rs

package

v3.33.1 Latest Latest Go to latest Published: Nov 13, 2024 License: Apache-2.0 Imports: 7 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zitadel/oidc

Links

Open Source Insights

Documentation ¶

Index ¶

func Introspect[R any](ctx context.Context, rp ResourceServer, token string) (resp R, err error)
type Option
- func WithClient(client *http.Client) Option
- func WithStaticEndpoints(tokenURL, introspectURL string) Option
type ResourceServer

Examples ¶

Introspect (Custom)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Introspect ¶

func Introspect[R any](ctx context.Context, rp ResourceServer, token string) (resp R, err error)

Introspect calls the RFC7662 Token Introspection endpoint and returns the response in an instance of type R. *oidc.IntrospectionResponse can be used as a good example, or use a custom type if type-safe access to custom claims is needed.

Example (Custom) ¶

package main

import (
	"context"
	"fmt"

	"github.com/zitadel/oidc/v3/pkg/client/rs"
	"github.com/zitadel/oidc/v3/pkg/oidc"
)

type IntrospectionResponse struct {
	Active     bool                     `json:"active"`
	Scope      oidc.SpaceDelimitedArray `json:"scope,omitempty"`
	ClientID   string                   `json:"client_id,omitempty"`
	TokenType  string                   `json:"token_type,omitempty"`
	Expiration oidc.Time                `json:"exp,omitempty"`
	IssuedAt   oidc.Time                `json:"iat,omitempty"`
	NotBefore  oidc.Time                `json:"nbf,omitempty"`
	Subject    string                   `json:"sub,omitempty"`
	Audience   oidc.Audience            `json:"aud,omitempty"`
	Issuer     string                   `json:"iss,omitempty"`
	JWTID      string                   `json:"jti,omitempty"`
	Username   string                   `json:"username,omitempty"`
	oidc.UserInfoProfile
	oidc.UserInfoEmail
	oidc.UserInfoPhone
	Address *oidc.UserInfoAddress `json:"address,omitempty"`

	// Foo and Bar are custom claims
	Foo string `json:"foo,omitempty"`
	Bar struct {
		Val1 string `json:"val_1,omitempty"`
		Val2 string `json:"val_2,omitempty"`
	} `json:"bar,omitempty"`

	// Claims are all the combined claims, including custom.
	Claims map[string]any `json:"-,omitempty"`
}

func main() {
	rss, err := rs.NewResourceServerClientCredentials(context.TODO(), "http://localhost:8080", "clientid", "clientsecret")
	if err != nil {
		panic(err)
	}

	resp, err := rs.Introspect[*IntrospectionResponse](context.TODO(), rss, "accesstokenstring")
	if err != nil {
		panic(err)
	}

	fmt.Println(resp)
}

Output:

Types ¶

type Option ¶

type Option func(*resourceServer)

func WithClient ¶

func WithClient(client *http.Client) Option

WithClient provides the ability to set an http client to be used for the resource server

func WithStaticEndpoints ¶

func WithStaticEndpoints(tokenURL, introspectURL string) Option

WithStaticEndpoints provides the ability to set static token and introspect URL

type ResourceServer ¶

type ResourceServer interface {
	IntrospectionURL() string
	TokenEndpoint() string
	HttpClient() *http.Client
	AuthFn() (any, error)
}

func NewResourceServerClientCredentials ¶

func NewResourceServerClientCredentials(ctx context.Context, issuer, clientID, clientSecret string, option ...Option) (ResourceServer, error)

func NewResourceServerFromKeyFile ¶

func NewResourceServerFromKeyFile(ctx context.Context, issuer, path string, options ...Option) (ResourceServer, error)

func NewResourceServerJWTProfile ¶

func NewResourceServerJWTProfile(ctx context.Context, issuer, clientID, keyID string, key []byte, options ...Option) (ResourceServer, error)

Source Files ¶

View all Source files

resource_server.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL