AuthVerificationParams
- type CallbackParams
- type Client
- func (c *Client) DecodeAccessToken(accessTokenString string) (*AccessTokenClaims, error)
- func (c *Client) DecodeIDToken(idTokenString string) (*IDTokenClaims, error)
- func (c *Client) DecodeToken(tokenString string, claims jwt.Claims) error
- func (c *Client) ExchangeToken(code string, verificationParams *AuthVerificationParams) (*TokenExchangeResponse, error)
- func (c *Client) GenerateLoginRequest(scopes []string) (*LoginRequest, error)
- func (c *Client) GetUserinfo(accessToken string) (*UserinfoResponse, error)
- func (c *Client) HandleLoginCallback(cbParams *CallbackParams, verificationParams *AuthVerificationParams) (*TokenExchangeResponse, error)
- func (c *Client) Init() error
- func (c *Client) RetrieveJwks() error
- type ClientConfig
- type IDTokenClaims
- type LoginRequest
- type OidcServerMetadata
- type TokenExchangeRequest
- type TokenExchangeResponse
- type UserinfoResponse
Constants ¶
const ( CodeChallengeMethod = "S256" CodeVerifierNBytes = 32 StateNBytes = 64 NonceNBytes = 32 OpenIDConfigurationEndpoint = "/api/v1/openid/.well-known/openid-configuration" )
Variables ¶
This section is empty.
Functions ¶
func MakeCookieForAuthVerificationParams ¶
func MakeCookieForAuthVerificationParams(cookieName string, params *AuthVerificationParams) *http.Cookie
MakeCookieForAuthVerificationParams creates a cookie with the given name and value from the AuthVerificationParams. The cookie is used to verify the state and nonce in the callback. In order to get the AuthVerificationParams from the cookie, use GetAuthVerificationParamsFromCookie().
Types ¶
type AccessTokenClaims ¶
type AuthVerificationParams ¶
type AuthVerificationParams struct { Nonce string `json:"nonce,omitempty"` State string `json:"state,omitempty"` CodeVerifier string `json:"code_verifier,omitempty"` }
func GetAuthVerificationParamsFromCookie ¶
func GetAuthVerificationParamsFromCookie(cookie *http.Cookie) (*AuthVerificationParams, error)
GetAuthVerificationParamsFromCookie get the AuthVerificationParams from the cookie. The cookie must have been created by MakeCookieForAuthVerificationParams().
type CallbackParams ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶
func NewClient(cfg *ClientConfig) *Client
func (*Client) DecodeAccessToken ¶
func (c *Client) DecodeAccessToken(accessTokenString string) (*AccessTokenClaims, error)
DecodeAccessToken decodes the access token and verifies the signature. The claims are returned in the AccessTokenClaims struct.
func (*Client) DecodeIDToken ¶
func (c *Client) DecodeIDToken(idTokenString string) (*IDTokenClaims, error)
DecodeIDToken decodes the ID token and verifies the signature. The claims are returned in the IDTokenClaims struct.
func (*Client) DecodeToken ¶
DecodeToken decodes the token and verifies the signature. The token is verified using the keys from the JWKS endpoint. If the key is not found in the JWKS, the JWKS is refreshed and the key is looked up again. This simple retry mechanism is used to catch up with key rotation.
func (*Client) ExchangeToken ¶
func (c *Client) ExchangeToken(code string, verificationParams *AuthVerificationParams) (*TokenExchangeResponse, error)
ExchangeToken exchanges the code for ID token and access token.
The verificationParams must be the same as the ones returned by GenerateLoginRequest().
func (*Client) GenerateLoginRequest ¶
func (c *Client) GenerateLoginRequest(scopes []string) (*LoginRequest, error)
GenerateLoginRequest generates a login request for the user to authenticate with Grenzy. This function returns a LoginRequest struct that contains the URL to redirect the user to and the verification parameters that must be stored in the session, and passed to HandleLoginCallback() to verify the callback.
func (*Client) GetUserinfo ¶
func (c *Client) GetUserinfo(accessToken string) (*UserinfoResponse, error)
GetUserinfo gets the user info from the OIDC server using the access token.
func (*Client) HandleLoginCallback ¶
func (c *Client) HandleLoginCallback(cbParams *CallbackParams, verificationParams *AuthVerificationParams) (*TokenExchangeResponse, error)
HandleLoginCallback handles the callback from the OIDC server after the user has authenticated. This function verifies the state and nonce, and exchanges the code for ID token and access token. The ID token is also verified and the claims are returned in the TokenExchangeResponse.
The verificationParams must be the same as the ones returned by GenerateLoginRequest().
func (*Client) RetrieveJwks ¶
RetrieveJwks retrieves the JSON Web Key Set from the OIDC server and stores it in the client. If the client already has a JWK set, it will be replaced. If the server rotates its keys, this function must be called again to update
type ClientConfig ¶
type IDTokenClaims ¶
type LoginRequest ¶
type LoginRequest struct { AuthVerificationParams *AuthVerificationParams AuthURL string }
type OidcServerMetadata ¶
type OidcServerMetadata struct { Issuer string `json:"issuer"` AuthorizationEndpoint string `json:"authorizationEndpoint"` TokenEndpoint string `json:"tokenEndpoint"` JwksURI string `json:"jwksUri"` UserInfoEndpoint string `json:"userinfoEndpoint"` CodeChallengeMethodsSupported []string `json:"codeChallengeMethodsSupported"` GrantTypesSupported []string `json:"grantTypesSupported"` ScopesSupported []string `json:"scopesSupported"` ResponseTypesSupported []string `json:"responseTypesSupported"` AcrValuesSupported []string `json:"acrValuesSupported"` }
type TokenExchangeRequest ¶
type TokenExchangeRequest struct { Code string `json:"code,omitempty"` ClientID string `json:"client_id,omitempty"` ClientSecret string `json:"client_secret,omitempty"` GrantType string `json:"grant_type,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` CodeVerifier string `json:"code_verifier,omitempty"` }
type TokenExchangeResponse ¶
type TokenExchangeResponse struct { AccessToken string `json:"access_token,omitempty"` IDToken string `json:"id_token,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` IDTokenClaims *IDTokenClaims `json:"id_token_claims,omitempty"` }
type UserinfoResponse ¶
type UserinfoResponse struct { Username string `json:"username,omitempty"` Email string `json:"email,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` PhoneNumber string `json:"phone_number,omitempty"` PhoneNumberVerified bool `json:"phone_number_verified,omitempty"` Profile map[string]interface{} `json:"profile,omitempty"` }