Documentation ¶
Index ¶
Constants ¶
const ( ACRMultiFactor string = "http://schemas.openid.net/pape/policies/2007/06/multi-factor" ACRMultiFactorPhysical string = "http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical" AMROTP string = "otp" )
Variables ¶
var ( // RandomNonceGenerator generates a cryptographically-secure 128-bit random // nonce, encoded into a base64 string. Use with WithNonceGenerator. RandomNonceGenerator = func(ctx context.Context) (string, error) { b := make([]byte, 16) if _, err := io.ReadFull(rand.Reader, b); err != nil { return "", err } return base64.StdEncoding.EncodeToString(b), nil } )
Functions ¶
This section is empty.
Types ¶
type CommandOpener ¶
type CommandOpener struct {
CommandName string
}
CommandOpener opens a URL by executing a command with the URL as the first argument. CommandOpener works well with MacOS's `open` command.
type EchoOpener ¶
type EchoOpener struct{}
EchoOpener opens a URL by printing it to the console for the user to manually click on. It is used as a last resort.
type LocalOIDCTokenSource ¶
func NewSource ¶
func NewSource(client *oidc.Client, opts ...LocalOIDCTokenSourceOpt) (*LocalOIDCTokenSource, error)
NewSource creates a token source that command line (CLI) programs can use to fetch tokens from an OIDC Provider for use in authenticating clients to other systems (e.g., Kubernetes clusters, Docker registries, etc.). The client should be configured with any scopes/acr values that are required.
This will trigger the auth flow each time, in practice the result should be cached.
Example:
ctx := context.TODO() client, err := oidc.DiscoverClient(ctx, StagingURL, ClientID, ClientSecret, "") if err != nil { // handle err } ts, err := NewLocalOIDCTokenSource(client, clientID, clientSecret) if err != nil { // handle err } token, err := ts.Token(ctx) if err != nil { // handle error } // use token
type LocalOIDCTokenSourceOpt ¶
type LocalOIDCTokenSourceOpt func(s *LocalOIDCTokenSource)
func WithNonceGenerator ¶
func WithNonceGenerator(generator func(context.Context) (string, error)) LocalOIDCTokenSourceOpt
WithNonceGenerator specifies a function that generates a nonce. If a nonce generator is present, this token source should not be wrapped in any kind of cache.
func WithOpener ¶
func WithOpener(opener Opener) LocalOIDCTokenSourceOpt
WithOpener sets a custom handler for launching URLs on the user's system. This is used to kick them in to the auth flow.
func WithPortRange ¶
func WithPortRange(portLow int, portHigh int) LocalOIDCTokenSourceOpt
WithPortRange specifies a port range for the local listener to use. The first port in the range that is free will be bound. By default, port 0 is bound, letting the operating system find a free port automatically. However, some OAuth servers only support a limited number of redirect URLs. In that case, the port range may need to be constrained to a known range.
func WithRenderer ¶
func WithRenderer(renderer Renderer) LocalOIDCTokenSourceOpt
WithRenderer sets a customer renderer. The renderer can optionally implement the http.Handler interface. If it does, it will be called for all requests on the local HTTP server that are not handled by the TokenSource. This can be used to serve additional content the renderer depends on.
type Opener ¶
type Opener interface { // Open opens the provided URL in the user's browser Open(ctx context.Context, url string) error }
func DetectOpener ¶
func DetectOpener() Opener
DetectOpener attempts to find the best opener for a user's system. If there is no best opener for the system, it defaults to an opener that prints the URL to the console so the user can click on it.