oidc

package
v0.21.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 17, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package oidc implements a generic OpenID Connect provider.

https://openid.net/specs/openid-connect-core-1_0.html

Index

Constants

View Source
const Name = "oidc"

Name identifies the generic OpenID Connect provider.

Variables

View Source
var ErrMissingAccessToken = errors.New("identity/oidc: missing access token")

ErrMissingAccessToken is returned when no access token was found.

View Source
var ErrMissingIDToken = errors.New("identity/oidc: missing id_token")

ErrMissingIDToken is returned when (usually on refresh) and identity provider failed to include an id_token in a oauth2 token.

View Source
var ErrMissingProviderURL = errors.New("identity/oidc: missing provider url")

ErrMissingProviderURL is returned when an identity provider requires a provider url does not receive one.

View Source
var ErrMissingRefreshToken = errors.New("identity/oidc: missing refresh token")

ErrMissingRefreshToken is returned if no refresh token was found.

View Source
var ErrRevokeNotImplemented = errors.New("identity/oidc: revoke not implemented")

ErrRevokeNotImplemented is returned when revoke is not implemented by an identity provider.

View Source
var ErrSignoutNotImplemented = errors.New("identity/oidc: end session not implemented")

ErrSignoutNotImplemented is returned when end session is not implemented by an identity provider https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated

Functions

This section is empty.

Types

type Option added in v0.12.2

type Option func(*config)

An Option customizes the config.

func WithGetOauthConfig added in v0.12.2

func WithGetOauthConfig(f func(provider *oidc.Provider) *oauth2.Config) Option

WithGetOauthConfig sets the getOauthConfig function in the config.

func WithGetProvider added in v0.12.2

func WithGetProvider(f func() (*oidc.Provider, error)) Option

WithGetProvider sets the getProvider function in the config.

func WithGetVerifier added in v0.12.2

func WithGetVerifier(f func(*oidc.Provider) *oidc.IDTokenVerifier) Option

WithGetVerifier sets the getVerifier function in the config.

type Provider

type Provider struct {

	// RevocationURL is the location of the OAuth 2.0 token revocation endpoint.
	// https://tools.ietf.org/html/rfc7009
	RevocationURL string `json:"revocation_endpoint,omitempty"`

	// EndSessionURL is another endpoint that can be used by other identity
	// providers that doesn't implement the revocation endpoint but a logout session.
	// https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated
	EndSessionURL string `json:"end_session_endpoint,omitempty"`

	// AuthCodeOptions specifies additional key value pairs query params to add
	// to the request flow signin url.
	AuthCodeOptions map[string]string
	// contains filtered or unexported fields
}

Provider provides a standard, OpenID Connect implementation of an authorization identity provider. https://openid.net/specs/openid-connect-core-1_0.html

func New

func New(ctx context.Context, o *oauth.Options, options ...Option) (*Provider, error)

New creates a new instance of a generic OpenID Connect provider.

func (*Provider) Authenticate

func (p *Provider) Authenticate(ctx context.Context, code string, v identity.State) (*oauth2.Token, error)

Authenticate converts an authorization code returned from the identity provider into a token which is then converted into a user session.

func (*Provider) GetOauthConfig added in v0.12.2

func (p *Provider) GetOauthConfig() (*oauth2.Config, error)

GetOauthConfig gets the oauth.

func (*Provider) GetProvider added in v0.12.2

func (p *Provider) GetProvider() (*go_oidc.Provider, error)

GetProvider gets the underlying oidc Provider.

func (*Provider) GetSignInURL

func (p *Provider) GetSignInURL(state string) (string, error)

GetSignInURL returns the url of the provider's OAuth 2.0 consent page that asks for permissions for the required scopes explicitly.

State is a token to protect the user from CSRF attacks. You must always provide a non-empty string and validate that it matches the the state query parameter on your redirect callback. See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.

func (*Provider) GetSubject added in v0.9.0

func (p *Provider) GetSubject(v interface{}) (string, error)

GetSubject gets the RFC 7519 Subject claim (`sub`) from a

func (*Provider) GetVerifier added in v0.12.2

func (p *Provider) GetVerifier() (*go_oidc.IDTokenVerifier, error)

GetVerifier gets the verifier.

func (*Provider) LogOut

func (p *Provider) LogOut() (*url.URL, error)

LogOut returns the EndSessionURL endpoint to allow a logout session to be initiated. https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated

func (*Provider) Name added in v0.11.0

func (p *Provider) Name() string

Name returns the provider name.

func (*Provider) Refresh

func (p *Provider) Refresh(ctx context.Context, t *oauth2.Token, v identity.State) (*oauth2.Token, error)

Refresh renews a user's session using an oidc refresh token without reprompting the user. Group membership is also refreshed. https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens

func (*Provider) Revoke

func (p *Provider) Revoke(ctx context.Context, t *oauth2.Token) error

Revoke enables a user to revoke her token. If the identity provider does not support revocation an error is thrown.

https://tools.ietf.org/html/rfc7009#section-2.1

func (*Provider) UpdateUserInfo added in v0.10.0

func (p *Provider) UpdateUserInfo(ctx context.Context, t *oauth2.Token, v interface{}) error

UpdateUserInfo calls the OIDC (spec required) UserInfo Endpoint as well as any groups endpoint (non-spec) to populate the rest of the user's information.

https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Directories

Path Synopsis
Package auth0 implements OpenID Connect for auth0
Package auth0 implements OpenID Connect for auth0
Package azure implements OpenID Connect for Microsoft Azure
Package azure implements OpenID Connect for Microsoft Azure
Package gitlab implements OpenID Connect for Gitlab
Package gitlab implements OpenID Connect for Gitlab
Package google implements OpenID Connect for Google and GSuite.
Package google implements OpenID Connect for Google and GSuite.
Package okta implements OpenID Connect for okta
Package okta implements OpenID Connect for okta
Package onelogin implements OpenID Connect for OneLogin
Package onelogin implements OpenID Connect for OneLogin
Package ping implements OpenID Connect for Ping
Package ping implements OpenID Connect for Ping

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL