README
¶
OAuth2 / OIDC Authentication
The oidc package provides an authenticator for OIDC tokens. We need to make the claims configurable and
figure out how to map them to Identity attributes.
Principal mapped to {domain}:{sub} for example issuer is sso.redhat.com and subject sub is 1234 so the principal would be redhat.com:12324
Documentation
¶
Overview ¶
package oidc provides an Authenticator based on OAuth2 OIDC JWTs.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct {
Audience string `json:"aud"`
Issuer string `json:"iss"`
Subject string `json:"sub"`
PreferredUsername string `json:"preferred_username"`
}
TODO: make JWT claim fields configurable Claims holds the values we want to extract from the JWT.
type CompletedConfig ¶
type CompletedConfig struct {
// contains filtered or unexported fields
}
type OAuth2Authenticator ¶
type OAuth2Authenticator struct {
CompletedConfig
ClientContext context.Context
Verifier *coreosoidc.IDTokenVerifier
}
func New ¶
func New(c CompletedConfig) (*OAuth2Authenticator, error)
func (*OAuth2Authenticator) Authenticate ¶
func (o *OAuth2Authenticator) Authenticate(ctx context.Context, t transport.Transporter) (*api.Identity, api.Decision)
func (*OAuth2Authenticator) Verify ¶
func (l *OAuth2Authenticator) Verify(token string) (*coreosoidc.IDToken, error)
type Options ¶
type Options struct {
ClientId string `mapstructure:"client-id"`
AuthorizationServerURL string `mapstructure:"authn-server-url"`
InsecureClient bool `mapstructure:"insecure-client"`
SkipClientIDCheck bool `mapstructure:"skip-client-id-check"`
EnforceAudCheck bool `mapstructure:"enforce-aud-check"`
SkipIssuerCheck bool `mapstructure:"skip-issuer-check"`
PrincipalUserDomain string `mapstructure:"principal-user-domain"`
}
func NewOptions ¶
func NewOptions() *Options
Source Files
Click to show internal directories.
Click to hide internal directories.