Documentation
¶
Index ¶
- Constants
- Variables
- func FetchUserInfo(endpoint, token string) (map[string]interface{}, error)
- func New(ctx context.Context, config v1beta1.AuthProviderSpec) (auth.Middleware, error)
- func ValidateIDToken(token string, keySet jwk.Set) (openid.Token, error)
- type DiscoverySpec
- type OpenidConfig
- type OpenidMiddleware
- type TokenType
- type UserInfo
- type UserInfoCache
- type WellKnownConfiguration
Constants ¶
View Source
const (
TokenKey = "token"
)
Variables ¶
View Source
var ( ErrIssuerMismatch = errors.New("issuer mismatch") ErrMissingDiscoveryConfig = errors.New("at least one of 'discovery' or 'wellKnownConfiguration' fields must be set") )
View Source
var ErrMissingRequiredField = errors.New("openid configuration missing required field")
View Source
var ErrNoSigningKeyFound = fmt.Errorf("no signing key found in the JWK set")
Functions ¶
func FetchUserInfo ¶
func New ¶
func New(ctx context.Context, config v1beta1.AuthProviderSpec) (auth.Middleware, error)
Types ¶
type DiscoverySpec ¶
type DiscoverySpec struct {
// Relative path at which to find the openid configuration. If not set,
// defaults to '/.well-known/openid-configuration'.
//+kubebuilder:default=/.well-known/openid-configuration
Path *string `json:"path,omitempty"`
// The OP's Issuer identifier. This must exactly match the issuer URL
// obtained from the discovery endpoint, and will match the `iss' claim
// in the ID Tokens issued by the OP.
Issuer string `json:"issuer"`
}
type OpenidConfig ¶
type OpenidConfig struct {
// Discovery and WellKnownConfiguration are mutually exclusive.
// If the OP (openid provider) has a discovery endpoint, it should be
// configured in the Discovery field, otherwise the well-known configuration
// fields can be set manually.
Discovery *DiscoverySpec `json:"discovery,omitempty"`
WellKnownConfiguration *WellKnownConfiguration `json:"wellKnownConfiguration,omitempty"`
// IdentifyingClaim is the claim that will be used to identify the user
// (e.g. "sub", "email", etc). Defaults to "sub".
//+kubebuilder:default=sub
IdentifyingClaim string `json:"identifyingClaim,omitempty"`
}
func (*OpenidConfig) DeepCopy ¶
func (in *OpenidConfig) DeepCopy() *OpenidConfig
func (*OpenidConfig) DeepCopyInto ¶
func (in *OpenidConfig) DeepCopyInto(out *OpenidConfig)
func (*OpenidConfig) GetWellKnownConfiguration ¶
func (oc *OpenidConfig) GetWellKnownConfiguration() (*WellKnownConfiguration, error)
type OpenidMiddleware ¶
type OpenidMiddleware struct {
// contains filtered or unexported fields
}
func (*OpenidMiddleware) Handle ¶
func (m *OpenidMiddleware) Handle(c *fiber.Ctx) error
type UserInfoCache ¶
type UserInfoCache struct {
// contains filtered or unexported fields
}
func NewUserInfoCache ¶
func NewUserInfoCache( config *OpenidConfig, logger *zap.SugaredLogger, ) (*UserInfoCache, error)
type WellKnownConfiguration ¶
type WellKnownConfiguration struct {
Issuer string `json:"issuer,omitempty"`
AuthEndpoint string `json:"authorization_endpoint,omitempty"`
TokenEndpoint string `json:"token_endpoint,omitempty"`
UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
JwksUri string `json:"jwks_uri,omitempty"`
ScopesSupported []string `json:"scopes_supported,omitempty"`
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
ResponseModesSupported []string `json:"response_modes_supported,omitempty"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
ClaimsSupported []string `json:"claims_supported,omitempty"`
RequestURIParameterSupported bool `json:"request_uri_parameter_supported,omitempty"`
}
func (WellKnownConfiguration) CheckRequiredFields ¶
func (w WellKnownConfiguration) CheckRequiredFields() error
Source Files
Click to show internal directories.
Click to hide internal directories.