Documentation ¶
Index ¶
- Constants
- Variables
- func FetchUserInfo(endpoint, token string, opts ...ClientOption) (map[string]interface{}, error)
- func ValidateIDToken(token string, keySet jwk.Set) (openid.Token, error)
- type ClientOption
- type ClientOptions
- type DiscoverySpec
- type OpenidConfig
- type OpenidMiddleware
- type TokenType
- type UserInfo
- type UserInfoCache
- type WellKnownConfiguration
Constants ¶
View Source
const (
TokenKey = "token"
)
Variables ¶
View Source
var ( ErrIssuerMismatch = errors.New("issuer mismatch") ErrMissingDiscoveryConfig = errors.New("at least one of 'discovery' or 'wellKnownConfiguration' fields must be set") )
View Source
var ErrMissingRequiredField = errors.New("openid configuration missing required field")
View Source
var (
ErrNoSigningKeyFound = fmt.Errorf("no signing key found in the JWK set")
)
Functions ¶
func FetchUserInfo ¶
func FetchUserInfo(endpoint, token string, opts ...ClientOption) (map[string]interface{}, error)
Types ¶
type ClientOption ¶ added in v0.5.4
type ClientOption func(*ClientOptions)
func WithHTTPClient ¶ added in v0.5.4
func WithHTTPClient(client *http.Client) ClientOption
type ClientOptions ¶ added in v0.5.4
type ClientOptions struct {
// contains filtered or unexported fields
}
type DiscoverySpec ¶
type DiscoverySpec struct { // Relative path at which to find the openid configuration. If not set, // defaults to '/.well-known/openid-configuration'. //+kubebuilder:default=/.well-known/openid-configuration Path *string `json:"path,omitempty"` // The OP's Issuer identifier. This must exactly match the issuer URL // obtained from the discovery endpoint, and will match the `iss' claim // in the ID Tokens issued by the OP. Issuer string `json:"issuer"` // Optional path to the issuer's CA Certificate. CACert *string `json:"cacert,omitempty"` }
type OpenidConfig ¶
type OpenidConfig struct { // Discovery and WellKnownConfiguration are mutually exclusive. // If the OP (openid provider) has a discovery endpoint, it should be // configured in the Discovery field, otherwise the well-known configuration // fields can be set manually. Discovery *DiscoverySpec `json:"discovery,omitempty"` WellKnownConfiguration *WellKnownConfiguration `json:"wellKnownConfiguration,omitempty"` // IdentifyingClaim is the claim that will be used to identify the user // (e.g. "sub", "email", etc). Defaults to "sub". //+kubebuilder:default=sub IdentifyingClaim string `json:"identifyingClaim,omitempty"` }
func (*OpenidConfig) DeepCopy ¶
func (in *OpenidConfig) DeepCopy() *OpenidConfig
func (*OpenidConfig) DeepCopyInto ¶
func (in *OpenidConfig) DeepCopyInto(out *OpenidConfig)
func (*OpenidConfig) GetWellKnownConfiguration ¶
func (oc *OpenidConfig) GetWellKnownConfiguration() (*WellKnownConfiguration, error)
type OpenidMiddleware ¶
type OpenidMiddleware struct {
// contains filtered or unexported fields
}
func New ¶
func New(ctx context.Context, config v1beta1.AuthProviderSpec) (*OpenidMiddleware, error)
func (*OpenidMiddleware) Handle ¶
func (m *OpenidMiddleware) Handle(c *gin.Context)
type UserInfoCache ¶
type UserInfoCache struct { ClientOptions // contains filtered or unexported fields }
func NewUserInfoCache ¶
func NewUserInfoCache( config *OpenidConfig, logger *zap.SugaredLogger, opts ...ClientOption, ) (*UserInfoCache, error)
type WellKnownConfiguration ¶
type WellKnownConfiguration struct { Issuer string `json:"issuer,omitempty"` AuthEndpoint string `json:"authorization_endpoint,omitempty"` TokenEndpoint string `json:"token_endpoint,omitempty"` UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"` RevocationEndpoint string `json:"revocation_endpoint,omitempty"` JwksUri string `json:"jwks_uri,omitempty"` ScopesSupported []string `json:"scopes_supported,omitempty"` ResponseTypesSupported []string `json:"response_types_supported,omitempty"` ResponseModesSupported []string `json:"response_modes_supported,omitempty"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"` ClaimsSupported []string `json:"claims_supported,omitempty"` RequestURIParameterSupported bool `json:"request_uri_parameter_supported,omitempty"` }
func (WellKnownConfiguration) CheckRequiredFields ¶
func (w WellKnownConfiguration) CheckRequiredFields() error
Click to show internal directories.
Click to hide internal directories.