Documentation
¶
Index ¶
Constants ¶
const DefaultFetchInterval = 1200 * time.Second
DefaultFetchInterval is the default interval to use when none is set.
Variables ¶
var ( // ErrJWKSParse is returned when the JWKS document cannot be parsed. ErrJWKSParse = errors.New("error parsing JWKS document") // ErrJWKSFetch is returned when the JWKS document cannot be fetched. ErrJWKSFetch = errors.New("error fetching JWKS document") )
var (
ErrRedis = errors.New("redis error")
)
Functions ¶
Types ¶
type AuthorizationState ¶
AuthorizationState contains information about the state of the authorization process.
type DefaultJWKSProvider ¶
type DefaultJWKSProvider struct {
// contains filtered or unexported fields
}
DefaultJWKSProvider provides a JWKS set
func NewJWKSProvider ¶
func NewJWKSProvider(cfg *configv1.Config, tlsPool internal.TLSConfigPool) *DefaultJWKSProvider
NewJWKSProvider returns a new JWKSProvider.
func (*DefaultJWKSProvider) Get ¶
func (j *DefaultJWKSProvider) Get(ctx context.Context, config *oidcv1.OIDCConfig) (jwk.Set, error)
Get the JWKS for the given OIDC configuration
func (*DefaultJWKSProvider) Name ¶
func (j *DefaultJWKSProvider) Name() string
Name of the JWKSProvider run.Unit
func (*DefaultJWKSProvider) ServeContext ¶
func (j *DefaultJWKSProvider) ServeContext(ctx context.Context) error
type JWKSProvider ¶
type JWKSProvider interface {
// Get the JWKS for the given OIDC configuration
Get(context.Context, *oidcv1.OIDCConfig) (jwk.Set, error)
}
JWKSProvider provides a JWKS set for a given OIDC configuration.
type SessionGenerator ¶
type SessionGenerator interface {
GenerateSessionID() string
GenerateNonce() string
GenerateState() string
}
SessionGenerator is an interface for generating session data.
func NewRandomGenerator ¶
func NewRandomGenerator() SessionGenerator
NewRandomGenerator creates a new random session generator.
func NewStaticGenerator ¶
func NewStaticGenerator(sessionID, nonce, state string) SessionGenerator
NewStaticGenerator creates a new static session generator.
type SessionStore ¶
type SessionStore interface {
SetTokenResponse(ctx context.Context, sessionID string, tokenResponse *TokenResponse) error
GetTokenResponse(ctx context.Context, sessionID string) (*TokenResponse, error)
SetAuthorizationState(ctx context.Context, sessionID string, authorizationState *AuthorizationState) error
GetAuthorizationState(ctx context.Context, sessionID string) (*AuthorizationState, error)
ClearAuthorizationState(ctx context.Context, sessionID string) error
RemoveSession(ctx context.Context, sessionID string) error
RemoveAllExpired(ctx context.Context) error
}
SessionStore is an interface for storing session data.
func NewMemoryStore ¶
func NewMemoryStore(clock *Clock, absoluteSessionTimeout, idleSessionTimeout time.Duration) SessionStore
NewMemoryStore creates a new in-memory session store.
func NewRedisStore ¶
func NewRedisStore(clock *Clock, client redis.Cmdable, absoluteSessionTimeout, idleSessionTimeout time.Duration) (SessionStore, error)
NewRedisStore creates a new SessionStore that stores the session data in a given Redis server.
type SessionStoreFactory ¶
type SessionStoreFactory interface {
Get(cfg *oidcv1.OIDCConfig) SessionStore
}
SessionStoreFactory is a factory for managing multiple SessionStores. It uses the OIDC configuration to determine which store to use.
type SessionStoreFactoryUnit ¶
type SessionStoreFactoryUnit interface {
run.PreRunner
SessionStoreFactory
}
SessionStoreFactoryUnit is a combination of a run.PreRunner and a SessionStoreFactory.
func NewSessionStoreFactory ¶
func NewSessionStoreFactory(cfg *configv1.Config) SessionStoreFactoryUnit
NewSessionStoreFactory creates a factory for managing session stores. It uses the OIDC configuration to determine which store to use.
type TokenResponse ¶
type TokenResponse struct {
IDToken string
AccessToken string
AccessTokenExpiresAt time.Time
RefreshToken string
}
TokenResponse contains information about the tokens returned by the Identity Provider.
func (*TokenResponse) ParseIDToken ¶
func (t *TokenResponse) ParseIDToken() (jwt.Token, error)
ParseIDToken parses the ID token string and returns the token and an error if any.
type WellKnownConfig ¶
type WellKnownConfig struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
JWKSURL string `json:"jwks_uri"`
ResponseTypesSupported []string `json:"response_types_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgorithms []string `json:"id_token_signing_alg_values_supported"`
TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
UserInfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
RevocationEndpoint string `json:"revocation_endpoint"`
IntrospectionEndpoint string `json:"introspection_endpoint"`
ScopesSupported []string `json:"scopes_supported"`
ClaimsSupported []string `json:"claims_supported"`
CodeChallengeMethods []string `json:"code_challenge_methods_supported"`
TokenRevocationEndpoint string `json:"token_revocation_endpoint"`
}
WellKnownConfig represents the OIDC well-known configuration
func GetWellKnownConfig ¶
func GetWellKnownConfig(client *http.Client, url string) (WellKnownConfig, error)
GetWellKnownConfig retrieves the OIDC well-known configuration from the given issuer URL.
Source Files