Documentation ¶
Index ¶
- type AuthOpts
- type AuthOptsStruct
- type BrowserOpenIdProvider
- type ClientOpts
- type CosignerProvider
- func (c *CosignerProvider) CreateInitAuthSig(redirectURI string) ([]byte, string, error)
- func (c *CosignerProvider) RequestToken(ctx context.Context, signer crypto.Signer, pkt *pktoken.PKToken, ...) (*pktoken.PKToken, error)
- func (c *CosignerProvider) ValidateCos(cosSig []byte, expectedNonce string, expectedRedirectURI string) error
- type OpenIdProvider
- type OpkClient
- type PKTokenVerifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthOpts ¶ added in v0.3.0
type AuthOpts func(a *AuthOptsStruct)
func WithExtraClaim ¶ added in v0.3.0
WithExtraClaim specifies additional values to be included in the CIC. These claims will be include in the CIC protected header and will be hashed into the commitment claim in the ID Token. The commitment claim is typically the nonce or aud claim in the ID Token. Example use:
WithExtraClaim("claimKey", "claimValue")
type AuthOptsStruct ¶ added in v0.3.0
type AuthOptsStruct struct {
// contains filtered or unexported fields
}
type BrowserOpenIdProvider ¶ added in v0.3.0
type BrowserOpenIdProvider = providers.BrowserOpenIdProvider
type ClientOpts ¶ added in v0.3.0
type ClientOpts func(o *OpkClient)
ClientOpts contains options for constructing an OpkClient
func WithCosignerProvider ¶ added in v0.3.0
func WithCosignerProvider(cosP *CosignerProvider) ClientOpts
WithCosignerProvider specifies what cosigner provider should be used to cosign the PK Token. If this is not specified then the cosigning setup is skipped.
func WithCustomVerifier ¶ added in v0.3.0
func WithCustomVerifier(verifier PKTokenVerifier) ClientOpts
WithCustomVerifier specifies a custom verifier to use instead of default
func WithSigner ¶ added in v0.3.0
func WithSigner(signer crypto.Signer, alg jwa.KeyAlgorithm) ClientOpts
WithSigner allows the caller to inject their own signer and algorithm. Use this option if to generate to bring your own user key pair. If this option is not set the OpkClient constructor will automatically generate a signer, i.e., key pair. Example use:
signer, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) WithSigner(signer, jwa.ES256)
type CosignerProvider ¶ added in v0.3.0
func (*CosignerProvider) CreateInitAuthSig ¶ added in v0.3.0
func (c *CosignerProvider) CreateInitAuthSig(redirectURI string) ([]byte, string, error)
func (*CosignerProvider) RequestToken ¶ added in v0.3.0
func (*CosignerProvider) ValidateCos ¶ added in v0.3.0
func (c *CosignerProvider) ValidateCos(cosSig []byte, expectedNonce string, expectedRedirectURI string) error
type OpenIdProvider ¶
type OpenIdProvider = providers.OpenIdProvider
type OpkClient ¶
type OpkClient struct { Op OpenIdProvider // contains filtered or unexported fields }
func New ¶ added in v0.3.0
func New(op OpenIdProvider, opts ...ClientOpts) (*OpkClient, error)
New returns a new client.OpkClient. The op argument should be the OpenID Provider you want to authenticate against.
func (*OpkClient) Auth ¶ added in v0.3.0
Auth returns a PK Token by running the OpenPubkey protocol. It will first authenticate to the configured OpenID Provider (OP) and receive an ID Token. Using this ID Token it will generate a PK Token. If a Cosigner has been configured it will also attempt to get the PK Token cosigned.
func (*OpkClient) GetAlg ¶ added in v0.3.0
func (o *OpkClient) GetAlg() jwa.KeyAlgorithm
GetAlg returns the algorithm of the client's key pair (Public Key, Signing Key)
func (*OpkClient) GetCosP ¶ added in v0.3.0
func (o *OpkClient) GetCosP() *CosignerProvider
GetCosP returns the MFA Cosigner Provider the OpkClient has been configured to use
func (*OpkClient) GetOp ¶ added in v0.3.0
func (o *OpkClient) GetOp() OpenIdProvider
GetOp returns the OpenID Provider the OpkClient has been configured to use