oidc

package

v1.0.2 Latest Latest Go to latest Published: Mar 7, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tetrateio/authservice-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ParseToken(token string) (jwt.Token, error)
type AuthorizationState
type Clock
- func (s *Clock) Now() time.Time
type DefaultJWKSProvider
- func NewJWKSProvider(cfg *configv1.Config, tlsPool internal.TLSConfigPool) *DefaultJWKSProvider
- func (j *DefaultJWKSProvider) Get(ctx context.Context, config *oidcv1.OIDCConfig) (jwk.Set, error)
- func (j *DefaultJWKSProvider) Name() string
- func (j *DefaultJWKSProvider) ServeContext(ctx context.Context) error
type JWKSProvider
type SessionGenerator
- func NewRandomGenerator() SessionGenerator
- func NewStaticGenerator(sessionID, nonce, state string) SessionGenerator
type SessionStore
- func NewMemoryStore(clock *Clock, absoluteSessionTimeout, idleSessionTimeout time.Duration) SessionStore
- func NewRedisStore(clock *Clock, client redis.Cmdable, ...) (SessionStore, error)
type SessionStoreFactory
type SessionStoreFactoryUnit
- func NewSessionStoreFactory(cfg *configv1.Config) SessionStoreFactoryUnit
type TokenResponse
- func (t *TokenResponse) ParseIDToken() (jwt.Token, error)
type WellKnownConfig
- func GetWellKnownConfig(client *http.Client, url string) (WellKnownConfig, error)

Constants ¶

View Source

const DefaultFetchInterval = 1200 * time.Second

DefaultFetchInterval is the default interval to use when none is set.

Variables ¶

View Source

var (
	// ErrJWKSParse is returned when the JWKS document cannot be parsed.
	ErrJWKSParse = errors.New("error parsing JWKS document")
	// ErrJWKSFetch is returned when the JWKS document cannot be fetched.
	ErrJWKSFetch = errors.New("error fetching JWKS document")
)

View Source

var (
	ErrRedis = errors.New("redis error")
)

Functions ¶

func ParseToken ¶

func ParseToken(token string) (jwt.Token, error)

ParseToken parses the token string and returns the token and an error if any.

Types ¶

type AuthorizationState ¶

type AuthorizationState struct {
	State        string
	Nonce        string
	RequestedURL string
}

AuthorizationState contains information about the state of the authorization process.

type Clock ¶

type Clock struct {
	// Override for time.Now.
	NowFn func() time.Time
}

Clock represents a source of current time.

func (*Clock) Now ¶

func (s *Clock) Now() time.Time

Now returns the current local time.

type DefaultJWKSProvider ¶

type DefaultJWKSProvider struct {
	// contains filtered or unexported fields
}

DefaultJWKSProvider provides a JWKS set

func NewJWKSProvider ¶

func NewJWKSProvider(cfg *configv1.Config, tlsPool internal.TLSConfigPool) *DefaultJWKSProvider

NewJWKSProvider returns a new JWKSProvider.

func (*DefaultJWKSProvider) Get ¶

func (j *DefaultJWKSProvider) Get(ctx context.Context, config *oidcv1.OIDCConfig) (jwk.Set, error)

Get the JWKS for the given OIDC configuration

func (*DefaultJWKSProvider) Name ¶

func (j *DefaultJWKSProvider) Name() string

Name of the JWKSProvider run.Unit

func (*DefaultJWKSProvider) ServeContext ¶

func (j *DefaultJWKSProvider) ServeContext(ctx context.Context) error

type JWKSProvider ¶

type JWKSProvider interface {
	// Get the JWKS for the given OIDC configuration
	Get(context.Context, *oidcv1.OIDCConfig) (jwk.Set, error)
}

JWKSProvider provides a JWKS set for a given OIDC configuration.

type SessionGenerator ¶

type SessionGenerator interface {
	GenerateSessionID() string
	GenerateNonce() string
	GenerateState() string
}

SessionGenerator is an interface for generating session data.

func NewRandomGenerator ¶

func NewRandomGenerator() SessionGenerator

NewRandomGenerator creates a new random session generator.

func NewStaticGenerator ¶

func NewStaticGenerator(sessionID, nonce, state string) SessionGenerator

NewStaticGenerator creates a new static session generator.

type SessionStore ¶

type SessionStore interface {
	SetTokenResponse(ctx context.Context, sessionID string, tokenResponse *TokenResponse) error
	GetTokenResponse(ctx context.Context, sessionID string) (*TokenResponse, error)
	SetAuthorizationState(ctx context.Context, sessionID string, authorizationState *AuthorizationState) error
	GetAuthorizationState(ctx context.Context, sessionID string) (*AuthorizationState, error)
	ClearAuthorizationState(ctx context.Context, sessionID string) error
	RemoveSession(ctx context.Context, sessionID string) error
	RemoveAllExpired(ctx context.Context) error
}

SessionStore is an interface for storing session data.

func NewMemoryStore ¶

func NewMemoryStore(clock *Clock, absoluteSessionTimeout, idleSessionTimeout time.Duration) SessionStore

NewMemoryStore creates a new in-memory session store.

func NewRedisStore ¶

func NewRedisStore(clock *Clock, client redis.Cmdable, absoluteSessionTimeout, idleSessionTimeout time.Duration) (SessionStore, error)

NewRedisStore creates a new SessionStore that stores the session data in a given Redis server.

type SessionStoreFactory ¶

type SessionStoreFactory interface {
	Get(cfg *oidcv1.OIDCConfig) SessionStore
}

SessionStoreFactory is a factory for managing multiple SessionStores. It uses the OIDC configuration to determine which store to use.

type SessionStoreFactoryUnit ¶

type SessionStoreFactoryUnit interface {
	run.PreRunner
	SessionStoreFactory
}

SessionStoreFactoryUnit is a combination of a run.PreRunner and a SessionStoreFactory.

func NewSessionStoreFactory ¶

func NewSessionStoreFactory(cfg *configv1.Config) SessionStoreFactoryUnit

NewSessionStoreFactory creates a factory for managing session stores. It uses the OIDC configuration to determine which store to use.

type TokenResponse ¶

type TokenResponse struct {
	IDToken              string
	AccessToken          string
	AccessTokenExpiresAt time.Time
	RefreshToken         string
}

TokenResponse contains information about the tokens returned by the Identity Provider.

func (*TokenResponse) ParseIDToken ¶

func (t *TokenResponse) ParseIDToken() (jwt.Token, error)

ParseIDToken parses the ID token string and returns the token and an error if any.

type WellKnownConfig ¶

type WellKnownConfig struct {
	Issuer                   string   `json:"issuer"`
	AuthorizationEndpoint    string   `json:"authorization_endpoint"`
	TokenEndpoint            string   `json:"token_endpoint"`
	JWKSURL                  string   `json:"jwks_uri"`
	ResponseTypesSupported   []string `json:"response_types_supported"`
	SubjectTypesSupported    []string `json:"subject_types_supported"`
	IDTokenSigningAlgorithms []string `json:"id_token_signing_alg_values_supported"`
	TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
	UserInfoEndpoint         string   `json:"userinfo_endpoint"`
	EndSessionEndpoint       string   `json:"end_session_endpoint"`
	RevocationEndpoint       string   `json:"revocation_endpoint"`
	IntrospectionEndpoint    string   `json:"introspection_endpoint"`
	ScopesSupported          []string `json:"scopes_supported"`
	ClaimsSupported          []string `json:"claims_supported"`
	CodeChallengeMethods     []string `json:"code_challenge_methods_supported"`
	TokenRevocationEndpoint  string   `json:"token_revocation_endpoint"`
}

WellKnownConfig represents the OIDC well-known configuration

func GetWellKnownConfig ¶

func GetWellKnownConfig(client *http.Client, url string) (WellKnownConfig, error)

GetWellKnownConfig retrieves the OIDC well-known configuration from the given issuer URL.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL