Documentation ¶
Index ¶
- Constants
- Variables
- type Claims
- type Configuration
- type ConfigurationCollection
- type CredentialsConfig
- type Provider
- type ProviderGenericOIDC
- type ProviderGitHub
- type ProviderGoogle
- type RequestMethod
- type Strategy
- func (s *Strategy) Config() (*ConfigurationCollection, error)
- func (s *Strategy) ID() identity.CredentialsType
- func (s *Strategy) LoginStrategyID() identity.CredentialsType
- func (s *Strategy) PopulateLoginMethod(r *http.Request, sr *login.Request) error
- func (s *Strategy) PopulateRegistrationMethod(r *http.Request, sr *registration.Request) error
- func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
- func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
- func (s *Strategy) RegistrationStrategyID() identity.CredentialsType
- func (s *Strategy) WithTokenGenerator(g form.CSRFGenerator)
- type ValidationExtensionRunner
Constants ¶
View Source
const ( BasePath = "/self-service/browser/flows/registration/strategies/oidc" AuthPath = BasePath + "/auth/:request" CallbackPath = BasePath + "/callback/:provider" )
Variables ¶
View Source
var ( ErrScopeMissing = herodot.ErrBadRequest. WithError("authentication failed because a required scope was not granted"). WithReasonf(`Unable to finish because one or more permissions were not granted. Please retry and accept all permissions.`) ErrIDTokenMissing = herodot.ErrBadRequest. WithError("authentication failed because id_token is missing"). WithReasonf(`Authentication failed because no id_token was returned. Please accept the "openid" permission and try again.`) )
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct { Issuer string `json:"iss,omitempty"` Subject string `json:"sub,omitempty"` Name string `json:"name,omitempty"` GivenName string `json:"given_name,omitempty"` FamilyName string `json:"family_name,omitempty"` LastName string `json:"last_name,omitempty"` MiddleName string `json:"middle_name,omitempty"` Nickname string `json:"nickname,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` Profile string `json:"profile,omitempty"` Picture string `json:"picture,omitempty"` Website string `json:"website,omitempty"` Email string `json:"email,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` Gender string `json:"gender,omitempty"` Birthdate string `json:"birthdate,omitempty"` Zoneinfo string `json:"zoneinfo,omitempty"` Locale string `json:"locale,omitempty"` PhoneNumber string `json:"phone_number,omitempty"` PhoneNumberVerified bool `json:"phone_number_verified,omitempty"` UpdatedAt int64 `json:"updated_at,omitempty"` }
type Configuration ¶
type Configuration struct { // RequestID is the provider RequestID ID string `json:"id"` // Provider is either "generic" for a generic OAuth 2.0 / OpenID Connect Provider or one of: // - generic // - google Provider string `json:"provider"` // ClientID is the application's RequestID. ClientID string `json:"client_id"` // ClientSecret is the application's secret. ClientSecret string `json:"client_secret"` // IssuerURL is the OpenID Connect Server URL. You can leave this empty if `provider` is not set to `generic`. // If set, neither `auth_url` nor `token_url` are required. IssuerURL string `json:"issuer_url"` // AuthURL is the authorize url, typically something like: https://example.org/oauth2/auth // Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when // `provider` is set to `generic`. AuthURL string `json:"auth_url"` // TokenURL is the token url, typically something like: https://example.org/oauth2/token // Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when // `provider` is set to `generic`. TokenURL string `json:"token_url"` // Scope specifies optional requested permissions. Scope []string `json:"scope"` SchemaURL string `json:"schema_url"` }
type ConfigurationCollection ¶
type ConfigurationCollection struct {
Providers []Configuration `json:"providers"`
}
type CredentialsConfig ¶
swagger:model oidcStrategyCredentialsConfig
type ProviderGenericOIDC ¶
type ProviderGenericOIDC struct {
// contains filtered or unexported fields
}
func NewProviderGenericOIDC ¶
func NewProviderGenericOIDC( config *Configuration, public *url.URL, ) *ProviderGenericOIDC
func (*ProviderGenericOIDC) Config ¶
func (g *ProviderGenericOIDC) Config() *Configuration
type ProviderGitHub ¶
type ProviderGitHub struct {
// contains filtered or unexported fields
}
func NewProviderGitHub ¶
func NewProviderGitHub( config *Configuration, public *url.URL, ) *ProviderGitHub
func (*ProviderGitHub) Config ¶
func (g *ProviderGitHub) Config() *Configuration
type ProviderGoogle ¶
type ProviderGoogle struct {
*ProviderGenericOIDC
}
func NewProviderGoogle ¶
func NewProviderGoogle( config *Configuration, public *url.URL, ) *ProviderGoogle
type RequestMethod ¶
swagger:model oidcRequestMethodConfig
func NewRequestMethodConfig ¶
func NewRequestMethodConfig(f *form.HTMLForm) *RequestMethod
func (*RequestMethod) AddProviders ¶
func (r *RequestMethod) AddProviders(providers []Configuration) *RequestMethod
type Strategy ¶
type Strategy struct {
// contains filtered or unexported fields
}
Strategy implements selfservice.LoginStrategy, selfservice.RegistrationStrategy. It supports both login and registration via OpenID Providers.
func NewStrategy ¶
func NewStrategy( d dependencies, c configuration.Provider, ) *Strategy
func (*Strategy) Config ¶
func (s *Strategy) Config() (*ConfigurationCollection, error)
func (*Strategy) ID ¶
func (s *Strategy) ID() identity.CredentialsType
func (*Strategy) LoginStrategyID ¶
func (s *Strategy) LoginStrategyID() identity.CredentialsType
func (*Strategy) PopulateLoginMethod ¶
func (*Strategy) PopulateRegistrationMethod ¶
func (*Strategy) RegisterLoginRoutes ¶
func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
func (*Strategy) RegisterRegistrationRoutes ¶
func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
func (*Strategy) RegistrationStrategyID ¶
func (s *Strategy) RegistrationStrategyID() identity.CredentialsType
func (*Strategy) WithTokenGenerator ¶
func (s *Strategy) WithTokenGenerator(g form.CSRFGenerator)
type ValidationExtensionRunner ¶
type ValidationExtensionRunner struct {
// contains filtered or unexported fields
}
func NewValidationExtensionRunner ¶
func NewValidationExtensionRunner(i *identity.Identity) *ValidationExtensionRunner
func (*ValidationExtensionRunner) Finish ¶
func (r *ValidationExtensionRunner) Finish() error
func (*ValidationExtensionRunner) Run ¶
func (r *ValidationExtensionRunner) Run(ctx jsonschema.ValidationContext, config schema.ExtensionConfig, value interface{}) error
Click to show internal directories.
Click to hide internal directories.