Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( UntrustedIssuerError = errors.New("issuer not trusted") KeyManagerNotInitializedError = errors.New("KeyManager not initialized") )
var (
MetadataNotFoundError = errors.New("metadata not found")
)
var WellKnown = []string{
"oauth-authorization-server",
"openid-configuration",
}
WellKnown is a list of well-known URL suffixes to check for OAuth server metadata. See https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml and https://datatracker.ietf.org/doc/html/draft-ietf-oauth-discovery-07
Functions ¶
Types ¶
type KeyFetcher ¶
type KeyFetcher struct {
// contains filtered or unexported fields
}
KeyFetcher is a KeyProvider that fetches keys on demand.
func NewKeyFetcher ¶
func NewKeyFetcher(issuers ...string) *KeyFetcher
NewKeyFetcher initializes a new key manager that DOES NOT cache keys, rather fetching them on demand. Use NewKeyManager() for long-lived processes.
func (*KeyFetcher) AddIssuer ¶
func (m *KeyFetcher) AddIssuer(ctx context.Context, issuer string) error
AddIssuer determines the JSON Web Keys URL for the given issuer, and adds it to the list of issuers trusted by this IssueKeyFetcher and accepted when using KeySetFrom() for validating tokens.
func (*KeyFetcher) GetKeys ¶
GetKeys returns all JSON Web Keys for the given issuer, fetching from the jwks_uri specified in the issuer's OAuth metadata. AddIssuer() must be called first for this issuer or UntrsutedIssuerError will be returned.
func (*KeyFetcher) KeySetFrom ¶
KeySetFrom returns the key set for the token, based on the token's issuer. The issuer must first be added to the KeyFetcher with AddIssuer() or UntrustedIssuerError will be returned.
type KeyManager ¶
type KeyManager struct {
// contains filtered or unexported fields
}
KeyManager is a KeyProvider that refreshes keys on a regular interval.
func NewKeyManager ¶
func NewKeyManager(ctx context.Context) *KeyManager
NewKeyManager initializes a new key manager. The Context controls the lifespan of the manager and its underlying objects.
func (*KeyManager) AddIssuer ¶
func (m *KeyManager) AddIssuer(ctx context.Context, issuer string) error
AddIssuer determines the JSON Web Keys URL for the given issuer, and adds it to the list of issuers managed by this IssueKeyManager and accepted when using KeySetFrom() for validating tokens. Keys will be cached and refreshed at regular intervals, and can be accessed with GetKeys().
func (*KeyManager) GetKeys ¶
GetKeys returns all JSON Web Keys for the given issuer, fetching from the jwks_uri specified in the issuer's OAuth metadata if necessary. The KeyManager will cache these keys, refreshing them at regular intervals. AddIssuer() must be called first for this issuer.
func (*KeyManager) KeySetFrom ¶
KeySetFrom returns the key set for the token, based on the token's issuer. The issuer must first be added to the KeyManager with AddIssuer().
type KeyProvider ¶
type KeyProvider interface {
jwt.KeySetProvider
AddIssuer(context.Context, string) error
GetKeys(context.Context, string) (jwk.Set, error)
}
KeyProvider implements jwt.KeySetProvider, providing jwt.Parse... with the appropriate keys for one or more token issuers.
type Metadata ¶
type Metadata struct {
Issuer string `json:"issuer"`
AuthURL string `json:"authorization_endpoint"`
TokenURL string `json:"token_endpoint"`
JWKSURL string `json:"jwks_uri"`
RegistrationURL string `json:"registration_endpoint"`
UserInfoURL string `json:"userinfo_endpoint"`
Scopes []string `json:"scopes_supported"`
ResponseTypes []string `json:"response_types_supported"`
}
OAuth server Metadata per https://datatracker.ietf.org/doc/html/draft-ietf-oauth-discovery-07. Fields defined as OPTIONAL that aren't currently used are not included.
Source Files