Documentation
¶
Index ¶
- Constants
- Variables
- func NewCredentials(provider, subject string) (*identity.Credentials, error)
- type Claims
- type Configuration
- type ConfigurationCollection
- type CredentialsConfig
- type FlowMethod
- type Provider
- type ProviderCredentialsConfig
- type ProviderDiscord
- type ProviderGenericOIDC
- func (g *ProviderGenericOIDC) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderGenericOIDC) Claims(ctx context.Context, exchange *oauth2.Token) (*Claims, error)
- func (g *ProviderGenericOIDC) Config() *Configuration
- func (g *ProviderGenericOIDC) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderGitHub
- type ProviderGitLab
- type ProviderGoogle
- type ProviderMicrosoft
- type Strategy
- func (s *Strategy) Config() (*ConfigurationCollection, error)
- func (s *Strategy) CountActiveCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
- func (s *Strategy) ID() identity.CredentialsType
- func (s *Strategy) PopulateLoginMethod(r *http.Request, sr *login.Flow) error
- func (s *Strategy) PopulateRegistrationMethod(r *http.Request, sr *registration.Flow) error
- func (s *Strategy) PopulateSettingsMethod(r *http.Request, id *identity.Identity, sr *settings.Flow) error
- func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
- func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
- func (s *Strategy) RegisterSettingsRoutes(router *x.RouterPublic)
- func (s *Strategy) SettingsStrategyID() string
Constants ¶
View Source
const ( RouteBase = "/self-service/methods/oidc" RouteAuth = RouteBase + "/auth/:flow" RouteCallback = RouteBase + "/callback/:provider" )
View Source
const (
SettingsPath = RouteBase + "/settings/connections"
)
Variables ¶
View Source
var ( ErrScopeMissing = herodot.ErrBadRequest. WithError("authentication failed because a required scope was not granted"). WithReasonf(`Unable to finish because one or more permissions were not granted. Please retry and accept all permissions.`) ErrIDTokenMissing = herodot.ErrBadRequest. WithError("authentication failed because id_token is missing"). WithReasonf(`Authentication failed because no id_token was returned. Please accept the "openid" permission and try again.`) ErrAPIFlowNotSupported = herodot.ErrBadRequest.WithError("API-based flows are not supported for this method"). WithReasonf("Social Sign In and OpenID Connect are only supported for flows initiated using the Browser endpoint.") )
View Source
var ConnectionExistValidationError = &jsonschema.ValidationError{
Message: "can not link unknown or already existing OpenID Connect connection", InstancePtr: "#/"}
View Source
var UnknownConnectionValidationError = &jsonschema.ValidationError{
Message: "can not unlink non-existing OpenID Connect connection", InstancePtr: "#/"}
Functions ¶
func NewCredentials ¶
func NewCredentials(provider, subject string) (*identity.Credentials, error)
Types ¶
type Claims ¶
type Claims struct {
Issuer string `json:"iss,omitempty"`
Subject string `json:"sub,omitempty"`
Name string `json:"name,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
LastName string `json:"last_name,omitempty"`
MiddleName string `json:"middle_name,omitempty"`
Nickname string `json:"nickname,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
Profile string `json:"profile,omitempty"`
Picture string `json:"picture,omitempty"`
Website string `json:"website,omitempty"`
Email string `json:"email,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Gender string `json:"gender,omitempty"`
Birthdate string `json:"birthdate,omitempty"`
Zoneinfo string `json:"zoneinfo,omitempty"`
Locale string `json:"locale,omitempty"`
PhoneNumber string `json:"phone_number,omitempty"`
PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`
UpdatedAt int64 `json:"updated_at,omitempty"`
}
type Configuration ¶
type Configuration struct {
// ID is the provider's ID
ID string `json:"id"`
// Provider is either "generic" for a generic OAuth 2.0 / OpenID Connect Provider or one of:
// - generic
// - google
// - github
// - gitlab
// - microsoft
// - discord
Provider string `json:"provider"`
// ClientID is the application's Client ID.
ClientID string `json:"client_id"`
// ClientSecret is the application's secret.
ClientSecret string `json:"client_secret"`
// IssuerURL is the OpenID Connect Server URL. You can leave this empty if `provider` is not set to `generic`.
// If set, neither `auth_url` nor `token_url` are required.
IssuerURL string `json:"issuer_url"`
// AuthURL is the authorize url, typically something like: https://example.org/oauth2/auth
// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
// `provider` is set to `generic`.
AuthURL string `json:"auth_url"`
// TokenURL is the token url, typically something like: https://example.org/oauth2/token
// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
// `provider` is set to `generic`.
TokenURL string `json:"token_url"`
// Tenant is the Azure AD Tenant to use for authentication, and must be set when `provider` is set to `microsoft`.
// Can be either `common`, `organizations`, `consumers` for a multitenant application or a specific tenant like
// `8eaef023-2b34-4da1-9baa-8bc8c9d6a490` or `contoso.onmicrosoft.com`.
Tenant string `json:"tenant"`
// Scope specifies optional requested permissions.
Scope []string `json:"scope"`
// Mapper specifies the JSONNet code snippet which uses the OpenID Connect Provider's data (e.g. GitHub or Google
// profile information) to hydrate the identity's data.
//
// It can be either a URL (file://, http(s)://, base64://) or an inline JSONNet code snippet.
Mapper string `json:"mapper_url"`
// RequestedClaims string encoded json object that specifies claims and optionally their properties which should be
// included in the id_token or returned from the UserInfo Endpoint.
//
// More information: https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
RequestedClaims json.RawMessage `json:"requested_claims"`
}
type ConfigurationCollection ¶
type ConfigurationCollection struct {
Providers []Configuration `json:"providers"`
}
type CredentialsConfig ¶
type CredentialsConfig struct {
Providers []ProviderCredentialsConfig `json:"providers"`
}
type FlowMethod ¶
func NewFlowMethod ¶
func NewFlowMethod(f *form.HTMLForm) *FlowMethod
func (*FlowMethod) AddProviders ¶
func (r *FlowMethod) AddProviders(providers []Configuration) *FlowMethod
type ProviderDiscord ¶
type ProviderDiscord struct {
// contains filtered or unexported fields
}
func NewProviderDiscord ¶
func NewProviderDiscord( config *Configuration, public *url.URL, ) *ProviderDiscord
func (*ProviderDiscord) AuthCodeURLOptions ¶
func (d *ProviderDiscord) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderDiscord) Config ¶
func (d *ProviderDiscord) Config() *Configuration
type ProviderGenericOIDC ¶
type ProviderGenericOIDC struct {
// contains filtered or unexported fields
}
func NewProviderGenericOIDC ¶
func NewProviderGenericOIDC( config *Configuration, public *url.URL, ) *ProviderGenericOIDC
func (*ProviderGenericOIDC) AuthCodeURLOptions ¶
func (g *ProviderGenericOIDC) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderGenericOIDC) Config ¶
func (g *ProviderGenericOIDC) Config() *Configuration
type ProviderGitHub ¶
type ProviderGitHub struct {
// contains filtered or unexported fields
}
func NewProviderGitHub ¶
func NewProviderGitHub( config *Configuration, public *url.URL, ) *ProviderGitHub
func (*ProviderGitHub) AuthCodeURLOptions ¶
func (g *ProviderGitHub) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderGitHub) Config ¶
func (g *ProviderGitHub) Config() *Configuration
type ProviderGitLab ¶
type ProviderGitLab struct {
*ProviderGenericOIDC
}
func NewProviderGitLab ¶
func NewProviderGitLab( config *Configuration, public *url.URL, ) *ProviderGitLab
type ProviderGoogle ¶
type ProviderGoogle struct {
*ProviderGenericOIDC
}
func NewProviderGoogle ¶
func NewProviderGoogle( config *Configuration, public *url.URL, ) *ProviderGoogle
type ProviderMicrosoft ¶
type ProviderMicrosoft struct {
*ProviderGenericOIDC
}
func NewProviderMicrosoft ¶
func NewProviderMicrosoft( config *Configuration, public *url.URL, ) *ProviderMicrosoft
type Strategy ¶
type Strategy struct {
// contains filtered or unexported fields
}
Strategy implements selfservice.LoginStrategy, selfservice.RegistrationStrategy. It supports both login and registration via OpenID Providers.
func NewStrategy ¶
func NewStrategy( d dependencies, c configuration.Provider, ) *Strategy
func (*Strategy) Config ¶
func (s *Strategy) Config() (*ConfigurationCollection, error)
func (*Strategy) CountActiveCredentials ¶
func (s *Strategy) CountActiveCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
func (*Strategy) ID ¶
func (s *Strategy) ID() identity.CredentialsType
func (*Strategy) PopulateLoginMethod ¶
func (*Strategy) PopulateRegistrationMethod ¶
func (*Strategy) PopulateSettingsMethod ¶
func (*Strategy) RegisterLoginRoutes ¶
func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
func (*Strategy) RegisterRegistrationRoutes ¶
func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
func (*Strategy) RegisterSettingsRoutes ¶
func (s *Strategy) RegisterSettingsRoutes(router *x.RouterPublic)
func (*Strategy) SettingsStrategyID ¶
Source Files
¶
Click to show internal directories.
Click to hide internal directories.