Documentation
¶
Overview ¶
*
- Authorization request & access token request: authorize.go
- Pushed Authorization request: par.go
- userinfo request: userinfo.go
- introspect request: introspect.go
- refresh_token request: refresh_token.go
*
Index ¶
- func ParsePrivateKey(filename string) (crypto.PrivateKey, error)
- func ValidateConfig(config *OIDCClientConfig) bool
- type JSONAccessTokenResponse
- type JwtProfileClaims
- type OIDCClient
- func (c *OIDCClient) ClientCredentialsFlow() error
- func (c *OIDCClient) EndSession(token, postLogoutRedirectUri string) error
- func (c *OIDCClient) GenerateJwtProfile(endpoint string) (string, error)
- func (c *OIDCClient) GenerateRequestJwt() (string, error)
- func (c *OIDCClient) GetLogger() hclog.Logger
- func (c *OIDCClient) Info()
- func (c *OIDCClient) IntrospectToken(token string) error
- func (c *OIDCClient) OIDCAuthorizationCodeFlow() error
- func (c *OIDCClient) RefreshTokenFlow(refreshToken string, skipIdTokenVerification bool) error
- func (c *OIDCClient) Revoke(token string) error
- func (c *OIDCClient) SetDefaultOutput()
- type OIDCClientConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParsePrivateKey ¶ added in v0.22.0
func ParsePrivateKey(filename string) (crypto.PrivateKey, error)
ParsePrivateKey pase PEM private key file, and returns a crypto.PrivateKey interface.
func ValidateConfig ¶
func ValidateConfig(config *OIDCClientConfig) bool
ValidateConfig validate config
Types ¶
type JSONAccessTokenResponse ¶
type JSONAccessTokenResponse struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` Scope string `json:"scope"` IDToken string `json:"id_token"` TokenType string `json:"token_type"` Nonce string `json:"nonce"` // NOTE: this is reformatted as Human readable time ExpiresInHumanReadable string `json:"expires_in_human_readable"` }
JSONAccessTokenResponse ...
type JwtProfileClaims ¶
type JwtProfileClaims struct { Jti string `json:"jti,omitempty"` // the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3 Audience string `json:"aud,omitempty"` jwt.RegisteredClaims }
type OIDCClient ¶
type OIDCClient struct {
// contains filtered or unexported fields
}
func NewOIDCClient ¶
func NewOIDCClient(c *OIDCClientConfig, privateKey oauthx.OAuthPrivateKey, clientCert tls.Certificate, l hclog.Logger) (_ *OIDCClient, err error)
OIDCClient create a new OIDC Client
func (*OIDCClient) ClientCredentialsFlow ¶ added in v0.22.0
func (c *OIDCClient) ClientCredentialsFlow() error
func (*OIDCClient) EndSession ¶ added in v0.22.0
func (c *OIDCClient) EndSession(token, postLogoutRedirectUri string) error
func (*OIDCClient) GenerateJwtProfile ¶
func (c *OIDCClient) GenerateJwtProfile(endpoint string) (string, error)
func (*OIDCClient) GenerateRequestJwt ¶
func (c *OIDCClient) GenerateRequestJwt() (string, error)
func (*OIDCClient) GetLogger ¶ added in v0.22.0
func (c *OIDCClient) GetLogger() hclog.Logger
func (*OIDCClient) IntrospectToken ¶
func (c *OIDCClient) IntrospectToken(token string) error
IntrospectToken introspect the token
func (*OIDCClient) OIDCAuthorizationCodeFlow ¶
func (c *OIDCClient) OIDCAuthorizationCodeFlow() error
OIDCAuthorizationCodeFlow starts a HTTP server and set handler for performing the Authorization code flow
func (*OIDCClient) RefreshTokenFlow ¶
func (c *OIDCClient) RefreshTokenFlow(refreshToken string, skipIdTokenVerification bool) error
RefreshTokenFlow renew the refresh token
ref: https://github.com/nonbeing/awsconsoleauth/blob/master/http.go#L46
func (*OIDCClient) Revoke ¶ added in v0.22.0
func (c *OIDCClient) Revoke(token string) error
func (*OIDCClient) SetDefaultOutput ¶
func (c *OIDCClient) SetDefaultOutput()
SetDefaultOutput Set default output file name
type OIDCClientConfig ¶
type OIDCClientConfig struct { ClientID string `yaml:"client_id" validate:"required"` ClientSecret string `yaml:"client_secret" ` AuthMethod string `yaml:"auth_method" validate:"required,oneof=none client_secret_basic client_secret_post private_key_jwt tls_client_auth"` ClientIDParamForTokenEndpoint bool `yaml:"always_set_client_id_for_token_endpoint" default:"false"` UsePKCE bool `yaml:"use_pkce"` PKCEChallengeMethod string `yaml:"pkce_challenge_method"` PKCECodeLength int FakePKCEVerifier bool AccessTokenJwt bool `yaml:"access_token_jwt"` RefreshTokenJwt bool `yaml:"refresh_token_jwt"` Scopes []string `yaml:"scopes" validate:"required"` AcrValues string `yaml:"acr_values"` Issuer string `yaml:"issuer" validate:"required"` Claims string `yaml:"oidc_claims_param"` ParseClaims *oauthx.OpenIdRequestedClaimsParam AuthorizationDetailsInput string `yaml:"authorization_details"` AuthorizationDetails oauthx.AuthorizationDetails TokenEndpoint string `yaml:"token_endpoint" ` AuthorizeEndpoint string `yaml:"authorize_endpoint" ` UserinfoEndpoint string `yaml:"userinfo_endpoint" ` JwksEndpoint string `yaml:"jwks_endpoint"` IntrospectEndpoint string `yaml:"introspect_endpoint"` PAREndpoint string `yaml:"par_endpoint"` EndSessionEndpoint string `yaml:"endsession_endpoint"` RevocationEndpoint string `yaml:"revocation_endpoint"` AlternativeWellKnownEndpoint string `yaml:"alternative_wellknown_endpoint"` InsecureWellKnownEndpoint bool `yaml:"insecure_wellknown_endpoint"` UsePAR bool `yaml:"use_par"` PARIntrospectEndpointWellKnownKey string `yaml:"par_endpoint_wellknown_key"` PARAdditionalParameter map[string]string `yaml:"par_additional_parameters"` AuthorizeAdditionalParameter map[string]string `yaml:"authorize_additional_parameters"` TokenSigningAlg []string `yaml:"token_signing_alg" validate:"required"` TokenEncryptionAlg []string `yaml:"token_encryption_alg" validate:"dive,oneof=ECDH-ES RSA-OAEP RSA-OAEP-256 ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW"` AMRWhitelist []string `yaml:"amr_list"` ACRWhitelist []string `yaml:"acr_list"` RedirectUri string `yaml:"override_redirect_uri"` UseRequestParameter bool `yaml:"use_request_parameter" default:"false"` StrictOIDCAndRCF6749Param bool `yaml:"strict_oidc_rcf6749_param" default:"false"` JwtProfileTokenDuration time.Duration `yaml:"jwt_profile_token_duration" default:"5m"` JwtProfileAudiance string `yaml:"jwt_profile_token_audiance" ` JwtProfilePARAudiance string `yaml:"jwt_profile_par_endpoint_audiance" ` JwtProfileTokenAudiance string `yaml:"jwt_profile_token_endpoint_audiance" ` JwtProfileRevocationAudiance string `yaml:"jwt_profile_revocation_endpoint_audiance" ` JwtProfileIntrospectionAudiance string `yaml:"jwt_profile_introspection_endpoint_audiance" ` JwtProfileEndpointAsAudiance bool `yaml:"jwt_profile_endpoint_audiance" default:"false"` JwtRequestTokenDuration time.Duration `yaml:"jwt_request_token_duration" default:"5m"` JwtRequestAudiance string `yaml:"jwt_request_token_audiance" ` JwtRequestAdditionalParameter map[string]interface{} `yaml:"jwt_request_token_additional_parameters"` JwtSigningAlg string `yaml:"jwt_signing_alg" default:"RS256" validate:"required,oneof=ES256 ES384 ES512 RS256 RS384 RS512"` HttpClientConfig *client_http.HttpClientConfig `yaml:"http_client_config" ` // Mock MockState string MockNonce string MockCodeVerifier string // keep server running during authorizaiton code flow // KeepRunning bool // Output OutputEnabled bool OutputDir string AccessTokenRespFile string IDTokenFile string AccessTokenFile string RefreshTokenFile string UserinfoFile string IntrospectFile string // NOTE: default is false SkipTLSVerification bool `yaml:"skip_tls_verification"` // NOTE: default is false SkipUserinfo bool `yaml:"skip_userinfo_call"` // Listen Address ListenAddress string // Listen Port ListenPort int }
func ParseConfig ¶
func ParseConfig(configFile string) (*OIDCClientConfig, error)
ParseConfig Parse config file
func (*OIDCClientConfig) UnmarshalYAML ¶
func (c *OIDCClientConfig) UnmarshalYAML(unmarshal func(interface{}) error) error
Source Files
¶
Click to show internal directories.
Click to hide internal directories.