oidcclient

package
v0.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 25, 2025 License: MIT Imports: 29 Imported by: 0

Documentation

Overview

*

  • Authorization request & access token request: authorize.go
  • Pushed Authorization request: par.go
  • userinfo request: userinfo.go
  • introspect request: introspect.go
  • refresh_token request: refresh_token.go

*

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParsePrivateKey added in v0.22.0

func ParsePrivateKey(filename string) (crypto.PrivateKey, error)

ParsePrivateKey pase PEM private key file, and returns a crypto.PrivateKey interface.

func ValidateConfig

func ValidateConfig(config *OIDCClientConfig) bool

ValidateConfig validate config

Types

type JSONAccessTokenResponse

type JSONAccessTokenResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	Scope        string `json:"scope"`
	IDToken      string `json:"id_token"`
	TokenType    string `json:"token_type"`
	Nonce        string `json:"nonce"`
	// NOTE: this is reformatted as Human readable time
	ExpiresInHumanReadable string `json:"expires_in_human_readable"`
}

JSONAccessTokenResponse ...

type JwtProfileClaims

type JwtProfileClaims struct {
	Jti string `json:"jti,omitempty"`
	// the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
	Audience string `json:"aud,omitempty"`
	jwt.RegisteredClaims
}

type OIDCClient

type OIDCClient struct {
	// contains filtered or unexported fields
}

func NewOIDCClient

func NewOIDCClient(c *OIDCClientConfig, privateKey oauthx.OAuthPrivateKey, clientCert tls.Certificate, l hclog.Logger) (_ *OIDCClient, err error)

OIDCClient create a new OIDC Client

func (*OIDCClient) ClientCredentialsFlow added in v0.22.0

func (c *OIDCClient) ClientCredentialsFlow() error

func (*OIDCClient) EndSession added in v0.22.0

func (c *OIDCClient) EndSession(token, postLogoutRedirectUri string) error

func (*OIDCClient) GenerateJwtProfile

func (c *OIDCClient) GenerateJwtProfile(endpoint string) (string, error)

https://www.rfc-editor.org/rfc/rfc7523.html

func (*OIDCClient) GenerateRequestJwt

func (c *OIDCClient) GenerateRequestJwt() (string, error)

func (*OIDCClient) GetLogger added in v0.22.0

func (c *OIDCClient) GetLogger() hclog.Logger

func (*OIDCClient) Info

func (c *OIDCClient) Info()

Info Display info about current config

func (*OIDCClient) IntrospectToken

func (c *OIDCClient) IntrospectToken(token string) error

IntrospectToken introspect the token

func (*OIDCClient) OIDCAuthorizationCodeFlow

func (c *OIDCClient) OIDCAuthorizationCodeFlow() error

OIDCAuthorizationCodeFlow starts a HTTP server and set handler for performing the Authorization code flow

func (*OIDCClient) RefreshTokenFlow

func (c *OIDCClient) RefreshTokenFlow(refreshToken string, skipIdTokenVerification bool) error

RefreshTokenFlow renew the refresh token

ref: https://github.com/nonbeing/awsconsoleauth/blob/master/http.go#L46

func (*OIDCClient) Revoke added in v0.22.0

func (c *OIDCClient) Revoke(token string) error

func (*OIDCClient) SetDefaultOutput

func (c *OIDCClient) SetDefaultOutput()

SetDefaultOutput Set default output file name

type OIDCClientConfig

type OIDCClientConfig struct {
	ClientID     string `yaml:"client_id"  validate:"required"`
	ClientSecret string `yaml:"client_secret" `
	AuthMethod   string `yaml:"auth_method"  validate:"required,oneof=none client_secret_basic client_secret_post private_key_jwt tls_client_auth"`

	ClientIDParamForTokenEndpoint bool `yaml:"always_set_client_id_for_token_endpoint" default:"false"`

	UsePKCE             bool   `yaml:"use_pkce"`
	PKCEChallengeMethod string `yaml:"pkce_challenge_method"`
	PKCECodeLength      int
	FakePKCEVerifier    bool

	AccessTokenJwt  bool `yaml:"access_token_jwt"`
	RefreshTokenJwt bool `yaml:"refresh_token_jwt"`

	Scopes []string `yaml:"scopes"  validate:"required"`

	AcrValues string `yaml:"acr_values"`

	Issuer string `yaml:"issuer"  validate:"required"`

	Claims      string `yaml:"oidc_claims_param"`
	ParseClaims *oauthx.OpenIdRequestedClaimsParam

	AuthorizationDetailsInput string `yaml:"authorization_details"`
	AuthorizationDetails      oauthx.AuthorizationDetails

	TokenEndpoint                string `yaml:"token_endpoint"  `
	AuthorizeEndpoint            string `yaml:"authorize_endpoint"  `
	UserinfoEndpoint             string `yaml:"userinfo_endpoint"  `
	JwksEndpoint                 string `yaml:"jwks_endpoint"`
	IntrospectEndpoint           string `yaml:"introspect_endpoint"`
	PAREndpoint                  string `yaml:"par_endpoint"`
	EndSessionEndpoint           string `yaml:"endsession_endpoint"`
	RevocationEndpoint           string `yaml:"revocation_endpoint"`
	AlternativeWellKnownEndpoint string `yaml:"alternative_wellknown_endpoint"`
	InsecureWellKnownEndpoint    bool   `yaml:"insecure_wellknown_endpoint"`

	UsePAR                            bool              `yaml:"use_par"`
	PARIntrospectEndpointWellKnownKey string            `yaml:"par_endpoint_wellknown_key"`
	PARAdditionalParameter            map[string]string `yaml:"par_additional_parameters"`
	AuthorizeAdditionalParameter      map[string]string `yaml:"authorize_additional_parameters"`

	TokenSigningAlg    []string `yaml:"token_signing_alg" validate:"required"`
	TokenEncryptionAlg []string `yaml:"token_encryption_alg" validate:"dive,oneof=ECDH-ES RSA-OAEP RSA-OAEP-256 ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW"`

	AMRWhitelist []string `yaml:"amr_list"`
	ACRWhitelist []string `yaml:"acr_list"`

	RedirectUri string `yaml:"override_redirect_uri"`

	UseRequestParameter             bool                   `yaml:"use_request_parameter" default:"false"`
	StrictOIDCAndRCF6749Param       bool                   `yaml:"strict_oidc_rcf6749_param" default:"false"`
	JwtProfileTokenDuration         time.Duration          `yaml:"jwt_profile_token_duration" default:"5m"`
	JwtProfileAudiance              string                 `yaml:"jwt_profile_token_audiance" `
	JwtProfilePARAudiance           string                 `yaml:"jwt_profile_par_endpoint_audiance" `
	JwtProfileTokenAudiance         string                 `yaml:"jwt_profile_token_endpoint_audiance" `
	JwtProfileRevocationAudiance    string                 `yaml:"jwt_profile_revocation_endpoint_audiance" `
	JwtProfileIntrospectionAudiance string                 `yaml:"jwt_profile_introspection_endpoint_audiance" `
	JwtProfileEndpointAsAudiance    bool                   `yaml:"jwt_profile_endpoint_audiance" default:"false"`
	JwtRequestTokenDuration         time.Duration          `yaml:"jwt_request_token_duration" default:"5m"`
	JwtRequestAudiance              string                 `yaml:"jwt_request_token_audiance" `
	JwtRequestAdditionalParameter   map[string]interface{} `yaml:"jwt_request_token_additional_parameters"`
	JwtSigningAlg                   string                 `yaml:"jwt_signing_alg" default:"RS256" validate:"required,oneof=ES256 ES384 ES512 RS256 RS384 RS512"`

	HttpClientConfig *client_http.HttpClientConfig `yaml:"http_client_config"  `
	// Mock
	MockState        string
	MockNonce        string
	MockCodeVerifier string

	// keep server running during authorizaiton code flow
	//
	KeepRunning bool

	// Output
	OutputEnabled       bool
	OutputDir           string
	AccessTokenRespFile string
	IDTokenFile         string
	AccessTokenFile     string
	RefreshTokenFile    string
	UserinfoFile        string
	IntrospectFile      string

	// NOTE: default is false
	SkipTLSVerification bool `yaml:"skip_tls_verification"`

	// NOTE: default is false
	SkipUserinfo bool `yaml:"skip_userinfo_call"`

	// Listen Address
	ListenAddress string
	// Listen Port
	ListenPort int
}

func ParseConfig

func ParseConfig(configFile string) (*OIDCClientConfig, error)

ParseConfig Parse config file

func (*OIDCClientConfig) UnmarshalYAML

func (c *OIDCClientConfig) UnmarshalYAML(unmarshal func(interface{}) error) error

Directories

Path Synopsis
jwt

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL