oidc

package
v0.0.3-alpha.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2020 License: Apache-2.0 Imports: 35 Imported by: 1

Documentation

Index

Constants

View Source
const (
	BasePath = "/self-service/browser/flows/registration/strategies/oidc"

	AuthPath     = BasePath + "/auth/:request"
	CallbackPath = BasePath + "/callback/:provider"
)

Variables

View Source
var (
	ErrScopeMissing = herodot.ErrBadRequest.
					WithError("authentication failed because a required scope was not granted").
					WithReasonf(`Unable to finish because one or more permissions were not granted. Please retry and accept all permissions.`)

	ErrIDTokenMissing = herodot.ErrBadRequest.
						WithError("authentication failed because id_token is missing").
						WithReasonf(`Authentication failed because no id_token was returned. Please accept the "openid" permission and try again.`)
)

Functions

This section is empty.

Types

type Claims

type Claims struct {
	Issuer              string `json:"iss,omitempty"`
	Subject             string `json:"sub,omitempty"`
	Name                string `json:"name,omitempty"`
	GivenName           string `json:"given_name,omitempty"`
	FamilyName          string `json:"family_name,omitempty"`
	LastName            string `json:"last_name,omitempty"`
	MiddleName          string `json:"middle_name,omitempty"`
	Nickname            string `json:"nickname,omitempty"`
	PreferredUsername   string `json:"preferred_username,omitempty"`
	Profile             string `json:"profile,omitempty"`
	Picture             string `json:"picture,omitempty"`
	Website             string `json:"website,omitempty"`
	Email               string `json:"email,omitempty"`
	EmailVerified       bool   `json:"email_verified,omitempty"`
	Gender              string `json:"gender,omitempty"`
	Birthdate           string `json:"birthdate,omitempty"`
	Zoneinfo            string `json:"zoneinfo,omitempty"`
	Locale              string `json:"locale,omitempty"`
	PhoneNumber         string `json:"phone_number,omitempty"`
	PhoneNumberVerified bool   `json:"phone_number_verified,omitempty"`
	UpdatedAt           int64  `json:"updated_at,omitempty"`
}

type Configuration

type Configuration struct {
	// RequestID is the provider RequestID
	ID string `json:"id"`

	// Provider is either "generic" for a generic OAuth 2.0 / OpenID Connect Provider or one of:
	// - generic
	// - google
	Provider string `json:"provider"`

	// ClientID is the application's RequestID.
	ClientID string `json:"client_id"`

	// ClientSecret is the application's secret.
	ClientSecret string `json:"client_secret"`

	// IssuerURL is the OpenID Connect Server URL. You can leave this empty if `provider` is not set to `generic`.
	// If set, neither `auth_url` nor `token_url` are required.
	IssuerURL string `json:"issuer_url"`

	// AuthURL is the authorize url, typically something like: https://example.org/oauth2/auth
	// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
	// `provider` is set to `generic`.
	AuthURL string `json:"auth_url"`

	// TokenURL is the token url, typically something like: https://example.org/oauth2/token
	// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
	// `provider` is set to `generic`.
	TokenURL string `json:"token_url"`

	// Scope specifies optional requested permissions.
	Scope []string `json:"scope"`

	SchemaURL string `json:"schema_url"`
}

func (Configuration) Redir

func (p Configuration) Redir(public *url.URL) string

type ConfigurationCollection

type ConfigurationCollection struct {
	Providers []Configuration `json:"providers"`
}

func (ConfigurationCollection) Provider

func (c ConfigurationCollection) Provider(id string, public *url.URL) (Provider, error)

type CredentialsConfig

type CredentialsConfig struct {
	Subject  string `json:"subject"`
	Provider string `json:"provider"`
}

swagger:model oidcStrategyCredentialsConfig

type Provider

type Provider interface {
	Config() *Configuration
	OAuth2(ctx context.Context) (*oauth2.Config, error)
	Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error)
}

type ProviderGenericOIDC

type ProviderGenericOIDC struct {
	// contains filtered or unexported fields
}

func NewProviderGenericOIDC

func NewProviderGenericOIDC(
	config *Configuration,
	public *url.URL,
) *ProviderGenericOIDC

func (*ProviderGenericOIDC) Claims

func (g *ProviderGenericOIDC) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error)

func (*ProviderGenericOIDC) Config

func (g *ProviderGenericOIDC) Config() *Configuration

func (*ProviderGenericOIDC) OAuth2

type ProviderGitHub

type ProviderGitHub struct {
	// contains filtered or unexported fields
}

func NewProviderGitHub

func NewProviderGitHub(
	config *Configuration,
	public *url.URL,
) *ProviderGitHub

func (*ProviderGitHub) Claims

func (g *ProviderGitHub) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error)

func (*ProviderGitHub) Config

func (g *ProviderGitHub) Config() *Configuration

func (*ProviderGitHub) OAuth2

func (g *ProviderGitHub) OAuth2(ctx context.Context) (*oauth2.Config, error)

type ProviderGoogle

type ProviderGoogle struct {
	*ProviderGenericOIDC
}

func NewProviderGoogle

func NewProviderGoogle(
	config *Configuration,
	public *url.URL,
) *ProviderGoogle

type RequestMethod

type RequestMethod struct {
	*form.HTMLForm
	Providers []form.Field `json:"providers"`
}

swagger:model oidcStrategyRequestMethod

func NewRequestMethodConfig

func NewRequestMethodConfig(f *form.HTMLForm) *RequestMethod

func (*RequestMethod) AddProviders

func (r *RequestMethod) AddProviders(providers []Configuration) *RequestMethod

type Strategy

type Strategy struct {
	// contains filtered or unexported fields
}

Strategy implements selfservice.LoginStrategy, selfservice.RegistrationStrategy. It supports both login and registration via OpenID Providers.

func NewStrategy

func NewStrategy(
	d dependencies,
	c configuration.Provider,
) *Strategy

func (*Strategy) Config

func (s *Strategy) Config() (*ConfigurationCollection, error)

func (*Strategy) ID

func (*Strategy) LoginStrategyID

func (s *Strategy) LoginStrategyID() identity.CredentialsType

func (*Strategy) PopulateLoginMethod

func (s *Strategy) PopulateLoginMethod(r *http.Request, sr *login.Request) error

func (*Strategy) PopulateRegistrationMethod

func (s *Strategy) PopulateRegistrationMethod(r *http.Request, sr *registration.Request) error

func (*Strategy) RegisterLoginRoutes

func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)

func (*Strategy) RegisterRegistrationRoutes

func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)

func (*Strategy) RegistrationStrategyID

func (s *Strategy) RegistrationStrategyID() identity.CredentialsType

func (*Strategy) WithTokenGenerator

func (s *Strategy) WithTokenGenerator(g form.CSRFGenerator)

type ValidationExtension

type ValidationExtension struct {
	// contains filtered or unexported fields
}

func NewValidationExtension

func NewValidationExtension() *ValidationExtension

func (*ValidationExtension) Call

func (e *ValidationExtension) Call(value interface{}, config *schema.Extension, context *gojsonschema.JsonContext) error

func (*ValidationExtension) Values

func (e *ValidationExtension) Values() json.RawMessage

func (*ValidationExtension) WithIdentity

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL