Documentation
¶
Index ¶
- Constants
- Variables
- func AddProvider(c *container.Container, providerID string, message *text.Message)
- func AddProviders(c *container.Container, providers []Configuration, ...)
- func NewLinkNode(provider string) *node.Node
- func NewUnlinkNode(provider string) *node.Node
- func UpstreamParameters(provider Provider, upstreamParameters map[string]string) []oauth2.AuthCodeOption
- type Claims
- type Configuration
- type ConfigurationCollection
- type FlowMethod
- type LinkedInEmail
- type LinkedInIntrospection
- type LinkedInProfile
- type MetadataType
- type PatreonIdentityResponse
- type Provider
- type ProviderApple
- type ProviderAuth0
- type ProviderDingTalk
- func (g *ProviderDingTalk) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderDingTalk) Claims(ctx context.Context, exchange *oauth2.Token, _ url.Values) (*Claims, error)
- func (g *ProviderDingTalk) Config() *Configuration
- func (g *ProviderDingTalk) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error)
- func (g *ProviderDingTalk) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderDiscord
- func (d *ProviderDiscord) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (d *ProviderDiscord) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (d *ProviderDiscord) Config() *Configuration
- func (d *ProviderDiscord) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderFacebook
- type ProviderGenericOIDC
- func (g *ProviderGenericOIDC) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderGenericOIDC) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (g *ProviderGenericOIDC) Config() *Configuration
- func (g *ProviderGenericOIDC) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderGitHub
- func (g *ProviderGitHub) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderGitHub) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (g *ProviderGitHub) Config() *Configuration
- func (g *ProviderGitHub) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderGitHubApp
- func (g *ProviderGitHubApp) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderGitHubApp) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (g *ProviderGitHubApp) Config() *Configuration
- func (g *ProviderGitHubApp) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderGitLab
- type ProviderGoogle
- type ProviderLark
- func (pl *ProviderLark) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderLark) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (g *ProviderLark) Config() *Configuration
- func (g *ProviderLark) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderLinkedIn
- func (l *ProviderLinkedIn) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (l *ProviderLinkedIn) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (_ *Claims, err error)
- func (l *ProviderLinkedIn) Config() *Configuration
- func (l *ProviderLinkedIn) Email(ctx context.Context, client *retryablehttp.Client) (*LinkedInEmail, error)
- func (l *ProviderLinkedIn) OAuth2(ctx context.Context) (*oauth2.Config, error)
- func (l *ProviderLinkedIn) Profile(ctx context.Context, client *retryablehttp.Client) (*LinkedInProfile, error)
- func (l *ProviderLinkedIn) ProfilePicture(profile *LinkedInProfile) string
- type ProviderMicrosoft
- type ProviderNetID
- type ProviderPatreon
- func (d *ProviderPatreon) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (d *ProviderPatreon) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (d *ProviderPatreon) Config() *Configuration
- func (d *ProviderPatreon) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderSlack
- func (d *ProviderSlack) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (d *ProviderSlack) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (d *ProviderSlack) Config() *Configuration
- func (d *ProviderSlack) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderSpotify
- func (g *ProviderSpotify) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderSpotify) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (g *ProviderSpotify) Config() *Configuration
- func (g *ProviderSpotify) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type ProviderVK
- type ProviderYandex
- func (g *ProviderYandex) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
- func (g *ProviderYandex) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error)
- func (g *ProviderYandex) Config() *Configuration
- func (g *ProviderYandex) OAuth2(ctx context.Context) (*oauth2.Config, error)
- type State
- type Strategy
- func (s *Strategy) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod
- func (s *Strategy) Config(ctx context.Context) (*ConfigurationCollection, error)
- func (s *Strategy) CountActiveFirstFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
- func (s *Strategy) CountActiveMultiFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
- func (s *Strategy) ID() identity.CredentialsType
- func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, _ uuid.UUID) (i *identity.Identity, err error)
- func (s *Strategy) NodeGroup() node.UiNodeGroup
- func (s *Strategy) PopulateLoginMethod(r *http.Request, requestedAAL identity.AuthenticatorAssuranceLevel, ...) error
- func (s *Strategy) PopulateRegistrationMethod(r *http.Request, f *registration.Flow) error
- func (s *Strategy) PopulateSettingsMethod(r *http.Request, id *identity.Identity, sr *settings.Flow) error
- func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, ...) (err error)
- func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
- func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
- func (s *Strategy) RegisterSettingsRoutes(router *x.RouterPublic)
- func (s *Strategy) Settings(w http.ResponseWriter, r *http.Request, f *settings.Flow, ss *session.Session) (*settings.UpdateContext, error)
- func (s *Strategy) SettingsStrategyID() string
- type TokenExchanger
- type UpdateLoginFlowWithOidcMethod
- type UpdateRegistrationFlowWithOidcMethod
Constants ¶
View Source
const ( ProfileUrl string = "" /* 146-byte string literal not displayed */ EmailUrl string = "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))" IntrospectionURL string = "https://www.linkedin.com/oauth/v2/introspectToken" )
View Source
const ( RouteBase = "/self-service/methods/oidc" RouteAuth = RouteBase + "/auth/:flow" RouteCallback = RouteBase + "/callback/:provider" )
Variables ¶
View Source
var ( ErrScopeMissing = herodot.ErrBadRequest. WithError("authentication failed because a required scope was not granted"). WithReasonf(`Unable to finish because one or more permissions were not granted. Please retry and accept all permissions.`) ErrIDTokenMissing = herodot.ErrBadRequest. WithError("authentication failed because id_token is missing"). WithReasonf(`Authentication failed because no id_token was returned. Please accept the "openid" permission and try again.`) )
View Source
var ConnectionExistValidationError = &jsonschema.ValidationError{
Message: "can not link unknown or already existing OpenID Connect connection", InstancePtr: "#/"}
View Source
var UnknownConnectionValidationError = &jsonschema.ValidationError{
Message: "can not unlink non-existing OpenID Connect connection", InstancePtr: "#/"}
View Source
var UnlinkAllFirstFactorConnectionsError = &jsonschema.ValidationError{
Message: "can not unlink OpenID Connect connection because it is the last remaining first factor credential", InstancePtr: "#/"}
Functions ¶
func AddProvider ¶
func AddProviders ¶
func NewLinkNode ¶
func NewUnlinkNode ¶
func UpstreamParameters ¶ added in v0.13.0
func UpstreamParameters(provider Provider, upstreamParameters map[string]string) []oauth2.AuthCodeOption
UpstreamParameters returns a list of oauth2.AuthCodeOption based on the upstream parameters.
Only allowed parameters are returned and the rest is ignored. Allowed parameters are also defined in the `oidc/.schema/link.schema.json` file, however, this function also validates the parameters to prevent any potential security issues.
Allowed parameters are: - `login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session. - `hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`. - `prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`.
Types ¶
type Claims ¶
type Claims struct {
Issuer string `json:"iss,omitempty"`
Subject string `json:"sub,omitempty"`
Name string `json:"name,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
LastName string `json:"last_name,omitempty"`
MiddleName string `json:"middle_name,omitempty"`
Nickname string `json:"nickname,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
Profile string `json:"profile,omitempty"`
Picture string `json:"picture,omitempty"`
Website string `json:"website,omitempty"`
Email string `json:"email,omitempty"`
EmailVerified x.ConvertibleBoolean `json:"email_verified,omitempty"`
Gender string `json:"gender,omitempty"`
Birthdate string `json:"birthdate,omitempty"`
Zoneinfo string `json:"zoneinfo,omitempty"`
Locale string `json:"locale,omitempty"`
PhoneNumber string `json:"phone_number,omitempty"`
PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`
UpdatedAt int64 `json:"updated_at,omitempty"`
HD string `json:"hd,omitempty"`
Team string `json:"team,omitempty"`
RawClaims map[string]interface{} `json:"raw_claims,omitempty"`
}
ConvertibleBoolean is used as Apple casually sends the email_verified field as a string.
type Configuration ¶
type Configuration struct {
// ID is the provider's ID
ID string `json:"id"`
// Provider is either "generic" for a generic OAuth 2.0 / OpenID Connect Provider or one of:
// - generic
// - google
// - github
// - github-app
// - gitlab
// - microsoft
// - discord
// - slack
// - facebook
// - auth0
// - vk
// - yandex
// - apple
// - spotify
// - netid
// - dingtalk
// - linkedin
// - patreon
Provider string `json:"provider"`
// Label represents an optional label which can be used in the UI generation.
Label string `json:"label"`
// ClientID is the application's Client ID.
ClientID string `json:"client_id"`
// ClientSecret is the application's secret.
ClientSecret string `json:"client_secret"`
// IssuerURL is the OpenID Connect Server URL. You can leave this empty if `provider` is not set to `generic`.
// If set, neither `auth_url` nor `token_url` are required.
IssuerURL string `json:"issuer_url"`
// AuthURL is the authorize url, typically something like: https://example.org/oauth2/auth
// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
// `provider` is set to `generic`.
AuthURL string `json:"auth_url"`
// TokenURL is the token url, typically something like: https://example.org/oauth2/token
// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
// `provider` is set to `generic`.
TokenURL string `json:"token_url"`
// Tenant is the Azure AD Tenant to use for authentication, and must be set when `provider` is set to `microsoft`.
// Can be either `common`, `organizations`, `consumers` for a multitenant application or a specific tenant like
// `8eaef023-2b34-4da1-9baa-8bc8c9d6a490` or `contoso.onmicrosoft.com`.
Tenant string `json:"microsoft_tenant"`
// SubjectSource is a flag which controls from which endpoint the subject identifier is taken by microsoft provider.
// Can be either `userinfo` or `me`.
// If the value is `uerinfo` then the subject identifier is taken from sub field of uderifo standard endpoint response.
// If the value is `me` then the `id` field of https://graph.microsoft.com/v1.0/me response is taken as subject.
// The default is `userinfo`.
SubjectSource string `json:"subject_source"`
// TeamId is the Apple Developer Team ID that's needed for the `apple` `provider` to work.
// It can be found Apple Developer website and combined with `apple_private_key` and `apple_private_key_id`
// is used to generate `client_secret`
TeamId string `json:"apple_team_id"`
// PrivateKeyId is the private Apple key identifier. Keys can be generated via developer.apple.com.
// This key should be generated with the `Sign In with Apple` option checked.
// This is needed when `provider` is set to `apple`
PrivateKeyId string `json:"apple_private_key_id"`
// PrivateKeyId is the Apple private key identifier that can be downloaded during key generation.
// This is needed when `provider` is set to `apple`
PrivateKey string `json:"apple_private_key"`
// Scope specifies optional requested permissions.
Scope []string `json:"scope"`
// Mapper specifies the JSONNet code snippet which uses the OpenID Connect Provider's data (e.g. GitHub or Google
// profile information) to hydrate the identity's data.
//
// It can be either a URL (file://, http(s)://, base64://) or an inline JSONNet code snippet.
Mapper string `json:"mapper_url"`
// RequestedClaims string encoded json object that specifies claims and optionally their properties which should be
// included in the id_token or returned from the UserInfo Endpoint.
//
// More information: https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
RequestedClaims json.RawMessage `json:"requested_claims"`
}
type ConfigurationCollection ¶
type ConfigurationCollection struct {
BaseRedirectURI string `json:"base_redirect_uri"`
Providers []Configuration `json:"providers"`
}
type FlowMethod ¶
func NewFlowMethod ¶
func NewFlowMethod(f *container.Container) *FlowMethod
type LinkedInEmail ¶ added in v0.13.0
type LinkedInIntrospection ¶ added in v0.13.0
type LinkedInIntrospection struct {
Active bool `json:"active"`
ClientID string `json:"client_id"`
AuthorizedAt uint32 `json:"authorized_at"`
CreatedAt uint32 `json:"created_at"`
ExpiresAt uint32 `json:"expires_at"`
Status string `json:"status"`
Scope string `json:"scope"`
AuthType string `json:"auth_type"`
}
type LinkedInProfile ¶ added in v0.13.0
type LinkedInProfile struct {
LocalizedLastName string `json:"localizedLastName"`
LocalizedFirstName string `json:"localizedFirstName"`
ProfilePicture *struct {
DisplayImage struct {
Elements []struct {
Identifiers []struct {
Identifier string `json:"identifier"`
} `json:"identifiers"`
} `json:"elements"`
} `json:"displayImage~"`
} `json:"profilePicture,omitempty"`
ID string `json:"id"`
}
type MetadataType ¶ added in v0.11.0
type MetadataType string
const ( PublicMetadata MetadataType = "identity.metadata_public" AdminMetadata MetadataType = "identity.metadata_admin" )
type PatreonIdentityResponse ¶ added in v0.13.0
type PatreonIdentityResponse struct {
Data struct {
Attributes struct {
Email string `json:"email"`
FirstName string `json:"first_name"`
FullName string `json:"full_name"`
ImageUrl string `json:"image_url"`
LastName string `json:"last_name"`
} `json:"attributes"`
Id string `json:"id"`
Type string `json:"type"`
} `json:"data"`
}
type ProviderApple ¶
type ProviderApple struct {
*ProviderGenericOIDC
}
func NewProviderApple ¶
func NewProviderApple( config *Configuration, reg dependencies, ) *ProviderApple
func (*ProviderApple) AuthCodeURLOptions ¶
func (a *ProviderApple) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
type ProviderAuth0 ¶
type ProviderAuth0 struct {
*ProviderGenericOIDC
}
func NewProviderAuth0 ¶
func NewProviderAuth0( config *Configuration, reg dependencies, ) *ProviderAuth0
type ProviderDingTalk ¶ added in v0.11.0
type ProviderDingTalk struct {
// contains filtered or unexported fields
}
func NewProviderDingTalk ¶ added in v0.11.0
func NewProviderDingTalk( config *Configuration, reg dependencies, ) *ProviderDingTalk
func (*ProviderDingTalk) AuthCodeURLOptions ¶ added in v0.11.0
func (g *ProviderDingTalk) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderDingTalk) Config ¶ added in v0.11.0
func (g *ProviderDingTalk) Config() *Configuration
type ProviderDiscord ¶
type ProviderDiscord struct {
// contains filtered or unexported fields
}
func NewProviderDiscord ¶
func NewProviderDiscord( config *Configuration, reg dependencies, ) *ProviderDiscord
func (*ProviderDiscord) AuthCodeURLOptions ¶
func (d *ProviderDiscord) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderDiscord) Config ¶
func (d *ProviderDiscord) Config() *Configuration
type ProviderFacebook ¶
type ProviderFacebook struct {
*ProviderGenericOIDC
}
func NewProviderFacebook ¶
func NewProviderFacebook( config *Configuration, reg dependencies, ) *ProviderFacebook
type ProviderGenericOIDC ¶
type ProviderGenericOIDC struct {
// contains filtered or unexported fields
}
func NewProviderGenericOIDC ¶
func NewProviderGenericOIDC( config *Configuration, reg dependencies, ) *ProviderGenericOIDC
func (*ProviderGenericOIDC) AuthCodeURLOptions ¶
func (g *ProviderGenericOIDC) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderGenericOIDC) Config ¶
func (g *ProviderGenericOIDC) Config() *Configuration
type ProviderGitHub ¶
type ProviderGitHub struct {
// contains filtered or unexported fields
}
func NewProviderGitHub ¶
func NewProviderGitHub( config *Configuration, reg dependencies, ) *ProviderGitHub
func (*ProviderGitHub) AuthCodeURLOptions ¶
func (g *ProviderGitHub) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderGitHub) Config ¶
func (g *ProviderGitHub) Config() *Configuration
type ProviderGitHubApp ¶
type ProviderGitHubApp struct {
// contains filtered or unexported fields
}
func NewProviderGitHubApp ¶
func NewProviderGitHubApp( config *Configuration, reg dependencies, ) *ProviderGitHubApp
func (*ProviderGitHubApp) AuthCodeURLOptions ¶
func (g *ProviderGitHubApp) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderGitHubApp) Config ¶
func (g *ProviderGitHubApp) Config() *Configuration
type ProviderGitLab ¶
type ProviderGitLab struct {
*ProviderGenericOIDC
}
func NewProviderGitLab ¶
func NewProviderGitLab( config *Configuration, reg dependencies, ) *ProviderGitLab
type ProviderGoogle ¶
type ProviderGoogle struct {
*ProviderGenericOIDC
}
func NewProviderGoogle ¶
func NewProviderGoogle( config *Configuration, reg dependencies, ) *ProviderGoogle
func (*ProviderGoogle) AuthCodeURLOptions ¶ added in v0.13.0
func (g *ProviderGoogle) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
type ProviderLark ¶ added in v1.0.0
type ProviderLark struct {
*ProviderGenericOIDC
}
func NewProviderLark ¶ added in v1.0.0
func NewProviderLark( config *Configuration, reg dependencies, ) *ProviderLark
func (*ProviderLark) AuthCodeURLOptions ¶ added in v1.0.0
func (pl *ProviderLark) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderLark) Config ¶ added in v1.0.0
func (g *ProviderLark) Config() *Configuration
type ProviderLinkedIn ¶ added in v0.13.0
type ProviderLinkedIn struct {
// contains filtered or unexported fields
}
func NewProviderLinkedIn ¶ added in v0.13.0
func NewProviderLinkedIn( config *Configuration, reg dependencies, ) *ProviderLinkedIn
func (*ProviderLinkedIn) AuthCodeURLOptions ¶ added in v0.13.0
func (l *ProviderLinkedIn) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderLinkedIn) Config ¶ added in v0.13.0
func (l *ProviderLinkedIn) Config() *Configuration
func (*ProviderLinkedIn) Email ¶ added in v0.13.0
func (l *ProviderLinkedIn) Email(ctx context.Context, client *retryablehttp.Client) (*LinkedInEmail, error)
func (*ProviderLinkedIn) Profile ¶ added in v0.13.0
func (l *ProviderLinkedIn) Profile(ctx context.Context, client *retryablehttp.Client) (*LinkedInProfile, error)
func (*ProviderLinkedIn) ProfilePicture ¶ added in v0.13.0
func (l *ProviderLinkedIn) ProfilePicture(profile *LinkedInProfile) string
type ProviderMicrosoft ¶
type ProviderMicrosoft struct {
*ProviderGenericOIDC
}
func NewProviderMicrosoft ¶
func NewProviderMicrosoft( config *Configuration, reg dependencies, ) *ProviderMicrosoft
type ProviderNetID ¶
type ProviderNetID struct {
*ProviderGenericOIDC
}
func NewProviderNetID ¶
func NewProviderNetID( config *Configuration, reg dependencies, ) *ProviderNetID
type ProviderPatreon ¶ added in v0.13.0
type ProviderPatreon struct {
// contains filtered or unexported fields
}
func NewProviderPatreon ¶ added in v0.13.0
func NewProviderPatreon( config *Configuration, reg dependencies, ) *ProviderPatreon
func (*ProviderPatreon) AuthCodeURLOptions ¶ added in v0.13.0
func (d *ProviderPatreon) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderPatreon) Config ¶ added in v0.13.0
func (d *ProviderPatreon) Config() *Configuration
type ProviderSlack ¶
type ProviderSlack struct {
// contains filtered or unexported fields
}
func NewProviderSlack ¶
func NewProviderSlack( config *Configuration, reg dependencies, ) *ProviderSlack
func (*ProviderSlack) AuthCodeURLOptions ¶
func (d *ProviderSlack) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderSlack) Config ¶
func (d *ProviderSlack) Config() *Configuration
type ProviderSpotify ¶
type ProviderSpotify struct {
// contains filtered or unexported fields
}
func NewProviderSpotify ¶
func NewProviderSpotify( config *Configuration, reg dependencies, ) *ProviderSpotify
func (*ProviderSpotify) AuthCodeURLOptions ¶
func (g *ProviderSpotify) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderSpotify) Config ¶
func (g *ProviderSpotify) Config() *Configuration
type ProviderVK ¶
type ProviderVK struct {
// contains filtered or unexported fields
}
func NewProviderVK ¶
func NewProviderVK( config *Configuration, reg dependencies, ) *ProviderVK
func (*ProviderVK) AuthCodeURLOptions ¶
func (g *ProviderVK) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderVK) Config ¶
func (g *ProviderVK) Config() *Configuration
type ProviderYandex ¶
type ProviderYandex struct {
// contains filtered or unexported fields
}
func NewProviderYandex ¶
func NewProviderYandex( config *Configuration, reg dependencies, ) *ProviderYandex
func (*ProviderYandex) AuthCodeURLOptions ¶
func (g *ProviderYandex) AuthCodeURLOptions(r ider) []oauth2.AuthCodeOption
func (*ProviderYandex) Config ¶
func (g *ProviderYandex) Config() *Configuration
type Strategy ¶
type Strategy struct {
// contains filtered or unexported fields
}
Strategy implements selfservice.LoginStrategy, selfservice.RegistrationStrategy and selfservice.SettingsStrategy. It supports login, registration and settings via OpenID Providers.
func NewStrategy ¶
func NewStrategy(d dependencies) *Strategy
func (*Strategy) CompletedAuthenticationMethod ¶
func (s *Strategy) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod
func (*Strategy) Config ¶
func (s *Strategy) Config(ctx context.Context) (*ConfigurationCollection, error)
func (*Strategy) CountActiveFirstFactorCredentials ¶
func (s *Strategy) CountActiveFirstFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
func (*Strategy) CountActiveMultiFactorCredentials ¶
func (s *Strategy) CountActiveMultiFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
func (*Strategy) ID ¶
func (s *Strategy) ID() identity.CredentialsType
func (*Strategy) NodeGroup ¶
func (s *Strategy) NodeGroup() node.UiNodeGroup
func (*Strategy) PopulateLoginMethod ¶
func (*Strategy) PopulateRegistrationMethod ¶
func (*Strategy) PopulateSettingsMethod ¶
func (*Strategy) Register ¶
func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, i *identity.Identity) (err error)
func (*Strategy) RegisterLoginRoutes ¶
func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
func (*Strategy) RegisterRegistrationRoutes ¶
func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
func (*Strategy) RegisterSettingsRoutes ¶
func (s *Strategy) RegisterSettingsRoutes(router *x.RouterPublic)
func (*Strategy) SettingsStrategyID ¶
type TokenExchanger ¶ added in v0.11.0
type UpdateLoginFlowWithOidcMethod ¶ added in v0.11.0
type UpdateLoginFlowWithOidcMethod struct {
// The provider to register with
//
// required: true
Provider string `json:"provider"`
// The CSRF Token
CSRFToken string `json:"csrf_token"`
// Method to use
//
// This field must be set to `oidc` when using the oidc method.
//
// required: true
Method string `json:"method"`
// The identity traits. This is a placeholder for the registration flow.
Traits json.RawMessage `json:"traits"`
// UpstreamParameters are the parameters that are passed to the upstream identity provider.
//
// These parameters are optional and depend on what the upstream identity provider supports.
// Supported parameters are:
// - `login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session.
// - `hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`.
// - `prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`.
//
// required: false
UpstreamParameters json.RawMessage `json:"upstream_parameters"`
}
Update Login Flow with OpenID Connect Method
swagger:model updateLoginFlowWithOidcMethod
type UpdateRegistrationFlowWithOidcMethod ¶ added in v0.11.0
type UpdateRegistrationFlowWithOidcMethod struct {
// The provider to register with
//
// required: true
Provider string `json:"provider"`
// The CSRF Token
CSRFToken string `json:"csrf_token"`
// The identity traits
Traits json.RawMessage `json:"traits"`
// Method to use
//
// This field must be set to `oidc` when using the oidc method.
//
// required: true
Method string `json:"method"`
// Transient data to pass along to any webhooks
//
// required: false
TransientPayload json.RawMessage `json:"transient_payload,omitempty"`
// UpstreamParameters are the parameters that are passed to the upstream identity provider.
//
// These parameters are optional and depend on what the upstream identity provider supports.
// Supported parameters are:
// - `login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session.
// - `hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`.
// - `prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`.
//
// required: false
UpstreamParameters json.RawMessage `json:"upstream_parameters"`
}
Update Registration Flow with OpenID Connect Method
swagger:model updateRegistrationFlowWithOidcMethod
Source Files
¶
- const.go
- error.go
- form.go
- nodes.go
- provider.go
- provider_apple.go
- provider_auth0.go
- provider_config.go
- provider_dingtalk.go
- provider_discord.go
- provider_facebook.go
- provider_generic_oidc.go
- provider_github.go
- provider_github_app.go
- provider_gitlab.go
- provider_google.go
- provider_lark.go
- provider_linkedin.go
- provider_microsoft.go
- provider_netid.go
- provider_patreon.go
- provider_slack.go
- provider_spotify.go
- provider_vk.go
- provider_yandex.go
- schema.go
- strategy.go
- strategy_login.go
- strategy_registration.go
- strategy_settings.go
- types.go
Click to show internal directories.
Click to hide internal directories.