Documentation
¶
Index ¶
- Constants
- type JSONWebKey
- type JSONWebKeySet
- type MockConfig
- func (c MockConfig) GetCertificate() string
- func (c MockConfig) GetCertificateExpiresAt() string
- func (c MockConfig) GetClientID() string
- func (c MockConfig) GetClientSecret() string
- func (c MockConfig) GetDomains() []string
- func (c MockConfig) GetKey() string
- func (c MockConfig) GetOsbURL() string
- func (c MockConfig) GetProofTokenURL() string
- func (c MockConfig) GetURL() string
- func (c MockConfig) GetZoneUUID() uuid.UUID
- type MockServer
- func (m *MockServer) ClearAllHitCounters()
- func (m *MockServer) DefaultClaims() OIDCClaims
- func (m *MockServer) DefaultHeaders() map[string]interface{}
- func (m *MockServer) JWKsHandler(w http.ResponseWriter, _ *http.Request)
- func (m *MockServer) JWKsHandlerInvalidZone(w http.ResponseWriter, _ *http.Request)
- func (m *MockServer) SignToken(claims OIDCClaims, header map[string]interface{}) (string, error)
- func (m *MockServer) SignTokenWithAdditionalClaims(claims OIDCClaims, additionalClaims, header map[string]interface{}) (string, error)
- func (m *MockServer) WellKnownHandler(w http.ResponseWriter, _ *http.Request)
- type OIDCClaims
- type OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) Audience(aud ...string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) Build() OIDCClaims
- func (b *OIDCClaimsBuilder) Email(email string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) ExpiresAt(expiresAt time.Time) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) FamilyName(familyName string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) GivenName(givenName string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) ID(id string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) IasIssuer(issuer string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) IssuedAt(issuedAt time.Time) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) Issuer(issuer string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) NotBefore(notBefore time.Time) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) Subject(subject string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) UserUUID(userUUID string) *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) WithoutAudience() *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) WithoutExpiresAt() *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) WithoutIssuedAt() *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) WithoutNotBefore() *OIDCClaimsBuilder
- func (b *OIDCClaimsBuilder) ZoneID(zoneID string) *OIDCClaimsBuilder
- type OIDCHeaderBuilder
Constants ¶
const InvalidZoneID string = "dff69954-a259-4104-9074-193bc9a366ce"
InvalidZoneID represents a zone guid which is rejected by mock server on behalf of IAS tenant
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type JSONWebKey ¶
type JSONWebKey struct {
Kty string `json:"kty"`
E string `json:"e"`
N string `json:"n"`
Use string `json:"use"`
Kid string `json:"kid"`
Alg string `json:"alg"`
Key interface{}
}
JSONWebKey represents a single JWK
type JSONWebKeySet ¶
type JSONWebKeySet struct {
Keys []*JSONWebKey `json:"keys"`
}
JSONWebKeySet represents the data which is returned by the tenants /oauth2/certs endpoint
type MockConfig ¶
type MockConfig struct {
ClientID string
ClientSecret string
URL string
Domains []string
ZoneUUID uuid.UUID
ProofTokenURL string
OsbURL string
Certificate string
Key string
CertificateExpiresAt string
}
MockConfig represents the credentials to the mock server
func (MockConfig) GetCertificate ¶
func (c MockConfig) GetCertificate() string
GetCertificate implements the auth.OAuthConfig interface.
func (MockConfig) GetCertificateExpiresAt ¶
func (c MockConfig) GetCertificateExpiresAt() string
GetCertificateExpiresAt implements the auth.OAuthConfig interface.
func (MockConfig) GetClientID ¶
func (c MockConfig) GetClientID() string
GetClientID implements the auth.OAuthConfig interface.
func (MockConfig) GetClientSecret ¶
func (c MockConfig) GetClientSecret() string
GetClientSecret implements the auth.OAuthConfig interface.
func (MockConfig) GetDomains ¶ added in v0.9.0
func (c MockConfig) GetDomains() []string
GetDomains implements the auth.OAuthConfig interface.
func (MockConfig) GetKey ¶
func (c MockConfig) GetKey() string
GetKey implements the auth.OAuthConfig interface.
func (MockConfig) GetOsbURL ¶
func (c MockConfig) GetOsbURL() string
GetOsbURL implements the auth.OAuthConfig interface.
func (MockConfig) GetProofTokenURL ¶
func (c MockConfig) GetProofTokenURL() string
GetProofTokenURL implements the auth.OAuthConfig interface.
func (MockConfig) GetURL ¶
func (c MockConfig) GetURL() string
GetURL implements the auth.OAuthConfig interface.
func (MockConfig) GetZoneUUID ¶
func (c MockConfig) GetZoneUUID() uuid.UUID
GetZoneUUID implements the auth.OAuthConfig interface.
type MockServer ¶
type MockServer struct {
Server *httptest.Server // Server holds the httptest.Server and its Client.
Config *MockConfig // Config holds the OIDC config which applications bind to the application.
RSAKey *rsa.PrivateKey // RSAKey holds the servers private key to sign tokens.
WellKnownHitCounter int // JWKsHitCounter holds the number of requests to the WellKnownHandler.
JWKsHitCounter int // JWKsHitCounter holds the number of requests to the JWKsHandler.
}
MockServer serves as a single tenant OIDC mock server for tests. Requests to the MockServer must be done by the mockServers client: MockServer.Server.Client()
func NewOIDCMockServer ¶
func NewOIDCMockServer() (*MockServer, error)
NewOIDCMockServer instantiates a new MockServer.
func (*MockServer) ClearAllHitCounters ¶
func (m *MockServer) ClearAllHitCounters()
ClearAllHitCounters resets all http handlers hit counters. See MockServer.WellKnownHitCounter and MockServer.JWKsHitCounter
func (*MockServer) DefaultClaims ¶
func (m *MockServer) DefaultClaims() OIDCClaims
DefaultClaims returns OIDCClaims with mock server specific default values for standard OIDC claims.
func (*MockServer) DefaultHeaders ¶
func (m *MockServer) DefaultHeaders() map[string]interface{}
DefaultHeaders returns JWT headers with mock server specific default values.
func (*MockServer) JWKsHandler ¶
func (m *MockServer) JWKsHandler(w http.ResponseWriter, _ *http.Request)
JWKsHandler is the http handler which answers requests to the JWKS endpoint.
func (*MockServer) JWKsHandlerInvalidZone ¶ added in v0.10.0
func (m *MockServer) JWKsHandlerInvalidZone(w http.ResponseWriter, _ *http.Request)
JWKsHandlerInvalidZone is the http handler which answers invalid requests to the JWKS endpoint. in reality it returns "{ \"msg\":\"Invalid zone_uuid provided\" }"
func (*MockServer) SignToken ¶
func (m *MockServer) SignToken(claims OIDCClaims, header map[string]interface{}) (string, error)
SignToken signs the provided OIDCClaims and header fields into a base64 encoded JWT token signed by the MockServer.
func (*MockServer) SignTokenWithAdditionalClaims ¶
func (m *MockServer) SignTokenWithAdditionalClaims(claims OIDCClaims, additionalClaims, header map[string]interface{}) (string, error)
SignTokenWithAdditionalClaims signs the token with additional non-standard oidc claims. additionalClaims must not contain any oidc standard claims or duplicates. See also: SignToken
func (*MockServer) WellKnownHandler ¶
func (m *MockServer) WellKnownHandler(w http.ResponseWriter, _ *http.Request)
WellKnownHandler is the http handler which answers requests to the mock servers OIDC discovery endpoint.
type OIDCClaims ¶
type OIDCClaims struct {
Audience []string `json:"aud,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
ID string `json:"jti,omitempty"`
IssuedAt int64 `json:"iat,omitempty"`
Issuer string `json:"iss,omitempty"`
IasIssuer string `json:"ias_iss,omitempty"`
NotBefore int64 `json:"nbf,omitempty"`
Subject string `json:"sub,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
Email string `json:"email,omitempty"`
ZoneID string `json:"zone_uuid,omitempty"`
UserUUID string `json:"user_uuid,omitempty"`
}
OIDCClaims represents all claims that the JWT holds
type OIDCClaimsBuilder ¶
type OIDCClaimsBuilder struct {
// contains filtered or unexported fields
}
OIDCClaimsBuilder can construct token claims for test cases. Use NewOIDCClaimsBuilder as a constructor.
func NewOIDCClaimsBuilder ¶
func NewOIDCClaimsBuilder(base OIDCClaims) *OIDCClaimsBuilder
NewOIDCClaimsBuilder instantiates a new OIDCClaimsBuilder with a base (e.g. MockServer.DefaultClaims)
func (*OIDCClaimsBuilder) Audience ¶
func (b *OIDCClaimsBuilder) Audience(aud ...string) *OIDCClaimsBuilder
Audience sets the aud field
func (*OIDCClaimsBuilder) Build ¶
func (b *OIDCClaimsBuilder) Build() OIDCClaims
Build returns the finished token OIDCClaims
func (*OIDCClaimsBuilder) Email ¶
func (b *OIDCClaimsBuilder) Email(email string) *OIDCClaimsBuilder
Email sets the email field
func (*OIDCClaimsBuilder) ExpiresAt ¶
func (b *OIDCClaimsBuilder) ExpiresAt(expiresAt time.Time) *OIDCClaimsBuilder
ExpiresAt sets the exp field
func (*OIDCClaimsBuilder) FamilyName ¶
func (b *OIDCClaimsBuilder) FamilyName(familyName string) *OIDCClaimsBuilder
FamilyName sets the family_name field
func (*OIDCClaimsBuilder) GivenName ¶
func (b *OIDCClaimsBuilder) GivenName(givenName string) *OIDCClaimsBuilder
GivenName sets the given_name field
func (*OIDCClaimsBuilder) ID ¶
func (b *OIDCClaimsBuilder) ID(id string) *OIDCClaimsBuilder
ID sets the id field
func (*OIDCClaimsBuilder) IasIssuer ¶ added in v0.10.0
func (b *OIDCClaimsBuilder) IasIssuer(issuer string) *OIDCClaimsBuilder
IasIssuer sets the ias_iss field
func (*OIDCClaimsBuilder) IssuedAt ¶
func (b *OIDCClaimsBuilder) IssuedAt(issuedAt time.Time) *OIDCClaimsBuilder
IssuedAt sets the iat field
func (*OIDCClaimsBuilder) Issuer ¶
func (b *OIDCClaimsBuilder) Issuer(issuer string) *OIDCClaimsBuilder
Issuer sets the iss field
func (*OIDCClaimsBuilder) NotBefore ¶
func (b *OIDCClaimsBuilder) NotBefore(notBefore time.Time) *OIDCClaimsBuilder
NotBefore sets the nbf field
func (*OIDCClaimsBuilder) Subject ¶
func (b *OIDCClaimsBuilder) Subject(subject string) *OIDCClaimsBuilder
Subject sets the sub field
func (*OIDCClaimsBuilder) UserUUID ¶
func (b *OIDCClaimsBuilder) UserUUID(userUUID string) *OIDCClaimsBuilder
UserUUID sets the user_uuid field
func (*OIDCClaimsBuilder) WithoutAudience ¶
func (b *OIDCClaimsBuilder) WithoutAudience() *OIDCClaimsBuilder
WithoutAudience removes the aud claim
func (*OIDCClaimsBuilder) WithoutExpiresAt ¶
func (b *OIDCClaimsBuilder) WithoutExpiresAt() *OIDCClaimsBuilder
WithoutExpiresAt removes the exp claim
func (*OIDCClaimsBuilder) WithoutIssuedAt ¶
func (b *OIDCClaimsBuilder) WithoutIssuedAt() *OIDCClaimsBuilder
WithoutIssuedAt removes the iat claim
func (*OIDCClaimsBuilder) WithoutNotBefore ¶
func (b *OIDCClaimsBuilder) WithoutNotBefore() *OIDCClaimsBuilder
WithoutNotBefore removes the nbf claim
func (*OIDCClaimsBuilder) ZoneID ¶
func (b *OIDCClaimsBuilder) ZoneID(zoneID string) *OIDCClaimsBuilder
ZoneID sets the zone_uuid field
type OIDCHeaderBuilder ¶
type OIDCHeaderBuilder struct {
// contains filtered or unexported fields
}
OIDCHeaderBuilder can construct header fields for test cases
func NewOIDCHeaderBuilder ¶
func NewOIDCHeaderBuilder(base map[string]interface{}) *OIDCHeaderBuilder
NewOIDCHeaderBuilder instantiates a new OIDCHeaderBuilder with a base (e.g. MockServer.DefaultHeaders)
func (*OIDCHeaderBuilder) Alg ¶
func (b *OIDCHeaderBuilder) Alg(alg jwa.SignatureAlgorithm) *OIDCHeaderBuilder
Alg sets the alg field
func (*OIDCHeaderBuilder) Build ¶
func (b *OIDCHeaderBuilder) Build() map[string]interface{}
Build returns the finished http header fields
func (*OIDCHeaderBuilder) KeyID ¶
func (b *OIDCHeaderBuilder) KeyID(keyID string) *OIDCHeaderBuilder
KeyID sets the keyID field
Source Files