Documentation ¶
Overview ¶
Package oidc implements a generic OpenID Connect provider.
Index ¶
- Constants
- Variables
- type Option
- type Provider
- func (p *Provider) Authenticate(ctx context.Context, code string, v identity.State) (*oauth2.Token, error)
- func (p *Provider) GetOauthConfig() (*oauth2.Config, error)
- func (p *Provider) GetProvider() (*go_oidc.Provider, error)
- func (p *Provider) GetSignInURL(state string) (string, error)
- func (p *Provider) GetSubject(v interface{}) (string, error)
- func (p *Provider) GetVerifier() (*go_oidc.IDTokenVerifier, error)
- func (p *Provider) LogOut() (*url.URL, error)
- func (p *Provider) Name() string
- func (p *Provider) Refresh(ctx context.Context, t *oauth2.Token, v identity.State) (*oauth2.Token, error)
- func (p *Provider) Revoke(ctx context.Context, t *oauth2.Token) error
- func (p *Provider) UpdateUserInfo(ctx context.Context, t *oauth2.Token, v interface{}) error
Constants ¶
const Name = "oidc"
Name identifies the generic OpenID Connect provider.
Variables ¶
var ErrMissingAccessToken = errors.New("identity/oidc: missing access token")
ErrMissingAccessToken is returned when no access token was found.
var ErrMissingIDToken = errors.New("identity/oidc: missing id_token")
ErrMissingIDToken is returned when (usually on refresh) and identity provider failed to include an id_token in a oauth2 token.
var ErrMissingProviderURL = errors.New("identity/oidc: missing provider url")
ErrMissingProviderURL is returned when an identity provider requires a provider url does not receive one.
var ErrMissingRefreshToken = errors.New("identity/oidc: missing refresh token")
ErrMissingRefreshToken is returned if no refresh token was found.
var ErrRevokeNotImplemented = errors.New("identity/oidc: revoke not implemented")
ErrRevokeNotImplemented is returned when revoke is not implemented by an identity provider.
var ErrSignoutNotImplemented = errors.New("identity/oidc: end session not implemented")
ErrSignoutNotImplemented is returned when end session is not implemented by an identity provider https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated
Functions ¶
This section is empty.
Types ¶
type Option ¶ added in v0.12.2
type Option func(*config)
An Option customizes the config.
func WithGetOauthConfig ¶ added in v0.12.2
WithGetOauthConfig sets the getOauthConfig function in the config.
func WithGetProvider ¶ added in v0.12.2
WithGetProvider sets the getProvider function in the config.
func WithGetVerifier ¶ added in v0.12.2
func WithGetVerifier(f func(*oidc.Provider) *oidc.IDTokenVerifier) Option
WithGetVerifier sets the getVerifier function in the config.
type Provider ¶
type Provider struct { // RevocationURL is the location of the OAuth 2.0 token revocation endpoint. // https://tools.ietf.org/html/rfc7009 RevocationURL string `json:"revocation_endpoint,omitempty"` // EndSessionURL is another endpoint that can be used by other identity // providers that doesn't implement the revocation endpoint but a logout session. // https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated EndSessionURL string `json:"end_session_endpoint,omitempty"` // AuthCodeOptions specifies additional key value pairs query params to add // to the request flow signin url. AuthCodeOptions map[string]string // contains filtered or unexported fields }
Provider provides a standard, OpenID Connect implementation of an authorization identity provider. https://openid.net/specs/openid-connect-core-1_0.html
func (*Provider) Authenticate ¶
func (p *Provider) Authenticate(ctx context.Context, code string, v identity.State) (*oauth2.Token, error)
Authenticate converts an authorization code returned from the identity provider into a token which is then converted into a user session.
func (*Provider) GetOauthConfig ¶ added in v0.12.2
GetOauthConfig gets the oauth.
func (*Provider) GetProvider ¶ added in v0.12.2
GetProvider gets the underlying oidc Provider.
func (*Provider) GetSignInURL ¶
GetSignInURL returns the url of the provider's OAuth 2.0 consent page that asks for permissions for the required scopes explicitly.
State is a token to protect the user from CSRF attacks. You must always provide a non-empty string and validate that it matches the the state query parameter on your redirect callback. See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.
func (*Provider) GetSubject ¶ added in v0.9.0
GetSubject gets the RFC 7519 Subject claim (`sub`) from a
func (*Provider) GetVerifier ¶ added in v0.12.2
func (p *Provider) GetVerifier() (*go_oidc.IDTokenVerifier, error)
GetVerifier gets the verifier.
func (*Provider) LogOut ¶
LogOut returns the EndSessionURL endpoint to allow a logout session to be initiated. https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated
func (*Provider) Refresh ¶
func (p *Provider) Refresh(ctx context.Context, t *oauth2.Token, v identity.State) (*oauth2.Token, error)
Refresh renews a user's session using an oidc refresh token without reprompting the user. Group membership is also refreshed. https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens
func (*Provider) Revoke ¶
Revoke enables a user to revoke her token. If the identity provider does not support revocation an error is thrown.
func (*Provider) UpdateUserInfo ¶ added in v0.10.0
UpdateUserInfo calls the OIDC (spec required) UserInfo Endpoint as well as any groups endpoint (non-spec) to populate the rest of the user's information.
https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
Directories ¶
Path | Synopsis |
---|---|
Package auth0 implements OpenID Connect for auth0
|
Package auth0 implements OpenID Connect for auth0 |
Package azure implements OpenID Connect for Microsoft Azure
|
Package azure implements OpenID Connect for Microsoft Azure |
Package gitlab implements OpenID Connect for Gitlab
|
Package gitlab implements OpenID Connect for Gitlab |
Package google implements OpenID Connect for Google and GSuite.
|
Package google implements OpenID Connect for Google and GSuite. |
Package okta implements OpenID Connect for okta
|
Package okta implements OpenID Connect for okta |
Package onelogin implements OpenID Connect for OneLogin
|
Package onelogin implements OpenID Connect for OneLogin |
Package ping implements OpenID Connect for Ping
|
Package ping implements OpenID Connect for Ping |