oidc

package
v0.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package oidc implements a generic OpenID Connect provider.

https://openid.net/specs/openid-connect-core-1_0.html

Index

Constants

View Source 
const Name = "oidc"

Name identifies the generic OpenID Connect provider.

Variables

View Source 
var ErrMissingAccessToken = errors.New("identity/oidc: missing access token")

ErrMissingAccessToken is returned when no access token was found.

View Source 
var ErrMissingIDToken = errors.New("identity/oidc: missing id_token")

ErrMissingIDToken is returned when (usually on refresh) and identity provider failed to include an id_token in a oauth2 token.

View Source 
var ErrMissingProviderURL = errors.New("identity/oidc: missing provider url")

ErrMissingProviderURL is returned when an identity provider requires a provider url does not receive one.

View Source 
var ErrMissingRefreshToken = errors.New("identity/oidc: missing refresh token")

ErrMissingRefreshToken is returned if no refresh token was found.

View Source 
var ErrRevokeNotImplemented = errors.New("identity/oidc: revoke not implemented")

ErrRevokeNotImplemented is returned when revoke is not implemented by an identity provider.

View Source 
var ErrSignoutNotImplemented = errors.New("identity/oidc: end session not implemented")

ErrSignoutNotImplemented is returned when end session is not implemented by an identity provider https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated

Functions

func Refresh 

func Refresh(ctx context.Context, cfg *oauth2.Config, t *oauth2.Token) (*oauth2.Token, error)

Refresh requests a new oauth2.Token based on an existing Token and the provided Config. The existing Token must contain a refresh token.

Types

type Option 

type Option func(*config)

An Option customizes the config.

func WithGetOauthConfig 

func WithGetOauthConfig(f func(provider *oidc.Provider) *oauth2.Config) Option

WithGetOauthConfig sets the getOauthConfig function in the config.

func WithGetProvider 

func WithGetProvider(f func() (*oidc.Provider, error)) Option

WithGetProvider sets the getProvider function in the config.

func WithGetVerifier 

func WithGetVerifier(f func(*oidc.Provider) *oidc.IDTokenVerifier) Option

WithGetVerifier sets the getVerifier function in the config.

type Provider 

type Provider struct {

	// RevocationURL is the location of the OAuth 2.0 token revocation endpoint.
	// https://tools.ietf.org/html/rfc7009
	RevocationURL string `json:"revocation_endpoint,omitempty"`

	// EndSessionURL is another endpoint that can be used by other identity
	// providers that doesn't implement the revocation endpoint but a logout session.
	// https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated
	EndSessionURL string `json:"end_session_endpoint,omitempty"`

	// AuthCodeOptions specifies additional key value pairs query params to add
	// to the request flow signin url.
	AuthCodeOptions map[string]string
	// contains filtered or unexported fields
}

Provider provides a standard, OpenID Connect implementation of an authorization identity provider. https://openid.net/specs/openid-connect-core-1_0.html

func New 

func New(ctx context.Context, o *oauth.Options, options ...Option) (*Provider, error)

New creates a new instance of a generic OpenID Connect provider.

func (*Provider) Authenticate 

func (p *Provider) Authenticate(ctx context.Context, code string, v identity.State) (*oauth2.Token, error)

Authenticate converts an authorization code returned from the identity provider into a token which is then converted into a user session.

func (*Provider) GetOauthConfig 

func (p *Provider) GetOauthConfig() (*oauth2.Config, error)

GetOauthConfig gets the oauth.

func (*Provider) GetProvider 

func (p *Provider) GetProvider() (*go_oidc.Provider, error)

GetProvider gets the underlying oidc Provider.

func (*Provider) GetSubject 

func (p *Provider) GetSubject(v any) (string, error)

GetSubject gets the RFC 7519 Subject claim (`sub`) from a

func (*Provider) GetVerifier 

func (p *Provider) GetVerifier() (*go_oidc.IDTokenVerifier, error)

GetVerifier gets the verifier.

func (*Provider) Name 

func (p *Provider) Name() string

Name returns the provider name.

func (*Provider) Refresh 

func (p *Provider) Refresh(ctx context.Context, t *oauth2.Token, v identity.State) (*oauth2.Token, error)

Refresh renews a user's session using an oidc refresh token without reprompting the user. Group membership is also refreshed. https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens

func (*Provider) Revoke 

func (p *Provider) Revoke(ctx context.Context, t *oauth2.Token) error

Revoke enables a user to revoke her token. If the identity provider does not support revocation an error is thrown.

https://tools.ietf.org/html/rfc7009#section-2.1

func (*Provider) SignIn 

func (p *Provider) SignIn(w http.ResponseWriter, r *http.Request, state string) error

SignIn redirects to the url of the provider's OAuth 2.0 consent page that asks for permissions for the required scopes explicitly.

State is a token to protect the user from CSRF attacks. You must always provide a non-empty string and validate that it matches the the state query parameter on your redirect callback. See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.

func (*Provider) SignOut 

func (p *Provider) SignOut(w http.ResponseWriter, r *http.Request, idTokenHint, authenticateSignedOutURL, redirectToURL string) error

SignOut uses the EndSessionURL endpoint to allow a logout session to be initiated. https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated

func (*Provider) UpdateUserInfo 

func (p *Provider) UpdateUserInfo(ctx context.Context, t *oauth2.Token, v any) error

UpdateUserInfo calls the OIDC (spec required) UserInfo Endpoint as well as any groups endpoint (non-spec) to populate the rest of the user's information.

https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Source Files

View all Source files

Directories

Path Synopsis
Package auth0 implements OpenID Connect for auth0
 Package auth0 implements OpenID Connect for auth0
Package azure implements OpenID Connect for Microsoft Azure
 Package azure implements OpenID Connect for Microsoft Azure
Package cognito provides support for AWS Cognito
 Package cognito provides support for AWS Cognito
Package gitlab implements OpenID Connect for Gitlab
 Package gitlab implements OpenID Connect for Gitlab
Package google implements OpenID Connect for Google and GSuite.
 Package google implements OpenID Connect for Google and GSuite.
Package okta implements OpenID Connect for okta
 Package okta implements OpenID Connect for okta
Package onelogin implements OpenID Connect for OneLogin
 Package onelogin implements OpenID Connect for OneLogin
Package ping implements OpenID Connect for Ping
 Package ping implements OpenID Connect for Ping

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.