Documentation
¶
Overview ¶
*
- Authorization request & access token request: authorize.go
- Pushed Authorization request: par.go
- userinfo request: userinfo.go
- introspect request: introspect.go
- refresh_token request: refresh_token.go
*
Index ¶
- func ParsePrivateKey(filename string) (crypto.PrivateKey, error)
- func ValidateConfig(config *OIDCClientConfig) bool
- type JSONAccessTokenResponse
- type JwtProfileClaims
- type OIDCClient
- func (c *OIDCClient) ClientCredentialsFlow() error
- func (c *OIDCClient) EndSession(token, postLogoutRedirectUri string) error
- func (c *OIDCClient) GenerateJwtProfile(endpoint string) (string, error)
- func (c *OIDCClient) GenerateRequestJwt() (string, error)
- func (c *OIDCClient) GetLogger() hclog.Logger
- func (c *OIDCClient) Info()
- func (c *OIDCClient) IntrospectToken(token string) error
- func (c *OIDCClient) OIDCAuthorizationCodeFlow() error
- func (c *OIDCClient) RefreshTokenFlow(refreshToken string, skipIdTokenVerification bool) error
- func (c *OIDCClient) Revoke(token string) error
- func (c *OIDCClient) SetDefaultOutput()
- type OIDCClientConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParsePrivateKey ¶ added in v0.22.0
func ParsePrivateKey(filename string) (crypto.PrivateKey, error)
ParsePrivateKey pase PEM private key file, and returns a crypto.PrivateKey interface.
func ValidateConfig ¶
func ValidateConfig(config *OIDCClientConfig) bool
ValidateConfig validate config
Types ¶
type JSONAccessTokenResponse ¶
type JSONAccessTokenResponse struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
Scope string `json:"scope"`
IDToken string `json:"id_token"`
TokenType string `json:"token_type"`
Nonce string `json:"nonce"`
// NOTE: this is reformatted as Human readable time
ExpiresInHumanReadable string `json:"expires_in_human_readable"`
}
JSONAccessTokenResponse ...
type JwtProfileClaims ¶
type JwtProfileClaims struct {
Jti string `json:"jti,omitempty"`
// the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
Audience string `json:"aud,omitempty"`
jwt.RegisteredClaims
}
type OIDCClient ¶
type OIDCClient struct {
// contains filtered or unexported fields
}
func NewOIDCClient ¶
func NewOIDCClient(c *OIDCClientConfig, privateKey oauthx.OAuthPrivateKey, clientCert tls.Certificate, l hclog.Logger) (_ *OIDCClient, err error)
OIDCClient create a new OIDC Client
func (*OIDCClient) ClientCredentialsFlow ¶ added in v0.22.0
func (c *OIDCClient) ClientCredentialsFlow() error
func (*OIDCClient) EndSession ¶ added in v0.22.0
func (c *OIDCClient) EndSession(token, postLogoutRedirectUri string) error
func (*OIDCClient) GenerateJwtProfile ¶
func (c *OIDCClient) GenerateJwtProfile(endpoint string) (string, error)
func (*OIDCClient) GenerateRequestJwt ¶
func (c *OIDCClient) GenerateRequestJwt() (string, error)
func (*OIDCClient) GetLogger ¶ added in v0.22.0
func (c *OIDCClient) GetLogger() hclog.Logger
func (*OIDCClient) IntrospectToken ¶
func (c *OIDCClient) IntrospectToken(token string) error
IntrospectToken introspect the token
func (*OIDCClient) OIDCAuthorizationCodeFlow ¶
func (c *OIDCClient) OIDCAuthorizationCodeFlow() error
OIDCAuthorizationCodeFlow starts a HTTP server and set handler for performing the Authorization code flow
func (*OIDCClient) RefreshTokenFlow ¶
func (c *OIDCClient) RefreshTokenFlow(refreshToken string, skipIdTokenVerification bool) error
RefreshTokenFlow renew the refresh token
ref: https://github.com/nonbeing/awsconsoleauth/blob/master/http.go#L46
func (*OIDCClient) Revoke ¶ added in v0.22.0
func (c *OIDCClient) Revoke(token string) error
func (*OIDCClient) SetDefaultOutput ¶
func (c *OIDCClient) SetDefaultOutput()
SetDefaultOutput Set default output file name
type OIDCClientConfig ¶
type OIDCClientConfig struct {
ClientID string `yaml:"client_id" validate:"required"`
ClientSecret string `yaml:"client_secret" `
AuthMethod string `yaml:"auth_method" validate:"required,oneof=none client_secret_basic client_secret_post private_key_jwt tls_client_auth"`
ClientIDParamForTokenEndpoint bool `yaml:"always_set_client_id_for_token_endpoint" default:"false"`
UsePKCE bool `yaml:"use_pkce"`
PKCEChallengeMethod string `yaml:"pkce_challenge_method"`
PKCECodeLength int
FakePKCEVerifier bool
AccessTokenJwt bool `yaml:"access_token_jwt"`
RefreshTokenJwt bool `yaml:"refresh_token_jwt"`
Scopes []string `yaml:"scopes" validate:"required"`
AcrValues string `yaml:"acr_values"`
Issuer string `yaml:"issuer" validate:"required"`
Claims string `yaml:"oidc_claims_param"`
ParseClaims *oauthx.OpenIdRequestedClaimsParam
AuthorizationDetailsInput string `yaml:"authorization_details"`
AuthorizationDetails oauthx.AuthorizationDetails
TokenEndpoint string `yaml:"token_endpoint" `
AuthorizeEndpoint string `yaml:"authorize_endpoint" `
UserinfoEndpoint string `yaml:"userinfo_endpoint" `
JwksEndpoint string `yaml:"jwks_endpoint"`
IntrospectEndpoint string `yaml:"introspect_endpoint"`
PAREndpoint string `yaml:"par_endpoint"`
EndSessionEndpoint string `yaml:"endsession_endpoint"`
RevocationEndpoint string `yaml:"revocation_endpoint"`
AlternativeWellKnownEndpoint string `yaml:"alternative_wellknown_endpoint"`
InsecureWellKnownEndpoint bool `yaml:"insecure_wellknown_endpoint"`
UsePAR bool `yaml:"use_par"`
PARIntrospectEndpointWellKnownKey string `yaml:"par_endpoint_wellknown_key"`
PARAdditionalParameter map[string]string `yaml:"par_additional_parameters"`
AuthorizeAdditionalParameter map[string]string `yaml:"authorize_additional_parameters"`
TokenSigningAlg []string `yaml:"token_signing_alg" validate:"required"`
TokenEncryptionAlg []string `yaml:"token_encryption_alg" validate:"dive,oneof=ECDH-ES RSA-OAEP RSA-OAEP-256 ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW"`
AMRWhitelist []string `yaml:"amr_list"`
ACRWhitelist []string `yaml:"acr_list"`
RedirectUri string `yaml:"override_redirect_uri"`
UseRequestParameter bool `yaml:"use_request_parameter" default:"false"`
StrictOIDCAndRCF6749Param bool `yaml:"strict_oidc_rcf6749_param" default:"false"`
JwtProfileTokenDuration time.Duration `yaml:"jwt_profile_token_duration" default:"5m"`
JwtProfileAudiance string `yaml:"jwt_profile_token_audiance" `
JwtProfilePARAudiance string `yaml:"jwt_profile_par_endpoint_audiance" `
JwtProfileTokenAudiance string `yaml:"jwt_profile_token_endpoint_audiance" `
JwtProfileRevocationAudiance string `yaml:"jwt_profile_revocation_endpoint_audiance" `
JwtProfileIntrospectionAudiance string `yaml:"jwt_profile_introspection_endpoint_audiance" `
JwtProfileEndpointAsAudiance bool `yaml:"jwt_profile_endpoint_audiance" default:"false"`
JwtRequestTokenDuration time.Duration `yaml:"jwt_request_token_duration" default:"5m"`
JwtRequestAudiance string `yaml:"jwt_request_token_audiance" `
JwtRequestAdditionalParameter map[string]interface{} `yaml:"jwt_request_token_additional_parameters"`
JwtSigningAlg string `yaml:"jwt_signing_alg" default:"RS256" validate:"required,oneof=ES256 ES384 ES512 RS256 RS384 RS512"`
HttpClientConfig *client_http.HttpClientConfig `yaml:"http_client_config" `
// Mock
MockState string
MockNonce string
MockCodeVerifier string
// keep server running during authorizaiton code flow
//
KeepRunning bool
// Output
OutputEnabled bool
OutputDir string
AccessTokenRespFile string
IDTokenFile string
AccessTokenFile string
RefreshTokenFile string
UserinfoFile string
IntrospectFile string
// NOTE: default is false
SkipTLSVerification bool `yaml:"skip_tls_verification"`
// NOTE: default is false
SkipUserinfo bool `yaml:"skip_userinfo_call"`
// Listen Address
ListenAddress string
// Listen Port
ListenPort int
}
func ParseConfig ¶
func ParseConfig(configFile string) (*OIDCClientConfig, error)
ParseConfig Parse config file
func (*OIDCClientConfig) UnmarshalYAML ¶
func (c *OIDCClientConfig) UnmarshalYAML(unmarshal func(interface{}) error) error
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.